2. Who is the User?
Stakeholders/Major Players:
• Customer
• Merchant
• Bank
• Certification Authority (CA)
• Government
3. Preventive Measures against Password Theft
• Password/Pin should include:
– Capital letters
– Small letters
– Numbers
– And special characters
• Password/Pin shouldn’t include:
– User Name
– Country / City Name etc.
– Date/year of birth
– Digits of Phone No.
– Dictionary Words
• To avoid:
– Brute Force Attack
– Dictionary Attack
• Shouldn’t be written
• Should be different for different accounts
5. Preventive Measures against Phishing Attack
• Always Look for your e-mail address in “to:” / “CC:”
field
• If info@pepsi.com is written in From field even than its
not confirmed that the mail is from Pepsi
• www.SendFakeMail.com
• Never disclose your Account/Credit Card Information
through e-mail / Phone
• Don’t open/download any file from unknown sender
8. E-Mail Security
• Confidentiality, Integrity, Authenticity and non-
repudiation
• Obtain Digital Certificate from CA (e.g. NIFT)
• Install / import your own certificate in E-mail software
(e.g. Outlook).
• Associate certificates of other persons with their e-
mail addresses in address book
• If you receive digitally signed mail from any contact
the certificate will automatically be associated with
that address (in advanced versions of software)
9. Preventive Measures against Credit Card Info. Theft
• Be careful “amazon.com” and “amaz0n.com” are not
same
• “amazon.com/securepayment/ws” and
“amazon.com.securepayment.ws” are not same
• In both of above cases 2nd
one is fraudulent
• Provide Account/Credit Card Info only to secure web
sites
• Always pay attention to warnings/information given by
the Browser
• Always look for Yellow Lock
• Never disclose secret information without Yellow Lock
10. Private Key Protection
• Private key’s Password Protection
• Two factor Authentication e.g.:
– Private Key on Smart Card
– Private Key on USB Device / Token
– Never save the password
– Because Private Key is your DIGITAL SIGNATURE
– DIGITAL SIGNATURE = Hand written signature + Thumb
Impression + Witnesses
11. General Recommendations
• Don’t visit websites of illegal software / cracks etc.
• Don’t use Cracked / Illegally patched software
• Enable Firewall during internet
• Don’t accept social engineering