Hajrë Hyseni, University of Hertfordshire
March 2011
eCommerce Security & Privacy
1
Wednesday, 30 March 2011
2
Security BasicsTop security Threats
Spams/Threats?Quick discussion
eCommerce Security and Conveying TrustworthinessSafe shopping
Q/A
Wednesday, 30 March 2011
Customer Security Basics• Customer privacy/integrity/authentication
• Digital Signatures and Certificates (Verisign, Thawte) - document author is known
• SSL Secure Socket Layers - encrypted transactions between servers and browsers https://. Created by Netscape
• PCI, SET and Firewalls - The PCI card (peripheral component interconnect card) usually is added for protection. SET (Secure Electronic Transaction) - developed by Visa and Mastercard
• Continuos eCommerce security solution checks!3
Wednesday, 30 March 2011
Top security THREATS!• Vulnerable web apps
• Sophisticated phishing and pharming - Fake emails and scams for money from 'banks'
• Spam - About 90 percent of all email messages are either spam or phishing attempts (Semantic)
• Social media attacks - exploiting inadequate password security and insecure free apps and the security settings for personal and sensitive data
• Fake Investments and job offers
• Click Ads Scam and survey scam
• Fake Lottery Jackpot Offer and money transfer scam
4
Wednesday, 30 March 2011
5
Home Office
estimated
£1.7bn per annum costing the UK
Wednesday, 30 March 2011
6
“There are over 1 million viruses and malicious codes in circulation.”
Symantech (2007)
Wednesday, 30 March 2011
7
Spotifymusic streaming service
Hackers targeted: In 2009 thousands of customers personal details
were stolen.
Wednesday, 30 March 2011
Top security THREATS!• Theft of credit-card details - Perhaps only 5% of e-commerce websites are
PCI DSS-secure.
• Exploiting the latest technology - new technologies, iPhone, iPad and other smart devices apps are very vulnerable: One example is the exploitation of IP-based telephone systems to perform 'vishing' campaigns. Vishing makes calls from a compromised phone system that appears to be a trusted source.
• Increased outsourcing - large amounts of sensitive data, including customer and employee personal information, are being shared with outside vendors.
• Rise in super-portable data - reports on loss of usb devices, laptops, portable data holding between 2GB to 500GB
• Complacency - increase awareness through training, seminars and other staff briefs to follow security policies
8
Wednesday, 30 March 2011
9
Wednesday, 30 March 2011
9
Wednesday, 30 March 2011
Spam/Threat?
10
Wednesday, 30 March 2011
11
Spam/Threat?
Wednesday, 30 March 2011
12
Spam/Threat?
Wednesday, 30 March 2011
13
Spam/Threat?
Wednesday, 30 March 2011
eCommerce Security and Conveying Trustworthiness
• Digital Certificates - are encrypted credentials that verify the user's identity for online transactions
• Transactions support (paypal, sage, visa)
• Privacy in Transactions - TRUSTe Steal
• eCommerce Reliability - deliver on promise!
14
Wednesday, 30 March 2011
Tips for safe shopping
15
• Buy from a reputable company
• Do they have a real-world presence? Can you see their address and phone number?
• Is their website secure? Look for ‘https://’ and the padlock (before giving any payment details, credit card, or personal information
• Do they have clear privacy and returns policies?
• Not convinced? Search for the company on the internet and check their reputation. Call them!
• When it comes to handing over your money, choose a safe journey such as PayPal or a credit/debit card.
Wednesday, 30 March 2011
Tips for safe shopping
16
• Conmen are very good at persuading you to do what they want
• Learn to spot the telltale signs
• They will promise huge rewards: lottery wins, lost inheritances etc.
• A false sense of urgency
• Odd, superfluous details
• Requests for upfront payments or private information
Wednesday, 30 March 2011
Safe browsing Tools
17
http://www.german-websecurity.com/en/http://asafesite.com/home/
Wednesday, 30 March 2011
18
Wednesday, 30 March 2011
Activity
19
Select at least three eCommerce sites
Perform the following checks:• Digital Certificates• SSL• Privacy in Transactions
Report back the results in your Research File
1
2
3
23 Dec, 2010
Wednesday, 30 March 2011
20
Security BasicsTop security Threats
Spams/Threats?Quick discussion
eCommerce Security and Conveying TrustworthinessSafe shopping
Q/A
Wednesday, 30 March 2011
21
Q/A
Wednesday, 30 March 2011