Embed Size (px)
Citation preview
• E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.
• 6 dimensions of e-commerce security
1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability
• Threats
• Threats to information security
• Acts of Human Error or failure
• Espionage/Trespass
• Network Security Goals
• A threat is an object, person, or other entity that represents a constant danger to an asset.
• Anyone with the capability, technology, opportunity, and intent to do harm.
• Intellectual property threats
• Client computer threats
• Communication channel threats
• Server threats
• Include acts done with no malicious intent.
• Employee Mistakes
• Many of threats can be prevented with controls.
• Broad category of activities that breach confidentiality
• Controls implemented to mark the boundaries of an organization’s virtual territory giving notice to trespassers that they are encroaching on the organization’s cyberspace
• Hackers uses skill, guile, or fraud to steal the property of someone else
• commerce over open networks (such as internet) can secure if the following happen:
1. Server Security
2. Message Privacy (or confidentiality)
3. Message integrity
4. Authentication
5. Authorization
6. Audit mechanism and non-repudiation
7. Payment and settlement
• Server Security:
• Use firewalls and proxy servers
• Every packet going from the firms computer to the internet or voice versa will be checked
• “Security” against ”attack” such as viruses, unauthorized access of hackers, trojan horse can be provided.
• Message Privacy
• A key requirement for E-commerce
• it assures that the communication between trading parties are not revealed to other, therefore unauthorized party can not read or understand the message
• Message integrity
• another key requirement for e-commerce
• It assures that the communication between trading parties are not alerted by an enemy.
• Authentication
• Assures that the “sender” of the message is actually the person he/she claims.
• Paper message
• The term “authentication” determines the user of the computer is actually who he/she claims.
• The term “authentication of the receiver”: allows the sender to be sure that the party he/she intend to get the message is the one who is receives it.
• Authorization
• Ensures that the trading party has the authority of transaction
• It prevents the risks that employees transactions create economic damage
• Authentication vs Authorization
• Once the system knows who the user is through authentication, Authorization is how the system decides what the user can do
.)• Audit mechanism and non-repudiation
• Enables exchanging parties to maintain and revisit the history/sequence of events during a period of transaction
• In e-commerce, these could be computer time stamps, or records of different computer of different stage of transactions
• Payment and settlements
• Vital to widespread e-commerce
• Secure e-payment ensures that “commitment” to pay for goods/services over media are met
• Electronic Transaction
• Some federal, state and territory governments encourage the adoption of electronic commerce by enacting and enabling legalization.
• Privacy & SecurityWhile shopping on the Internet, most people typically do not think about what is
happening in the background. Web shopping is generally very easy. We click on a
related site, go into that site, buy the required merchandise by adding it to our cart,
enter our credit card details and then expect delivery within a couple of days. This entire
process looks very simple but a developer or businessmen knows exactly how many
hurdles need to be jumped to complete the order.
• Copyright & Trademark
Many attempts have been made to address the issues related to copyrights on digital content. E-commerce has a tremendous impact on copyright and related issues, and the scope of copyrights is affecting how e-commerce evolves. It is essential that legal rules are set and applied appropriately to ensure that digital technology does not undermine the basic doctrine of copyright and related rights. From one perspective, the Internet has been described as "the world's biggest copy machine"
• Online Terms, Conditions, Policies and Laws
• At the moment, most online privacy policies are produced by private businesses for individual companies. Governments are developing legislation to support and strengthen the privacy protection measures of many businesses. These initiatives are aimed at regulating the storage, use and disclosure by businesses of personal information.
• Legislation Dilemma
• Electronic transactions separate e-business from
traditional types ofbusinesses.
• E-commerce presents a world of opportunity for doing businesses, reaching global markets and purchasing without leaving the home or office. E-commerce can provide opportunities to improve business processes, just as phones, faxes and mobile communications have in the past. However, just as any new business tool has associated issues and risks so does e-commerce. It's important to understand the legal issues and potential risks to ensure a safe, secure environment for trading with customers and other businesses.In traditional and online trading environments, consumers are entitled to have their privacy respected. Websites should provide the customers with choices regarding the use of their personal information, and incorporate security procedures to limit access to customer information by unauthorized parties. Privacy policies and procedures should be clearly explained to customers. Although respecting consumer privacy rights is a legal requirement, it also represents good business practice. If customers trust a site and business then they are more likely to trade with it.
• International IssuesThe most significant legal issues that arise with regard to
conducting business over the internet are those involving jurisdiction. A simple example: if Company A in Japan offers services over the internet to John Doe in America and a related dispute arises, which country's laws control and which country's courts have power over both parties? Jurisdictional questions also arise regarding the power to tax, whether it be taxing the buying customers, requiring selling companies to aid in tax collection, or taxing companies' and individuals' income. There are several types of jurisdictional issues, and jurisdictional issues are not the only ones that require rethinking as a result of the Internet revolution. A myriad of legal concerns related to Internet use have spawned numerous bills in the U.S. Congress as well as in legislative bodies around the globe.
Aleira Aila “AYA” Balagot
Maria Betina Arcega
Mcllen Werniel “Macky” Asño
Delmer Gerald “Jhed” Calderon
Kenneth “Kenyong” Baladad
Mark Joevit “BRANDO” Alvarez
