Post on 15-Apr-2017
transcript
E-Commerce Security for Users
M. Faisal NaqviResearch Consultant (Technical),
ECAC
Who is the User?Stakeholders/Major Players:• Customer• Merchant• Bank• Certification Authority (CA)• Government
Preventive Measures against Password Theft• Password/Pin should include:
– Capital letters– Small letters– Numbers– And special characters
• Password/Pin shouldn’t include:– User Name– Country / City Name etc.– Date/year of birth– Digits of Phone No.– Dictionary Words
• To avoid:– Brute Force Attack– Dictionary Attack
• Shouldn’t be written• Should be different for different accounts
Preventive Measures against Password Theft
Password Protection from:• Shoulder Surfing• Video Recording• Spy ware/Key Loggers• Viruses/Trojan Horses
Two-factor authentication:• Smart Card• Biometric Devices
Preventive Measures against Phishing Attack
• Always Look for your e-mail address in “to:” / “CC:” field
• If info@pepsi.com is written in From field even than its not confirmed that the mail is from Pepsi
• www.SendFakeMail.com• Never disclose your Account/Credit Card Information
through e-mail / Phone• Don’t open/download any file from unknown sender
Tracing the source of an Email
Tracing the source of an Email
E-Mail Security• Confidentiality, Integrity, Authenticity and non-
repudiation• Obtain Digital Certificate from CA (e.g. NIFT)• Install / import your own certificate in E-mail software
(e.g. Outlook).• Associate certificates of other persons with their e-
mail addresses in address book• If you receive digitally signed mail from any contact
the certificate will automatically be associated with that address (in advanced versions of software)
Preventive Measures against Credit Card Info. Theft
• Be careful “amazon.com” and “amaz0n.com” are not same
• “amazon.com/securepayment/ws” and “amazon.com.securepayment.ws” are not same
• In both of above cases 2nd one is fraudulent• Provide Account/Credit Card Info only to secure web
sites• Always pay attention to warnings/information given by
the Browser• Always look for Yellow Lock• Never disclose secret information without Yellow Lock
Private Key Protection• Private key’s Password Protection• Two factor Authentication e.g.:
– Private Key on Smart Card– Private Key on USB Device / Token– Never save the password– Because Private Key is your DIGITAL SIGNATURE– DIGITAL SIGNATURE = Hand written signature + Thumb
Impression + Witnesses
General Recommendations
• Don’t visit websites of illegal software / cracks etc.• Don’t use Cracked / Illegally patched software• Enable Firewall during internet• Don’t accept social engineering
?
ThankYou