In this lecture you will be able to learn fundamentals of the privacy and security in ecommerce industry. The aim of this lecture is to increase awareness amongst students and business owners about the importance of the privacy and security online for successful online business.
1. eCommerce Security & Privacy
Hajrë Hyseni, University of Hertfordshire
March 2011
1
Wednesday, 30 March 2011
2. Security Basics
Top security Threats
Spams/Threats?
Quick discussion
eCommerce Security and Conveying
Trustworthiness
Safe shopping
Q/A
2
Wednesday, 30 March 2011
3. Customer Security Basics
• Customer privacy/integrity/authentication
• Digital Signatures and Certificates (Verisign, Thawte) -
document author is known
• SSL Secure Socket Layers - encrypted transactions
between servers and browsers https://. Created by
Netscape
• PCI, SET and Firewalls - The PCI card (peripheral
component interconnect card) usually is added for
protection. SET (Secure Electronic Transaction) -
developed by Visa and Mastercard
• Continuos eCommerce security solution checks!
3
Wednesday, 30 March 2011
4. Top security THREATS!
• Vulnerable web apps
• Sophisticated phishing and pharming - Fake emails and scams
for money from 'banks'
• Spam - About 90 percent of all email messages are either spam or
phishing attempts (Semantic)
• Social media attacks - exploiting inadequate password security
and insecure free apps and the security settings for personal and
sensitive data
• Fake Investments and job offers
• Click Ads Scam and survey scam
• Fake Lottery Jackpot Offer and money transfer scam
4
Wednesday, 30 March 2011
5. Home
Office
estimated
£1.7bn per
annum costing the UK
5
Wednesday, 30 March 2011
6. “There are over 1 million viruses and
malicious codes in circulation.”
Symantech (2007)
6
Wednesday, 30 March 2011
7. Spotify
music streaming service
Hackers targeted:
In 2009 thousands of customers personal details
were stolen.
7
Wednesday, 30 March 2011
8. Top security THREATS!
• Theft of credit-card details - Perhaps only 5% of e-commerce websites are
PCI DSS-secure.
• Exploiting the latest technology - new technologies, iPhone, iPad and other
smart devices apps are very vulnerable: One example is the exploitation of IP-
based telephone systems to perform 'vishing' campaigns. Vishing makes calls
from a compromised phone system that appears to be a trusted source.
• Increased outsourcing - large amounts of sensitive data, including customer
and employee personal information, are being shared with outside vendors.
• Rise in super-portable data - reports on loss of usb devices, laptops,
portable data holding between 2GB to 500GB
• Complacency - increase awareness through training, seminars and other staff
briefs to follow security policies
8
Wednesday, 30 March 2011
15. eCommerce Security and
Conveying Trustworthiness
• Digital Certificates - are encrypted credentials that verify
the user's identity for online transactions
• Transactions support (paypal, sage, visa)
• Privacy in Transactions - TRUSTe Steal
• eCommerce Reliability - deliver on promise!
14
Wednesday, 30 March 2011
16. Tips for safe shopping
• Buy from a reputable company
• Do they have a real-world presence? Can you see their
address and phone number?
• Is their website secure? Look for ‘https://’ and the padlock
(before giving any payment details, credit card, or personal
information
• Do they have clear privacy and returns policies?
• Not convinced? Search for the company on the internet and
check their reputation. Call them!
• When it comes to handing over your money, choose a safe
journey such as PayPal or a credit/debit card.
15
Wednesday, 30 March 2011
17. Tips for safe shopping
• Conmen are very good at persuading you to do what they
want
• Learn to spot the telltale signs
• They will promise huge rewards: lottery wins, lost inheritances
etc.
• A false sense of urgency
• Odd, superfluous details
• Requests for upfront payments or private information
16
Wednesday, 30 March 2011
20. Activity
1 Select at least three eCommerce sites
2 Perform the following checks:
• Digital Certificates
• SSL
• Privacy in Transactions
3 Report back the results in your
Research File
19 23 Dec, 2010
Wednesday, 30 March 2011
21. Security Basics
Top security Threats
Spams/Threats?
Quick discussion
eCommerce Security and Conveying
Trustworthiness
Safe shopping
Q/A
20
Wednesday, 30 March 2011