More Related Content
Similar to Chapter 5 (20)
More from Nada G.Youssef (20)
Chapter 5
- 1. E-commerce 2013
Kenneth C. Laudon
Carol Guercio Traver
business. technology. society.
ninth edition
Copyright © 2013 Pearson Education, Inc.
- 3. Class Discussion
Cyberwar: MAD 2.0
â What is the difference between hacking and
cyberwar?
â Why has cyberwar become more potentially
devastating in the past decade?
â Why has Google been the target of so many
cyberattacks?
â Is it possible to find a political solution to
MAD 2.0?
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 4. The E-commerce Security
Environment
â Overall size and losses of cybercrime
unclear
âReporting issues
â 2011 CSI survey: 46% of respondent
firms detected breach in last year
â Underground economy marketplace:
âStolen information stored on underground
economy servers
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 5. What Is Good E-commerce Security?
â To achieve highest degree of security
âNew technologies
âOrganizational policies and procedures
âIndustry standards and government laws
â Other factors
âTime value of money
âCost of security vs. potential loss
âSecurity often breaks at weakest link
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 8. The Tension Between Security and
Other Values
â Ease of use
âThe more security measures added, the more
difficult a site is to use, and the slower it
becomes
â Public safety and criminal uses of the
Internet
âUse of technology by criminals to plan crimes or
threaten nation-state
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 9. Security Threats in the
E-commerce Environment
â Three key points of vulnerability in
e-commerce environment:
1. Client
2. Server
3. Communications pipeline (Internet
communications channels)
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 10. A Typical E-commerce Transaction
Figure 5.2, Page 269
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 11. Vulnerable Points in an E-commerce
Transaction
Figure 5.3, Page 270
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 12. Most Common Security Threats in the
E-commerce Environment
â Malicious code
âViruses
âWorms
âTrojan horses
âDrive-by downloads
âBackdoors
âBots, botnets
âThreats at both client and server levels
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 13. Most Common Security Threats (cont.)
â Potentially unwanted programs (PUPs)
âBrowser parasites
âAdware
âSpyware
â Phishing
âE-mail scams
âSocial engineering
âIdentity theft
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 14. Most Common Security Threats (cont.)
â Hacking
âHackers vs. crackers
âTypes of hackers: White, black, grey hats
âHacktivism
â Cybervandalism:
âDisrupting, defacing, destroying Web site
â Data breach
âLosing control over corporate information to
outsiders
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 15. Most Common Security Threats (cont.)
â Credit card fraud/theft
â Hackers target merchant servers; use data to establish
credit under false identity
â Spoofing (Pharming)
â Spam (junk) Web sites
â Denial of service (DoS) attack
â Hackers flood site with useless traffic to overwhelm
network
â Distributed denial of service (DDoS) attack
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 16. Insight on Business: Class Discussion
Sony: Press the Reset Button
â What organization and technical failures
led to the April 2011 data breach on the
PlayStation Network?
â Can Sony be criticized for waiting 3 days
to inform the FBI?
â Have you or anyone you know
experienced data theft?
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 17. Most Common Security Threats (cont.)
â Sniffing
â Eavesdropping program that monitors information
traveling over a network
â Insider attacks
â Poorly designed server and client software
â Social network security issues
â Mobile platform security issues
â Same risks as any Internet device
â Cloud security issues
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 18. Insight on Technology: Class Discussion
Think Your Smartphone Is Secure?
â What types of threats do smartphones face?
â Are there any particular vulnerabilities to this
type of device?
â What did Nicolas Seriotâs âSpyphoneâ prove?
â Are apps more or less likely to be subject to
threats than traditional PC software
programs?
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 19. Technology Solutions
â Protecting Internet communications
âEncryption
â Securing channels of communication
âSSL, VPNs
â Protecting networks
âFirewalls
â Protecting servers and clients
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 20. Tools Available to Achieve Site Security
Figure 5.5, Page 288
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 21. Encryption
â Encryption
â Transforms data into cipher text readable only by
sender and receiver
â Secures stored information and information
transmission
â Provides 4 of 6 key dimensions of e-commerce security:
â Message integrity
â Nonrepudiation
â Authentication
â Confidentiality
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 22. Symmetric Key Encryption
â Sender and receiver use same digital key to encrypt
and decrypt message
â Requires different set of keys for each transaction
â Strength of encryption
â Length of binary key used to encrypt data
â Advanced Encryption Standard (AES)
â Most widely used symmetric key encryption
â Uses 128-, 192-, and 256-bit encryption keys
â Other standards use keys with up to 2,048 bits
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 23. Public Key Encryption
â Uses two mathematically related digital keys
â Public key (widely disseminated)
â Private key (kept secret by owner)
â Both keys used to encrypt and decrypt message
â Once key used to encrypt message, same key
cannot be used to decrypt message
â Sender uses recipientâs public key to encrypt
message; recipient uses private key to decrypt it
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 25. Public Key Encryption using Digital
Signatures and Hash Digests
â Hash function:
â Mathematical algorithm that produces fixed-length number called
message or hash digest
â Hash digest of message sent to recipient along with
message to verify integrity
â Hash digest and message encrypted with recipientâs
public key
â Entire cipher text then encrypted with recipientâs
private keyâcreating digital signatureâfor
authenticity, nonrepudiation
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 26. Public Key Cryptography with Digital
Signatures
Figure 5.7, Page 293
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 27. Digital Envelopes
â Address weaknesses of:
â Public key encryption
â Computationally slow, decreased transmission speed, increased
processing time
â Symmetric key encryption
â Insecure transmission lines
â Uses symmetric key encryption to encrypt
document
â Uses public key encryption to encrypt and
send symmetric key
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 28. Creating a Digital Envelope
Figure 5.8, Page 294
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 29. Digital Certificates and
Public Key Infrastructure (PKI)
â Digital certificate includes:
â Name of subject/company
â Subjectâs public key
â Digital certificate serial number
â Expiration date, issuance date
â Digital signature of CA
â Public Key Infrastructure (PKI):
â CAs and digital certificate procedures
â PGP
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 30. Digital Certificates and Certification
Authorities
Figure 5.9, Page 295
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 31. Limits to Encryption Solutions
â Doesnât protect storage of private key
âPKI not effective against insiders, employees
âProtection of private keys by individuals may be
haphazard
â No guarantee that verifying computer of
merchant is secure
â CAs are unregulated, self-selecting
organizations
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 32. Insight on Society: Class Discussion
Web Dogs and Anonymity: Identity 2.0
â What are some of the benefits of continuing
the anonymity of the Internet?
â What are the disadvantages of an identity
system?
â Are there advantages to an identity system
beyond security?
â Who should control a central identity
system?
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 33. Securing Channels of Communication
â Secure Sockets Layer (SSL) and
Transport Layer Security (TLS)
âEstablishes a secure, negotiated client-server
session in which URL of requested document,
along with contents, is encrypted
â Virtual Private Network (VPN):
âAllows remote users to securely access internal
network via the Internet
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 35. Protecting Networks
â Firewall
âHardware or software
âUses security policy to filter packets
âTwo main methods:
â Packet filters
â Application gateways
â Proxy servers (proxies)
âSoftware servers that handle all
communications originating from or being sent
to the Internet
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 36. Firewalls and Proxy Servers
Figure 5.11, Page 303
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 37. Protecting Servers and Clients
â Operating system security
enhancements
âUpgrades, patches
â Anti-virus software:
âEasiest and least expensive way to prevent
threats to system integrity
âRequires daily updates
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 38. Management Policies, Business
Procedures, and Public Laws
â Worldwide, companies spend $60
billion on security hardware, software,
services
â Managing risk includes
âTechnology
âEffective management policies
âPublic laws and active enforcement
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 39. A Security Plan: Management Policies
â Risk assessment
â Security policy
â Implementation plan
â Security organization
â Access controls
â Authentication procedures, including biometrics
â Authorization policies, authorization management
systems
â Security audit
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 41. The Role of Laws and Public Policy
â Laws that give authorities tools for identifying,
tracing, prosecuting cybercriminals:
â National Information Infrastructure Protection Act of 1996
â USA Patriot Act
â Homeland Security Act
â Private and private-public cooperation
â CERT Coordination Center
â US-CERT
â Government policies and controls on encryption
software
â OECD, G7/G8, Council of Europe, Wassener Arrangement
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 42. Types of Payment Systems
â Cash
â Most common form of payment
â Instantly convertible into other forms of value
â No float
â Checking transfer
â Second most common payment form in United States
â Credit card
â Credit card associations
â Issuing banks
â Processing centers
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 43. Types of Payment Systems (cont.)
â Stored value
âFunds deposited into account, from which funds
are paid out or withdrawn as needed
âDebit cards, gift certificates
âPeer-to-peer payment systems
â Accumulating balance
âAccounts that accumulate expenditures and to
which consumers make period payments
âUtility, phone, American Express accounts
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 44. Payment System Stakeholders
â Consumers
â Low-risk, low-cost, refutable, convenience, reliability
â Merchants
â Low-risk, low-cost, irrefutable, secure, reliable
â Financial intermediaries
â Secure, low-risk, maximizing profit
â Government regulators
â Security, trust, protecting participants and enforcing
reporting
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 45. E-commerce Payment Systems
â Credit cards
â44% of online payments in 2012 (U.S.)
â Debit cards
â28% online payments in 2012 (U.S.)
â Limitations of online credit card
payment
âSecurity, merchant risk
âCost
âSocial equity
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 46. How an Online Credit Transaction Works
Figure 5.14, Page 315
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 47. Alternative Online Payment Systems
â Online stored value systems:
âBased on value stored in a consumerâs bank,
checking, or credit card account
âe.g., PayPal
â Other alternatives:
âAmazon Payments
âGoogle Checkout
âBill Me Later
âWUPay, Dwolla, Stripe
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 48. Mobile Payment Systems
â Use of mobile phones as payment devices
established in Europe, Japan, South Korea
â Near field communication (NFC)
â Short-range (2â) wireless for sharing data between
devices
â Expanding in United States
â Google Wallet
â Mobile app designed to work with NFC chips
â PayPal
â Square
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 49. Digital Cash and Virtual Currencies
â Digital cash
âBased on algorithm that generates unique
tokens that can be used in ârealâ world
âe.g., Bitcoin
â Virtual currencies
âCirculate within internal virtual world
âe.g., Linden Dollars in Second Life, Facebook
Credits
Copyright © 2013 Pearson Education, Inc. Slide 5-*
- 50. Electronic Billing Presentment and
Payment (EBPP)
â Online payment systems for monthly bills
â 50% of all bill payments
â Two competing EBPP business models:
â Biller-direct (dominant model)
â Consolidator
â Both models are supported by EBPP
infrastructure providers
Copyright © 2013 Pearson Education, Inc. Slide 5-*