SlideShare une entreprise Scribd logo

eCommerce Security Privacy

University of Hertfordshire
University of Hertfordshire

In this lecture you will be able to learn fundamentals of the privacy and security in ecommerce industry. The aim of this lecture is to increase awareness amongst students and business owners about the importance of the privacy and security online for successful online business.

1  sur  22
Télécharger pour lire hors ligne
eCommerce Security & Privacy Hajrë Hyseni, University of Hertfordshire March 2011 1 Wednesday, 30 March 2011
Security Basics Top security Threats Spams/Threats? Quick discussion eCommerce Security and Conveying Trustworthiness Safe shopping Q/A 2 Wednesday, 30 March 2011
Customer Security Basics • Customer privacy/integrity/authentication • Digital Signatures and Certificates (Verisign, Thawte) - document author is known • SSL Secure Socket Layers - encrypted transactions between servers and browsers https://. Created by Netscape • PCI, SET and Firewalls - The PCI card (peripheral component interconnect card) usually is added for protection. SET (Secure Electronic Transaction) - developed by Visa and Mastercard • Continuos eCommerce security solution checks! 3 Wednesday, 30 March 2011
Top security THREATS! • Vulnerable web apps • Sophisticated phishing and pharming - Fake emails and scams for money from 'banks' • Spam - About 90 percent of all email messages are either spam or phishing attempts (Semantic) • Social media attacks - exploiting inadequate password security and insecure free apps and the security settings for personal and sensitive data • Fake Investments and job offers • Click Ads Scam and survey scam • Fake Lottery  Jackpot  Offer and money transfer scam 4 Wednesday, 30 March 2011
Home Office estimated £1.7bn per annum costing the UK 5 Wednesday, 30 March 2011
“There are over 1 million viruses and malicious codes in circulation.” Symantech (2007) 6 Wednesday, 30 March 2011
Spotify music streaming service Hackers targeted: In 2009 thousands of customers personal details were stolen. 7 Wednesday, 30 March 2011
Top security THREATS! • Theft of credit-card details - Perhaps only 5% of e-commerce websites are PCI DSS-secure. • Exploiting the latest technology - new technologies, iPhone, iPad and other smart devices apps are very vulnerable: One example is the exploitation of IP- based telephone systems to perform 'vishing' campaigns. Vishing makes calls from a compromised phone system that appears to be a trusted source. • Increased outsourcing - large amounts of sensitive data, including customer and employee personal information, are being shared with outside vendors. • Rise in super-portable data - reports on loss of usb devices, laptops, portable data holding between 2GB to 500GB • Complacency - increase awareness through training, seminars and other staff briefs to follow security policies 8 Wednesday, 30 March 2011
9 Wednesday, 30 March 2011
9 Wednesday, 30 March 2011
Spam/Threat? 10 Wednesday, 30 March 2011
Spam/Threat? 11 Wednesday, 30 March 2011
Spam/Threat? 12 Wednesday, 30 March 2011
Spam/Threat? 13 Wednesday, 30 March 2011
eCommerce Security and Conveying Trustworthiness • Digital Certificates - are encrypted credentials that verify the user's identity for online transactions • Transactions support (paypal, sage, visa) • Privacy in Transactions - TRUSTe Steal • eCommerce Reliability - deliver on promise! 14 Wednesday, 30 March 2011
Tips for safe shopping • Buy from a reputable company • Do they have a real-world presence? Can you see their address and phone number? • Is their website secure? Look for ‘https://’ and the padlock (before giving any payment details, credit card, or personal information • Do they have clear privacy and returns policies? • Not convinced? Search for the company on the internet and check their reputation. Call them! • When it comes to handing over your money, choose a safe journey such as PayPal or a credit/debit card. 15 Wednesday, 30 March 2011
Tips for safe shopping • Conmen are very good at persuading you to do what they want • Learn to spot the telltale signs • They will promise huge rewards: lottery wins, lost inheritances etc. • A false sense of urgency • Odd, superfluous details • Requests for upfront payments or private information 16 Wednesday, 30 March 2011
Safe browsing Tools http://www.german-websecurity.com/en/ http://asafesite.com/home/ 17 Wednesday, 30 March 2011
18 Wednesday, 30 March 2011
Activity 1 Select at least three eCommerce sites 2 Perform the following checks: • Digital Certificates • SSL • Privacy in Transactions 3 Report back the results in your Research File 19 23 Dec, 2010 Wednesday, 30 March 2011
Security Basics Top security Threats Spams/Threats? Quick discussion eCommerce Security and Conveying Trustworthiness Safe shopping Q/A 20 Wednesday, 30 March 2011
Q/A 21 Wednesday, 30 March 2011

Recommandé

Hybrid Education (session 1)
Hybrid Education (session 1)Hybrid Education (session 1)
Hybrid Education (session 1)Jason Murray
 
How Encryption Works
How Encryption WorksHow Encryption Works
How Encryption Worksray0510711s
 
Part III E Commerce Course Power Point
Part III E Commerce Course Power PointPart III E Commerce Course Power Point
Part III E Commerce Course Power PointDaniel Bond
 
Part IV E Commerce Course Power Point
Part IV E Commerce Course Power PointPart IV E Commerce Course Power Point
Part IV E Commerce Course Power PointDaniel Bond
 
D9 presentation
D9 presentationD9 presentation
D9 presentationSam Richard
 
PRAM algorithms from deepika
PRAM algorithms from deepikaPRAM algorithms from deepika
PRAM algorithms from deepikaguest1f4fb3
 
Basics of ecommerce part1
Basics of ecommerce part1Basics of ecommerce part1
Basics of ecommerce part1Madhav Suratkar
 
Revolution of e commerce delivery services
Revolution of e commerce delivery servicesRevolution of e commerce delivery services
Revolution of e commerce delivery servicesCleveronLtd
 

Recommandé

Hybrid Education (session 1)
Hybrid Education (session 1)Hybrid Education (session 1)
Hybrid Education (session 1)Jason Murray
 
How Encryption Works
How Encryption WorksHow Encryption Works
How Encryption Worksray0510711s
 
Part III E Commerce Course Power Point
Part III E Commerce Course Power PointPart III E Commerce Course Power Point
Part III E Commerce Course Power PointDaniel Bond
 
Part IV E Commerce Course Power Point
Part IV E Commerce Course Power PointPart IV E Commerce Course Power Point
Part IV E Commerce Course Power PointDaniel Bond
 
D9 presentation
D9 presentationD9 presentation
D9 presentationSam Richard
 
PRAM algorithms from deepika
PRAM algorithms from deepikaPRAM algorithms from deepika
PRAM algorithms from deepikaguest1f4fb3
 
Basics of ecommerce part1
Basics of ecommerce part1Basics of ecommerce part1
Basics of ecommerce part1Madhav Suratkar
 
Revolution of e commerce delivery services
Revolution of e commerce delivery servicesRevolution of e commerce delivery services
Revolution of e commerce delivery servicesCleveronLtd
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
1st task unit 8 e commerce p2
1st task unit 8 e commerce p21st task unit 8 e commerce p2
1st task unit 8 e commerce p2IronCheese
 
E payment_system1_257091537
E payment_system1_257091537 E payment_system1_257091537
E payment_system1_257091537Indore Management Institute & Research Centre
 
Electronic Payment Method
Electronic Payment MethodElectronic Payment Method
Electronic Payment MethodMehul Boghra
 
Unit 5
Unit 5Unit 5
Unit 5abhishek srivastav
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
E-Payment methods
E-Payment methodsE-Payment methods
E-Payment methodsMuhammad Irfan Shahid
 
Parallel Algorithms
Parallel AlgorithmsParallel Algorithms
Parallel AlgorithmsDr Sandeep Kumar Poonia
 
Parallel Algorithms
Parallel AlgorithmsParallel Algorithms
Parallel AlgorithmsDr Sandeep Kumar Poonia
 
Electronic payment system for e-commerce
Electronic payment system for e-commerceElectronic payment system for e-commerce
Electronic payment system for e-commerceAkash Pallod
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce SecurityRebecca Jones
 
E-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation IssuesE-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation IssuesNurul Izzah
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerceOnkar Sule
 
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014Dao Hoa
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
The Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelThe Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelIan Miles
 
Parallel Algorithm Models
Parallel Algorithm ModelsParallel Algorithm Models
Parallel Algorithm ModelsMartin Coronel
 
Jony Ive Quote
Jony Ive QuoteJony Ive Quote
Jony Ive QuoteUniversity of Hertfordshire
 
Design social networking campaign
Design social networking campaignDesign social networking campaign
Design social networking campaignUniversity of Hertfordshire
 
The Business of Innovation
The Business of Innovation The Business of Innovation
The Business of Innovation University of Hertfordshire
 
The power of m commerce
The power of m commerceThe power of m commerce
The power of m commerceUniversity of Hertfordshire
 
Mobile Customer Journey
Mobile Customer Journey Mobile Customer Journey
Mobile Customer Journey University of Hertfordshire
 

Contenu connexe

En vedette

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
1st task unit 8 e commerce p2
1st task unit 8 e commerce p21st task unit 8 e commerce p2
1st task unit 8 e commerce p2IronCheese
 
Electronic Payment Method
Electronic Payment MethodElectronic Payment Method
Electronic Payment MethodMehul Boghra
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Electronic payment system for e-commerce
Electronic payment system for e-commerceElectronic payment system for e-commerce
Electronic payment system for e-commerceAkash Pallod
 
E-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation IssuesE-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation IssuesNurul Izzah
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerceOnkar Sule
 
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014Dao Hoa
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
The Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelThe Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelIan Miles
 
Parallel Algorithm Models
Parallel Algorithm ModelsParallel Algorithm Models
Parallel Algorithm ModelsMartin Coronel
 

En vedette (17)

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
1st task unit 8 e commerce p2
1st task unit 8 e commerce p21st task unit 8 e commerce p2
1st task unit 8 e commerce p2
 
E payment_system1_257091537
E payment_system1_257091537 E payment_system1_257091537
E payment_system1_257091537
 
Electronic Payment Method
Electronic Payment MethodElectronic Payment Method
Electronic Payment Method
 
Unit 5
Unit 5Unit 5
Unit 5
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
E-Payment methods
E-Payment methodsE-Payment methods
E-Payment methods
 
Parallel Algorithms
Parallel AlgorithmsParallel Algorithms
Parallel Algorithms
 
Parallel Algorithms
Parallel AlgorithmsParallel Algorithms
Parallel Algorithms
 
Electronic payment system for e-commerce
Electronic payment system for e-commerceElectronic payment system for e-commerce
Electronic payment system for e-commerce
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
E-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation IssuesE-Commerce Integration and Implementation Issues
E-Commerce Integration and Implementation Issues
 
Security concerns-with-e-commerce
Security concerns-with-e-commerceSecurity concerns-with-e-commerce
Security concerns-with-e-commerce
 
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
The Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelThe Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business Model
 
Parallel Algorithm Models
Parallel Algorithm ModelsParallel Algorithm Models
Parallel Algorithm Models
 

Plus de University of Hertfordshire

Plus de University of Hertfordshire (20)

Jony Ive Quote
Jony Ive QuoteJony Ive Quote
Jony Ive Quote
 
Design social networking campaign
Design social networking campaignDesign social networking campaign
Design social networking campaign
 
The Business of Innovation
The Business of Innovation The Business of Innovation
The Business of Innovation
 
The power of m commerce
The power of m commerceThe power of m commerce
The power of m commerce
 
Mobile Customer Journey
Mobile Customer Journey Mobile Customer Journey
Mobile Customer Journey
 
Mobile Platforms
Mobile Platforms Mobile Platforms
Mobile Platforms
 
Online Personal Branding
Online Personal Branding Online Personal Branding
Online Personal Branding
 
Drawbacks of Social Networks
Drawbacks of Social NetworksDrawbacks of Social Networks
Drawbacks of Social Networks
 
Innovate using social networks
Innovate using social networksInnovate using social networks
Innovate using social networks
 
Mobile Commerce
Mobile CommerceMobile Commerce
Mobile Commerce
 
Mobile Enabled Features
Mobile Enabled Features Mobile Enabled Features
Mobile Enabled Features
 
Going Digital
Going DigitalGoing Digital
Going Digital
 
eCommerce Marketing Channels
eCommerce Marketing ChannelseCommerce Marketing Channels
eCommerce Marketing Channels
 
iDeas on eCommerce
iDeas on eCommerceiDeas on eCommerce
iDeas on eCommerce
 
eCommerce Components
eCommerce ComponentseCommerce Components
eCommerce Components
 
eCommerce Platforms
eCommerce PlatformseCommerce Platforms
eCommerce Platforms
 
eCommerce Fulfilment Systems
eCommerce Fulfilment SystemseCommerce Fulfilment Systems
eCommerce Fulfilment Systems
 
Be As Good As Asos
Be As Good As AsosBe As Good As Asos
Be As Good As Asos
 
Planning eCommerce Budget
Planning eCommerce BudgetPlanning eCommerce Budget
Planning eCommerce Budget
 
Intro To Mob Biz Tech
Intro To Mob Biz TechIntro To Mob Biz Tech
Intro To Mob Biz Tech
 

eCommerce Security Privacy

  • 1. eCommerce Security & Privacy Hajrë Hyseni, University of Hertfordshire March 2011 1 Wednesday, 30 March 2011
  • 2. Security Basics Top security Threats Spams/Threats? Quick discussion eCommerce Security and Conveying Trustworthiness Safe shopping Q/A 2 Wednesday, 30 March 2011
  • 3. Customer Security Basics • Customer privacy/integrity/authentication • Digital Signatures and Certificates (Verisign, Thawte) - document author is known • SSL Secure Socket Layers - encrypted transactions between servers and browsers https://. Created by Netscape • PCI, SET and Firewalls - The PCI card (peripheral component interconnect card) usually is added for protection. SET (Secure Electronic Transaction) - developed by Visa and Mastercard • Continuos eCommerce security solution checks! 3 Wednesday, 30 March 2011
  • 4. Top security THREATS! • Vulnerable web apps • Sophisticated phishing and pharming - Fake emails and scams for money from 'banks' • Spam - About 90 percent of all email messages are either spam or phishing attempts (Semantic) • Social media attacks - exploiting inadequate password security and insecure free apps and the security settings for personal and sensitive data • Fake Investments and job offers • Click Ads Scam and survey scam • Fake Lottery  Jackpot  Offer and money transfer scam 4 Wednesday, 30 March 2011
  • 5. Home Office estimated £1.7bn per annum costing the UK 5 Wednesday, 30 March 2011
  • 6. “There are over 1 million viruses and malicious codes in circulation.” Symantech (2007) 6 Wednesday, 30 March 2011
  • 7. Spotify music streaming service Hackers targeted: In 2009 thousands of customers personal details were stolen. 7 Wednesday, 30 March 2011
  • 8. Top security THREATS! • Theft of credit-card details - Perhaps only 5% of e-commerce websites are PCI DSS-secure. • Exploiting the latest technology - new technologies, iPhone, iPad and other smart devices apps are very vulnerable: One example is the exploitation of IP- based telephone systems to perform 'vishing' campaigns. Vishing makes calls from a compromised phone system that appears to be a trusted source. • Increased outsourcing - large amounts of sensitive data, including customer and employee personal information, are being shared with outside vendors. • Rise in super-portable data - reports on loss of usb devices, laptops, portable data holding between 2GB to 500GB • Complacency - increase awareness through training, seminars and other staff briefs to follow security policies 8 Wednesday, 30 March 2011
  • 11. Spam/Threat? 10 Wednesday, 30 March 2011
  • 12. Spam/Threat? 11 Wednesday, 30 March 2011
  • 13. Spam/Threat? 12 Wednesday, 30 March 2011
  • 14. Spam/Threat? 13 Wednesday, 30 March 2011
  • 15. eCommerce Security and Conveying Trustworthiness • Digital Certificates - are encrypted credentials that verify the user's identity for online transactions • Transactions support (paypal, sage, visa) • Privacy in Transactions - TRUSTe Steal • eCommerce Reliability - deliver on promise! 14 Wednesday, 30 March 2011
  • 16. Tips for safe shopping • Buy from a reputable company • Do they have a real-world presence? Can you see their address and phone number? • Is their website secure? Look for ‘https://’ and the padlock (before giving any payment details, credit card, or personal information • Do they have clear privacy and returns policies? • Not convinced? Search for the company on the internet and check their reputation. Call them! • When it comes to handing over your money, choose a safe journey such as PayPal or a credit/debit card. 15 Wednesday, 30 March 2011
  • 17. Tips for safe shopping • Conmen are very good at persuading you to do what they want • Learn to spot the telltale signs • They will promise huge rewards: lottery wins, lost inheritances etc. • A false sense of urgency • Odd, superfluous details • Requests for upfront payments or private information 16 Wednesday, 30 March 2011
  • 18. Safe browsing Tools http://www.german-websecurity.com/en/ http://asafesite.com/home/ 17 Wednesday, 30 March 2011
  • 20. Activity 1 Select at least three eCommerce sites 2 Perform the following checks: • Digital Certificates • SSL • Privacy in Transactions 3 Report back the results in your Research File 19 23 Dec, 2010 Wednesday, 30 March 2011
  • 21. Security Basics Top security Threats Spams/Threats? Quick discussion eCommerce Security and Conveying Trustworthiness Safe shopping Q/A 20 Wednesday, 30 March 2011
  • 22. Q/A 21 Wednesday, 30 March 2011