SlideShare a Scribd company logo

Module 10 e security-en

I
Institute of Entrepreneurship Development

This document provides information about an e-learning module on e-commerce security. It discusses practical information about the training, including that participants can complete modules individually or in order, and should spend around 45-90 minutes per module. It encourages active participation. The module contents are then outlined and include definitions of e-commerce security, security threats and types of fraud, security requirements, electronic payment systems, developing a security plan, designing security, ways to protect yourself, and technology solutions. Learning objectives are listed at the end.

Technology
1 of 41
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
MODULE 10 e-Commerce Security E-learning course on e- commerce business in rural sector 2016-1-ES01-KA202-025335 TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-025335
Practical information about training You can follow the training modules one by one or choose the module you are most interested in. You should spend about 45-90 minutes for each training module. But remember that at any time you can interrupt the training and return to the place where it previously left off. To help you better organize the time that you spend on the implementation, information about where you are will be constantly visible on the screen. You are encourage to actively participate in the training.You can do this by clicking “Next”, which is located in the lower right corner of the screen. At the end of the module you can find a final test for checking the knowledge you acquired during each module. TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-0253352 You should spend about 60minutes for the implementation of this training module. But remember that at any time you can interrupt the training and return to the place where it previously left off. To help you better organize the time that you spend on the implementation, information about where you are will be constantly visible on the screen. We encourage you to actively participate in the training.You can do this by clicking “Next”, which is located in the lower right corner of the screen. At the end of the module you can find a final test for checking the knowledge you acquired during this module.
Contents 1.The E-commerce Security definition and Environment and Dimensions 2.What you need to know for information Security 3.Security threats in E-commerce Threat definition Key points of vulnerability Most common security threats in the e-commerce environment Types of Frauds in e-commerce Marketplace 4.E-commerce Security Requirement Server Security Message Privacy Message integrity Authentication Authorization Payment and settlement 5.Electronic payment systems 6.Developing an E-commerce Security Plan 7.Designing Security 8.Ways to protect yourself 9.Technology solutions protecting you from security threats that you must see with your programmer E-commerce security tools Protecting Internet communications Securing channels of communication Protecting Networks Protecting servers and clients
Learning objectives At the end of module 10 you will be able to: Understand the fundamental aspects of e-commerce security Recognise security threats in e-commerce Define e-commerce security requirement Design security plan for your e-commerce business
1.The E-commerce Security definition E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.
1. Dimensions of E-commerce Security Authenticity Integrity Non-repudiation Ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been Altered in any way by an unauthorized part. Ability to ensure that e-commerce participants do not deny (repudiate) online actions. Ability to identify the identity of a person or entity with whom you are dealing on the Internet.
1. Dimensions of E-commerce Security (cont.) Availability Confidentiality Privacy Ability to ensure that messages and data are available only to those authorized to view them.. Ability to control the use of information a customer providers about himself or herself to merchant. Ability to ensure that e-commerce site continues to function as intended.
2. What you need to know for information Security UsefulTips for Information security: https://www.youtube.com/watch?v=eUxUUarTRW4
3. Security threats in E-commerce Threat definition A threat is an object, person, or other entity that represents a constant danger to an asset. Management must be informed of the various kinds of threats facing the organization. By examining each threat category, management effectively protects information through policy, education, training an technology.
3. Security threats in E-commerce key points of vulnerability Client Server Communications Channel Server Communications Channel Client
3. Security threats in E-commerce Source:
3. Security threats in E-commerce
3. Security threats in E-commerce Most common security threats in the e- commerce environment Malicious code Hacking and cyber vandalism Spoofing and Spam Denial of service attacks (DoS and DDoS) Phishing Insider Jobs Credit card fraud/theft
3. Security threats in E-commerce Viruses • Replicate and spread to other files • Macro viruses, file-infecting viruses, script viruses Worms • Designed to spread from computer to computer • Can replicate without being executed by a user or program like virus Trojan horse • Appears benign, but does something other than expected Bots • Covertly installed on computer. Respond to external commands sent by attacker to create a network of compromised computers for sending spam, generating a DoSattact, and stealing info from computers Most common security threats in the e-commerce environment Malicious code
3. Security threats in E-commerce Hacking • Hackers: Individual who intends to gain unauthorized access to computer systems • Crackers: Hacker with criminal intent • Types of hackers: White hats- hired by corporate to find weaknesses to firm’s computer system Black hats- hackers with intension of causing harm Grey hats- hackers breaking and revealing system flaws without disrupting site or attempting to profit from their finds Cyber Vandalism • Intentionally disrupting, defacing, destroying Web site Hacking and cyber vandalism Most common security threats in the e-commerce environment
3. Security threats in E-commerce Spoofing •Hackers floodWeb site with useless traffic to inundate and overwhelm network •Use of bot networks built from hunted of compromised workstations Spam •Microsoft andYahoo have experienced such attacks •Hackers use multiple computers to attack target network from numerous launch points Spoofing and Spam Most common security threats in the e-commerce environment
3. Security threats in E-commerce Denial of Service attack (DoS) • is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. • A DoS attack is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. Distributed denial of Service attack (DDoS) • is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. Most common security threats in the e-commerce environment Denial of service attacks (DoS and DDoS)
3. Security threats in E-commerce Is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons,by disguising as a trustworthy entity in an electronic communication. • E-mail scams • Spoofing legitimateWeb sites • Use of information to commit fraudulent act, steal identity Most common security threats in the e-commerce environment Phishing Email phishing example 
3. Security threats in E-commerce Insider Jobs Single largest financial threat Data breach • A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. • When organizations lose control over corporate information to outsiders. Most common security threats in the e-commerce environment Insider Jobs Phisishing e-mails: What you need to know https://www.youtube.com/watch?v=U7tbJVSInvo&index=4&list=PLW6yuz0hnr22ic7x77Io2xsV pXHKSrhdM
3. Security threats in E-commerce • Fear that credit information will be stolen deters online purchases • Hackers target credit card and other customer information files on merchant servers • Fraud: occurs when the stolen data is used of modified • Theft: of software through illegal copying from company’s servers • One solution: New identity verification mechanisms Most common security threats in the e-commerce environment Credit card fraud/theft
3. Security threats in E-commerce • Buyer fraud •Credit Card Fraud •Reseller Fraud •Product exchange Fraud COD/RIO Fraud • Seller fraud •Brand Infringement •Seller protection fund Fraud •Fake listing •Reviews/Ratings Fraud •Price Abuse Types of frauds in e-commerce Marketplace
4. E-commerce security requirement • Use firewalls and proxy servers • Security against attack • A key requirement for E-commerce • Ensures that the communication between trading are not revealed to other, therefore unauthorized part can not read of understand the message • Another key requirement for e-commerce • Ensures that the communication between trading are not alerted by an enemy  Server Security  Message Privacy  Message integrity
4. E-commerce security requirement • Ensures that the sender of the message is actually the person he/she claims. • Ensures that the trading has the authority of transaction • Ensures that commitment to pay for goods/services over media  Authentication  Authorization  Payment
5. Electronic payment system A medium of payment between remote buyers and sellers in cyberspace: electronic cash, software wallets, smart cards, credit/debit cards.
6. Developing an E-commerce Security Plan
7. Designing Security Adopt a security policy that make sense. Considering Web Security needs . Design the security environment . Authorize and monitor the Security System.
8.Ways to protect yourself Change the password often. Choose password with a mix of numbers, low and upper case letters, 8 digitals long Don’t keep the sensitive files in folders that have revealing name. Always use https while having through your admin area. Sign up with managed firewall service. Choose a shopping card that can block IP addresses and users.
8.Ways to protect yourself How to create stronger passwords: https://www.youtube.com/watch?v=sloIvKZRMns&index=2&list=PLW6y uz0hnr22ic7x77Io2xsVpXHKSrhdM
9.Technology solutions protecting you from security threats and you must see with your programmer E-commerce security tools
9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Encryption Decryption Digital Signature Cryptography
9.Technology solutions protecting you from security threats and you must see with your programmer The process of scrambling a message in such a way that is difficult, expecting or time consuming for an unauthorized person to unscramble it. The process of unscrambling a message in such a way that is understand by authorized person.  Protecting Internet communications Encryption Decryption
9.Technology solutions protecting you from security threats and you must see with your programmer Is the process of encryption and decryption of message or data by using different algorithms or software’s.  Protecting Internet communications Cryptography
9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Digital Signature
9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Digital Signature HOW?
9.Technology solutions protecting you from security threats and you must see with your programmer Secure Sockets Layer (SSL) Designed to establish a secure connection between two computers.  Secure HyperTextTransfer Protocol (S-HTTP) Virtual Private Network (VPN) Allows remote users to securely access internal network through the Internet.  Security channels of communications Protocol
9.Technology solutions protecting you from security threats and you must see with your programmer Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Proxy servers is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.  Protecting Networks
9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Networks
9.Technology solutions protecting you from security threats and you must see with your programmer Antivirus software Easiest and least expensive way to prevent threats to system integrity Operating system controls Authentication and access control mechanisms Privacy Cookies, anonymizer Browser protection Is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Digital certificate A method for verification that the holder of a public or a private key is who he or she claim to be.  Protecting Servers and clients
Evaluation questions Match the types of ecommerce (a) - (d) with (i) - (iv) a. Authenticity b. Integrity c. Privacy d. Non-repudiation 1. E-commerce participants do not deny (repudiate) online actions. 2. control the use of information a customer providers about himself or herself to merchant. 3. Information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized part. 4. A person or entity with whom you are dealing on the Internet. True of false 1. Viruses, Worms,Trojan horse and bots are some types of Malicious code. 2. DoS is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. 3. Phishing hovering over links reveals suspicious URL. 4. Credit card Fraud occurs when the stolen data is used of modified 5. The technology solutions are encryption, decryption, cryptography, firewall. 6. Protecting clients and servers needed a signature certificate. 7. Cryptography is the process of unscrambling a message in such a way that is understand by authorized person. 8. Secure Sockets Layer (SSL) allows remote users to securely access internal network through the Internet.
Evaluation questions Match the types of ecommerce (a) - (d) with (i) - (iv) a. Authenticity b. Integrity c. Privacy d. Non-repudiation 1. E-commerce participants do not deny (repudiate) online actions. 2. control the use of information a customer providers about himself or herself to merchant. 3. Information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized part. 4. A person or entity with whom you are dealing on the Internet. True of false 1. Viruses,Worms,Trojan horse and bots are some types of Malicious code.T 2. DoS is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. F 3. Phishing hovering over links reveals suspicious URL. F 4. Credit card Fraud occurs when the stolen data is used of modified.T 5. The technology solutions are encryption, decryption, cryptography, firewall. F 6. Protecting clients and servers needed a signature certificate.T 7. Cryptography is the process of unscrambling a message in such a way that is understand by authorized person. F 8. Secure Sockets Layer (SSL) allows remote users to securely access internal network through the Internet. F a4, b3, c 2, d1
Evaluation questions Which are the most common security threats in the e-commerce environment? How you can protect yourself? What does “hacking” mean and what type of hackers there are ? Open questions

More Related Content

PPTX
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
PPT
Phishing Education
BrandProtect
 
PDF
04-1 E-commerce Security slides
monchai sopitka
 
PPT
Pp8
BAILEYP
 
PPT
6. Security Threats with E-Commerce
Jitendra Tomar
 
PPTX
Limitations E - Commerce Security measures
Jeril Peter
 
PPTX
Risks of E-commerce
anshutomar6
 
PPTX
What is a Malware - Kloudlearn
KloudLearn
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
Phishing Education
BrandProtect
 
04-1 E-commerce Security slides
monchai sopitka
 
Pp8
BAILEYP
 
6. Security Threats with E-Commerce
Jitendra Tomar
 
Limitations E - Commerce Security measures
Jeril Peter
 
Risks of E-commerce
anshutomar6
 
What is a Malware - Kloudlearn
KloudLearn
 

What's hot (19)

PPTX
Security Threats to Electronic Commerce
Darlene Enderez
 
PDF
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
PPTX
What is Phishing - Kloudlearn
KloudLearn
 
PPSX
Web security
kareem zock
 
PPT
E-Commerce Security
Syed Maniruzzaman Pabel
 
PDF
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
PDF
What-is-computer-security
iamvishal2
 
PPTX
Web security
Padam Banthia
 
PPT
Web security ppt sniper corporation
sharmaakash1881
 
PPTX
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Nuzhat Memon
 
PDF
A novel way of integrating voice recognition and one time passwords to preven...
ijdpsjournal
 
PDF
Type of Security Threats and its Prevention
ijsrd.com
 
PPTX
Lock It Down, Keep It Safe
aaberra
 
PPTX
Data security
Hitesh Kumar
 
PDF
The top 10 security issues in web applications
Devnology
 
PDF
Network security
Md. Asifur Rahman Siddiki
 
PPT
Web security
Subhash Basistha
 
PDF
Internet Security Agent
International Journal of Engineering Inventions www.ijeijournal.com
 
PPT
Unit 2aa
Sheetal Verma
 
Security Threats to Electronic Commerce
Darlene Enderez
 
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
What is Phishing - Kloudlearn
KloudLearn
 
Web security
kareem zock
 
E-Commerce Security
Syed Maniruzzaman Pabel
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
What-is-computer-security
iamvishal2
 
Web security
Padam Banthia
 
Web security ppt sniper corporation
sharmaakash1881
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Nuzhat Memon
 
A novel way of integrating voice recognition and one time passwords to preven...
ijdpsjournal
 
Type of Security Threats and its Prevention
ijsrd.com
 
Lock It Down, Keep It Safe
aaberra
 
Data security
Hitesh Kumar
 
The top 10 security issues in web applications
Devnology
 
Network security
Md. Asifur Rahman Siddiki
 
Web security
Subhash Basistha
 
Internet Security Agent
International Journal of Engineering Inventions www.ijeijournal.com
 
Unit 2aa
Sheetal Verma
 
Ad

Similar to Module 10 e security-en (20)

PPTX
E-commerce-Security-_20250212_131135_0000.pptx
CrisantafeOsia
 
PPTX
Cyber Security and prevention Presentation.pptx
kumardev57663
 
PPTX
Security for e commerce
Mohsin Ahmad
 
PPTX
For CyberSecurity.pptx which helps students whose are want to learn
Gigabyte30
 
PPTX
protection & security of e-commerce ...
Rishav Gupta
 
PPTX
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
E comm jatin
Jatin Mandhyan
 
PPTX
Security in E-commerce
m8817
 
PPTX
WK8.pptx
AlphaKoiSylvester
 
PPTX
CyberSecurityPPT_V3_1.pptx training module
surnil7785
 
DOCX
How to Secure your ecommerce website-Threats and tips
SilverClouding Consultancy Pvt Ltd
 
PPTX
CyberSecurityPPT TOPAZ holiday homework.pptx
surenderSingh12254
 
PDF
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
PPTX
Cyber Security PPT.pptx
AkshayKhade21
 
PPTX
Cysecc.pptx
jondon17
 
PDF
Cyber Safety Class 4 Computers Worksheet.pdf
Takshila Learning
 
PPTX
CyberSecurityPPT_V3_1.pptx CyberSecurityPPT_V3_1.pptx
SubhashriC
 
PPTX
Cybersecurity Training
WindstoneHealth
 
E-commerce-Security-_20250212_131135_0000.pptx
CrisantafeOsia
 
Cyber Security and prevention Presentation.pptx
kumardev57663
 
Security for e commerce
Mohsin Ahmad
 
For CyberSecurity.pptx which helps students whose are want to learn
Gigabyte30
 
protection & security of e-commerce ...
Rishav Gupta
 
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
E comm jatin
Jatin Mandhyan
 
Security in E-commerce
m8817
 
WK8.pptx
AlphaKoiSylvester
 
CyberSecurityPPT_V3_1.pptx training module
surnil7785
 
How to Secure your ecommerce website-Threats and tips
SilverClouding Consultancy Pvt Ltd
 
CyberSecurityPPT TOPAZ holiday homework.pptx
surenderSingh12254
 
Security issue in e commerce
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Cyber Security PPT.pptx
AkshayKhade21
 
Cysecc.pptx
jondon17
 
Cyber Safety Class 4 Computers Worksheet.pdf
Takshila Learning
 
CyberSecurityPPT_V3_1.pptx CyberSecurityPPT_V3_1.pptx
SubhashriC
 
Cybersecurity Training
WindstoneHealth
 
Ad

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 

Module 10 e security-en

  • 1. MODULE 10 e-Commerce Security E-learning course on e- commerce business in rural sector 2016-1-ES01-KA202-025335 TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-025335
  • 2. Practical information about training You can follow the training modules one by one or choose the module you are most interested in. You should spend about 45-90 minutes for each training module. But remember that at any time you can interrupt the training and return to the place where it previously left off. To help you better organize the time that you spend on the implementation, information about where you are will be constantly visible on the screen. You are encourage to actively participate in the training.You can do this by clicking “Next”, which is located in the lower right corner of the screen. At the end of the module you can find a final test for checking the knowledge you acquired during each module. TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-0253352 You should spend about 60minutes for the implementation of this training module. But remember that at any time you can interrupt the training and return to the place where it previously left off. To help you better organize the time that you spend on the implementation, information about where you are will be constantly visible on the screen. We encourage you to actively participate in the training.You can do this by clicking “Next”, which is located in the lower right corner of the screen. At the end of the module you can find a final test for checking the knowledge you acquired during this module.
  • 3. Contents 1.The E-commerce Security definition and Environment and Dimensions 2.What you need to know for information Security 3.Security threats in E-commerce Threat definition Key points of vulnerability Most common security threats in the e-commerce environment Types of Frauds in e-commerce Marketplace 4.E-commerce Security Requirement Server Security Message Privacy Message integrity Authentication Authorization Payment and settlement 5.Electronic payment systems 6.Developing an E-commerce Security Plan 7.Designing Security 8.Ways to protect yourself 9.Technology solutions protecting you from security threats that you must see with your programmer E-commerce security tools Protecting Internet communications Securing channels of communication Protecting Networks Protecting servers and clients
  • 4. Learning objectives At the end of module 10 you will be able to: Understand the fundamental aspects of e-commerce security Recognise security threats in e-commerce Define e-commerce security requirement Design security plan for your e-commerce business
  • 5. 1.The E-commerce Security definition E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.
  • 6. 1. Dimensions of E-commerce Security Authenticity Integrity Non-repudiation Ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been Altered in any way by an unauthorized part. Ability to ensure that e-commerce participants do not deny (repudiate) online actions. Ability to identify the identity of a person or entity with whom you are dealing on the Internet.
  • 7. 1. Dimensions of E-commerce Security (cont.) Availability Confidentiality Privacy Ability to ensure that messages and data are available only to those authorized to view them.. Ability to control the use of information a customer providers about himself or herself to merchant. Ability to ensure that e-commerce site continues to function as intended.
  • 8. 2. What you need to know for information Security UsefulTips for Information security: https://www.youtube.com/watch?v=eUxUUarTRW4
  • 9. 3. Security threats in E-commerce Threat definition A threat is an object, person, or other entity that represents a constant danger to an asset. Management must be informed of the various kinds of threats facing the organization. By examining each threat category, management effectively protects information through policy, education, training an technology.
  • 10. 3. Security threats in E-commerce key points of vulnerability Client Server Communications Channel Server Communications Channel Client
  • 11. 3. Security threats in E-commerce Source:
  • 12. 3. Security threats in E-commerce
  • 13. 3. Security threats in E-commerce Most common security threats in the e- commerce environment Malicious code Hacking and cyber vandalism Spoofing and Spam Denial of service attacks (DoS and DDoS) Phishing Insider Jobs Credit card fraud/theft
  • 14. 3. Security threats in E-commerce Viruses • Replicate and spread to other files • Macro viruses, file-infecting viruses, script viruses Worms • Designed to spread from computer to computer • Can replicate without being executed by a user or program like virus Trojan horse • Appears benign, but does something other than expected Bots • Covertly installed on computer. Respond to external commands sent by attacker to create a network of compromised computers for sending spam, generating a DoSattact, and stealing info from computers Most common security threats in the e-commerce environment Malicious code
  • 15. 3. Security threats in E-commerce Hacking • Hackers: Individual who intends to gain unauthorized access to computer systems • Crackers: Hacker with criminal intent • Types of hackers: White hats- hired by corporate to find weaknesses to firm’s computer system Black hats- hackers with intension of causing harm Grey hats- hackers breaking and revealing system flaws without disrupting site or attempting to profit from their finds Cyber Vandalism • Intentionally disrupting, defacing, destroying Web site Hacking and cyber vandalism Most common security threats in the e-commerce environment
  • 16. 3. Security threats in E-commerce Spoofing •Hackers floodWeb site with useless traffic to inundate and overwhelm network •Use of bot networks built from hunted of compromised workstations Spam •Microsoft andYahoo have experienced such attacks •Hackers use multiple computers to attack target network from numerous launch points Spoofing and Spam Most common security threats in the e-commerce environment
  • 17. 3. Security threats in E-commerce Denial of Service attack (DoS) • is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. • A DoS attack is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. Distributed denial of Service attack (DDoS) • is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. Most common security threats in the e-commerce environment Denial of service attacks (DoS and DDoS)
  • 18. 3. Security threats in E-commerce Is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons,by disguising as a trustworthy entity in an electronic communication. • E-mail scams • Spoofing legitimateWeb sites • Use of information to commit fraudulent act, steal identity Most common security threats in the e-commerce environment Phishing Email phishing example 
  • 19. 3. Security threats in E-commerce Insider Jobs Single largest financial threat Data breach • A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. • When organizations lose control over corporate information to outsiders. Most common security threats in the e-commerce environment Insider Jobs Phisishing e-mails: What you need to know https://www.youtube.com/watch?v=U7tbJVSInvo&index=4&list=PLW6yuz0hnr22ic7x77Io2xsV pXHKSrhdM
  • 20. 3. Security threats in E-commerce • Fear that credit information will be stolen deters online purchases • Hackers target credit card and other customer information files on merchant servers • Fraud: occurs when the stolen data is used of modified • Theft: of software through illegal copying from company’s servers • One solution: New identity verification mechanisms Most common security threats in the e-commerce environment Credit card fraud/theft
  • 21. 3. Security threats in E-commerce • Buyer fraud •Credit Card Fraud •Reseller Fraud •Product exchange Fraud COD/RIO Fraud • Seller fraud •Brand Infringement •Seller protection fund Fraud •Fake listing •Reviews/Ratings Fraud •Price Abuse Types of frauds in e-commerce Marketplace
  • 22. 4. E-commerce security requirement • Use firewalls and proxy servers • Security against attack • A key requirement for E-commerce • Ensures that the communication between trading are not revealed to other, therefore unauthorized part can not read of understand the message • Another key requirement for e-commerce • Ensures that the communication between trading are not alerted by an enemy  Server Security  Message Privacy  Message integrity
  • 23. 4. E-commerce security requirement • Ensures that the sender of the message is actually the person he/she claims. • Ensures that the trading has the authority of transaction • Ensures that commitment to pay for goods/services over media  Authentication  Authorization  Payment
  • 24. 5. Electronic payment system A medium of payment between remote buyers and sellers in cyberspace: electronic cash, software wallets, smart cards, credit/debit cards.
  • 25. 6. Developing an E-commerce Security Plan
  • 26. 7. Designing Security Adopt a security policy that make sense. Considering Web Security needs . Design the security environment . Authorize and monitor the Security System.
  • 27. 8.Ways to protect yourself Change the password often. Choose password with a mix of numbers, low and upper case letters, 8 digitals long Don’t keep the sensitive files in folders that have revealing name. Always use https while having through your admin area. Sign up with managed firewall service. Choose a shopping card that can block IP addresses and users.
  • 28. 8.Ways to protect yourself How to create stronger passwords: https://www.youtube.com/watch?v=sloIvKZRMns&index=2&list=PLW6y uz0hnr22ic7x77Io2xsVpXHKSrhdM
  • 29. 9.Technology solutions protecting you from security threats and you must see with your programmer E-commerce security tools
  • 30. 9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Encryption Decryption Digital Signature Cryptography
  • 31. 9.Technology solutions protecting you from security threats and you must see with your programmer The process of scrambling a message in such a way that is difficult, expecting or time consuming for an unauthorized person to unscramble it. The process of unscrambling a message in such a way that is understand by authorized person.  Protecting Internet communications Encryption Decryption
  • 32. 9.Technology solutions protecting you from security threats and you must see with your programmer Is the process of encryption and decryption of message or data by using different algorithms or software’s.  Protecting Internet communications Cryptography
  • 33. 9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Digital Signature
  • 34. 9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Internet communications Digital Signature HOW?
  • 35. 9.Technology solutions protecting you from security threats and you must see with your programmer Secure Sockets Layer (SSL) Designed to establish a secure connection between two computers.  Secure HyperTextTransfer Protocol (S-HTTP) Virtual Private Network (VPN) Allows remote users to securely access internal network through the Internet.  Security channels of communications Protocol
  • 36. 9.Technology solutions protecting you from security threats and you must see with your programmer Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Proxy servers is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.  Protecting Networks
  • 37. 9.Technology solutions protecting you from security threats and you must see with your programmer  Protecting Networks
  • 38. 9.Technology solutions protecting you from security threats and you must see with your programmer Antivirus software Easiest and least expensive way to prevent threats to system integrity Operating system controls Authentication and access control mechanisms Privacy Cookies, anonymizer Browser protection Is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Digital certificate A method for verification that the holder of a public or a private key is who he or she claim to be.  Protecting Servers and clients
  • 39. Evaluation questions Match the types of ecommerce (a) - (d) with (i) - (iv) a. Authenticity b. Integrity c. Privacy d. Non-repudiation 1. E-commerce participants do not deny (repudiate) online actions. 2. control the use of information a customer providers about himself or herself to merchant. 3. Information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized part. 4. A person or entity with whom you are dealing on the Internet. True of false 1. Viruses, Worms,Trojan horse and bots are some types of Malicious code. 2. DoS is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. 3. Phishing hovering over links reveals suspicious URL. 4. Credit card Fraud occurs when the stolen data is used of modified 5. The technology solutions are encryption, decryption, cryptography, firewall. 6. Protecting clients and servers needed a signature certificate. 7. Cryptography is the process of unscrambling a message in such a way that is understand by authorized person. 8. Secure Sockets Layer (SSL) allows remote users to securely access internal network through the Internet.
  • 40. Evaluation questions Match the types of ecommerce (a) - (d) with (i) - (iv) a. Authenticity b. Integrity c. Privacy d. Non-repudiation 1. E-commerce participants do not deny (repudiate) online actions. 2. control the use of information a customer providers about himself or herself to merchant. 3. Information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized part. 4. A person or entity with whom you are dealing on the Internet. True of false 1. Viruses,Worms,Trojan horse and bots are some types of Malicious code.T 2. DoS is a cyber-attack where the perpetrator uses more than one unique IP address, often thousands of them. F 3. Phishing hovering over links reveals suspicious URL. F 4. Credit card Fraud occurs when the stolen data is used of modified.T 5. The technology solutions are encryption, decryption, cryptography, firewall. F 6. Protecting clients and servers needed a signature certificate.T 7. Cryptography is the process of unscrambling a message in such a way that is understand by authorized person. F 8. Secure Sockets Layer (SSL) allows remote users to securely access internal network through the Internet. F a4, b3, c 2, d1
  • 41. Evaluation questions Which are the most common security threats in the e-commerce environment? How you can protect yourself? What does “hacking” mean and what type of hackers there are ? Open questions