置印验固盒画增铺息还金副恩配 Chapter 5 E-commerce Security and Payment Systems Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 5 E-commerce Security and Payment Systems Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Class discussion Cyberwar: MAD 2.0 What is the difference between hacking and cyberwar? Why has cyberwar become more potentially devastating in the past decade? Why has google been the target of so many cyberattacks? a Is it possible to find a political solution to MAD 2.0? Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-3
Class Discussion Cyberwar: MAD 2.0 ◼ What is the difference between hacking and cyberwar? ◼ Why has cyberwar become more potentially devastating in the past decade? ◼ Why has Google been the target of so many cyberattacks? ◼ Is it possible to find a political solution to MAD 2.0? Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-3
The E-commerce Security Environment Data Technology Solutions Organizational policies and Procedures Laws and Industr Standards Figure 5.1, page 252 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-4
The E-commerce Security Environment Figure 5.1, Page 252 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-4
Dimensions of e-commerce security a Integrity ensures that info sent and received has not been altered by unauthorized party a Nonrepudiation ability to ensure that participants do not deny (repudiate their online actions a authenticity ability to identify the person' s identity with whom you are dealing with over the internet a Confidentiality authorized to be seen by those who should view it a Privacy ability to control who sees your info Availability e-commerce site functions as intended Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-5
Dimensions of E-commerce Security ◼ Integrity ensures that info sent and received has not been altered by unauthorized party ◼ Nonrepudiation ability to ensure that participants do not deny (repudiate) their online actions ◼ Authenticity ability to identify the person’s identity with whom you are dealing with over the internet ◼ Confidentiality authorized to be seen by those who should view it ◼ Privacy ability to control who sees your info ◼ Availability e-commerce site functions as intended Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-5
TABLE 5.3 CUSTOMER AND MERCHANT PERSPECTIVES ON THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY CUSTOMER' S MERCHANT S DIMENSION PERSPECTIVE PERSPECTIVE Integrity Has intormation I transmitted or Has data on the site been altered received been altered? without authorization? Is data being received from customers valid Nonrepudiation Can a party to an action with me Can a customer deny ordering later deny taking the action? products? Authenticity Who am I dealing with? How can I be What is the real identity of the assured that the person or entity is customer? who they claim to be? Confidentiality Can someone other than the Are messages or confidential data intended recipient read accessible to anyone other than messages those authorized to view them? Privacy Can I control the use of intormation What use, if any, can be made of about myself transmitted to an personal data collected as part of an e-commerce merchant? e-commerce transaction? Is the personal information of customers being used in an unauthorized manner? Availability Can i get access to the site? Is the site operational? Table 5.3, Page 254 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-6
Table 5.3, Page 254 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-6
The Tension Between Security and other values ■ Ease of use The more security measures added, the more difficult a site is to use, and the slower it becomes Security costs money and too much of it can reduce profitability a Public safety and criminal uses of the Internet 6 Use of technology by criminals to plan crimes or threaten nation -state Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-7
The Tension Between Security and Other Values ◼ Ease of use ❖The more security measures added, the more difficult a site is to use, and the slower it becomes ❖Security costs money and too much of it can reduce profitability ◼ Public safety and criminal uses of the Internet ❖Use of technology by criminals to plan crimes or threaten nation-state Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-7
Security Threats in E-commerce Environment Three key points of vulnerability in e-commerce environmenta 1. Client 2. Server 3. Communications pipeline ( nternet communications channels) Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-8
Security Threats in E-commerce Environment ◼Three key points of vulnerability in e-commerce environment: 1. Client 2. Server 3. Communications pipeline (Internet communications channels) Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-8
A Typical E-commerce Transaction Customer Merchant credit card bank 血,,→·血 bank Intemet service provider Warehouse Online store Merchant Web servers Database serve Merchant Web site Shipping Online consumer Figure 5.2, page 256 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-9
A Typical E-commerce Transaction Figure 5.2, Page 256 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-9
Vulnerable points in an E-commerce Transaction Security breach Customer credit card 变 Merchant DOS attack Card theft Internet service provider Hacked SQL injection Customer list hack Online store Database server erchant Web servers Merchant Web site AWi-Fi listening wire tap Web beacons Online consumer Figure 5.3, Page 257 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-10
Vulnerable Points in an E-commerce Transaction Figure 5.3, Page 257 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-10
Most Common Security Threats in the E-commerce Environment Malicious code(malware, exploits) g drive-by downloads malware that comes with a downloaded file the user intentionally or unintentionallyrequest ☆ Viruses Worms spread from computer to comp without human intervention Ransomware(scareware]used to solicit money from users by locking up your browser or files and displaying fake notices from fbi or irs etc oo Trojan horses appear benign but is a way to introduce viruses into a computer system Threats at both client and server levels Slide 5-11
Most Common Security Threats in the E-commerce Environment ◼ Malicious code (malware, exploits) ❖ Drive-by downloads malware that comes with a downloaded file the user intentionally or unintentionally request ❖ Viruses ❖ Worms spread from computer to comp without human intervention ❖ Ransomware (scareware) used to solicit money from users by locking up your browser or files and displaying fake notices from FBI or IRS etc ❖ Trojan horses appear benign but is a way to introduce viruses into a computer system ❖ Threats at both client and server levels Slide 5-11