of 26
8/20/2019 Haris and Todaro
1/65
Copyright © 2009 PearsonCopyright © 2009 Pearson Education, Inc. Slide 5-1
E-commerce
Kenneth C. Laudon
Carol Guercio Traver
business. technology. society.
Fifth Edition
8/20/2019 Haris and Todaro
2/65
Copyright © 2009 PearsonCopyright © 2009 Pearson Education, Inc. Slide 5-2
Chapter 5
Online Security and Payment
Systems
8/20/2019 Haris and Todaro
3/65
Copyright © 2009 Pearson
Cyberwar Becomes a Reality
Class Discussion What is a DDoS attack? Why did it prove to be
so effective against Estonia?
What are botnets? Why are they used in DDoSattacks?
What percentage of computers belong tobotnets? What percentage of spam is sent by
botnets?
Can anything be done to stop DDoS attacks?
Slide 5-3
8/20/2019 Haris and Todaro
4/65
Copyright © 2009 Pearson
The E-commerce Security Environment
The Sco!e o" the #roblem Overall size of cybercrime unclear; amount of
losses significant but stable; individuals facene risks of fraud that may involve substantial
uninsured losses Symantec! Cybercrime on the rise from "##$
%C&! 'rocessed "##(###) %nternet crime complaints
"##$ CS% survey! *+, respondent firms detectedsecurity breach in last year
-nderground economy marketplace that offers salesof stolen information groing
Slide 5-$
8/20/2019 Haris and Todaro
5/65
Copyright © 2009 Pearson
Cate%ories o" &nternet Crime Com!laintsRe!orted to &C3
Slide 5-5
Figure 5.1, Page !
8/20/2019 Haris and Todaro
6/65
Copyright © 2009 Pearson
Ty!es o"
'ttac(s '%ainstCom!uter
Systems
Slide 5-)
Figure 5.", Page !#
8/20/2019 Haris and Todaro
7/65 Copyright © 2009 Pearson
*hat &s +ood E-commerce Security,
.o achieve highest degree of security /e technologies
Organizational policies and procedures
%ndustry standards and government las Other factors
.ime value of money
Cost of security vs0 potential loss
Security often breaks at eakest link
Slide 5-
8/20/2019 Haris and Todaro
8/65 Copyright © 2009 Pearson
The E-commerce Security EnvironmentFigure 5.#, Page !$
Slide 5-.
8/20/2019 Haris and Todaro
9/65 Copyright © 2009 Pearson
Customer and /erchant #ers!ectives on theDi""erent Dimensions o" E-commerce Security
Ta%le 5., Page !&
Slide 5-0
8/20/2019 Haris and Todaro
10/65 Copyright © 2009 Pearson
The Tension Between Security and
ther alues Security vs0 ease of use!
.he more security measures added( the more
difficult a site is to use( and the sloer it becomes
Security vs0 desire of individuals to act
anonymously
-se of technology by criminals to plan crimes orthreaten nation1state
Slide 5-1
8/20/2019 Haris and Todaro
11/65 Copyright © 2009 Pearson
Security Threats in the E-commerce
Environment .hree key points of vulnerability!
Client
Server
Communications pipeline
Slide 5-11
8/20/2019 Haris and Todaro
12/65 Copyright © 2009 Pearson
' Ty!ical
E-commerceTransactionFigure 5.5, Page $'
Slide 5-12
SO()C*+ oncella, '''.
8/20/2019 Haris and Todaro
13/65 Copyright © 2009 Pearson
ulnerable #oints in an E-commerce
EnvironmentFigure 5.!, Page $1
Slide 5-13
SO()C*+ oncella, '''.
8/20/2019 Haris and Todaro
14/65 Copyright © 2009 Pearson
/ost Common Security Threats in
the E-commerce Environment 2alicious code 3viruses( orms( .ro4ans5
-nanted programs 3spyare( broser parasites5
'hishing6identity theft
7acking and cybervandalism
Credit card fraud6theft
Spoofing 3pharming56spam 34unk5 Web sites
DoS and DDoS attacks Sniffing
%nsider attacks
'oorly designed server and client softare
Slide 5-1$
8/20/2019 Haris and Todaro
15/65 Copyright © 2009 Pearson
/alicious Code
8iruses! 9eplicate and spread to other files; most deliver
:payload 3destructive or benign5 2acro viruses( file1infecting viruses( script viruses
Worms! Designed to spread from computer to computer
.ro4an horse! ots! Covertly installed on computer; respond to e=ternal
commands sent by attacker
Slide 5-15
8/20/2019 Haris and Todaro
16/65 Copyright © 2009 Pearson
4nwanted #ro%rams
%nstalled ithout users informed consent
>roser parasites
Can monitor and change settings of a users broser
8/20/2019 Haris and Todaro
17/65 Copyright © 2009 Pearson
#hishin% and &dentity The"t
8/20/2019 Haris and Todaro
18/65 Copyright © 2009 Pearson
ac(in% and Cybervandalism
7acker! %ndividual ho intends to gain unauthorized access to
computer systems
Cracker! 7acker ith criminal intent
Cybervandalism! %ntentionally disrupting( defacing( destroying Web site
.ypes of hackers White hats >lack hats Arey hats
Slide 5-1.
8/20/2019 Haris and Todaro
19/65
Copyright © 2009 Pearson
Credit Card 6raud
Bear of stolen credit card information detersonline purchases
7ackers target credit card files and other
customer information files on merchant servers;use stolen data to establish credit under false
identity
Online companies at higher risk than offline
%n development! /e identity verification
mechanisms
Slide 5-10
8/20/2019 Haris and Todaro
20/65
Copyright © 2009 Pearson
S!oo"in% 7#harmin%8 and S!am
79un(8 *eb Sites Spoofing 3'harming5
2isrepresenting oneself by using fake e1mail
addresses or masuerading as someone else .hreatens integrity of site; authenticity
Spam 3unk5 Web sites
-se domain names similar to legitimate one( redirecttraffic to spammer1redirection domains
Slide 5-2
8/20/2019 Haris and Todaro
21/65
Copyright © 2009 Pearson
DoS and DDoS 'ttac(s
Denial of service 3DoS5 attack
7ackers flood Web site ith useless traffic to
inundate and overhelm netork
Distributed denial of service 3DDoS5 attack
7ackers use multiple computers to attack target
netork from numerous launch points
Slide 5-21
8/20/2019 Haris and Todaro
22/65
Copyright © 2009 Pearson
ther Security Threats
Sniffing! Eavesdropping program that monitors information
traveling over a netork; enables hackers to steal
proprietary information from anyhere on a netork
%nsider 4obs
Single largest financial threat
'oorly designed server and client softare
%ncrease in comple=ity of softare programs has
contributed to increase in vulnerabilities that hackers
can e=ploit
Slide 5-22
8/20/2019 Haris and Todaro
23/65
Copyright © 2009 Pearson
Technolo%y Solutions
'rotecting %nternet communications3encryption5
Securing channels of communication 3SS(
S17..'( 8'/s5 'rotecting netorks 3firealls5
'rotecting servers and clients
Slide 5-23
8/20/2019 Haris and Todaro
24/65
Copyright © 2009 Pearson
Tools
'vailable to 'chieve SiteSecurity Figure 5.-, Page
Slide 5-2$
8/20/2019 Haris and Todaro
25/65
Copyright © 2009 Pearson
#rotectin% &nternet Communications
Encry!tion Encryption
.ransforming plain te=t( data into cipher te=t that cantbe read by anyone other than sender and receiver
Secures stored information and informationtransmission
'rovides!
2essage integrity/onrepudiation
8/20/2019 Haris and Todaro
26/65
Copyright © 2009 Pearson
Symmetric :ey Encry!tion
oth sender and receiver use same digital key
to encrypt and decrypt message
9euires different set of keys for eachtransaction
8/20/2019 Haris and Todaro
27/65
Copyright © 2009 Pearson
#ublic :ey Encry!tion
-ses to mathematically related digital keys 'ublic key 3idely disseminated5
'rivate key 3kept secret by oner5
>oth keys used to encrypt and decrypt message
Once key used to encrypt message( same keycannot be used to decrypt message
Sender uses recipients public key to encryptmessage; recipient uses his6her private key todecrypt it
Slide 5-2
8/20/2019 Haris and Todaro
28/65
Copyright © 2009 Pearson
#ublic :ey Cry!to%ra!hy ; ' Sim!le CaseFigure 5.1', Page &"
Slide 5-2.
8/20/2019 Haris and Todaro
29/65
Copyright © 2009 Pearson
#ublic :ey Encry!tion usin% Di%ital
Si%natures and ash Di%ests 7ash function!
2athematical algorithm that produces fi=ed1length
number called message or hash digest
7ash digest of message sent to recipient along
ith message to verify integrity
7ash digest and message encrypted ith
recipients public key Entire cipher te=t then encrypted ith recipients
private key @ creating digital signature @ for
authenticity( nonrepudiation
Slide 5-20
8/20/2019 Haris and Todaro
30/65
Copyright © 2009 Pearson
#ublic :ey Cry!to%ra!hy with Di%ital Si%naturesFigure 5.11, Page &&
Slide 5-3
8/20/2019 Haris and Todaro
31/65
Copyright © 2009 Pearson
Di%ital Envelo!es
8/20/2019 Haris and Todaro
32/65
Copyright © 2009 Pearson
#ublic :ey Cry!to%ra!hy Creatin% a Di%italEnvelo!e
Figure 5.1, Page -'
Slide 5-32
8/20/2019 Haris and Todaro
33/65
Copyright © 2009 Pearson
Di%ital Certi"icates and #ublic :ey
&n"rastructure 7#:&8 Digital certificate includes!
/ame of sub4ect6company Sub4ects public key
Digital certificate serial number E=piration date( issuance date Digital signature of certification authority 3trusted
third party institution5 that issues certificate
Other identifying information
'ublic Jey %nfrastructure 3'J%5! C
8/20/2019 Haris and Todaro
34/65
Copyright © 2009 Pearson
Di%ital Certi"icates and Certi"ication 'uthoritiesFigure 5.1", Page -1
Slide 5-3$
8/20/2019 Haris and Todaro
35/65
Copyright © 2009 Pearson
8/20/2019 Haris and Todaro
36/65
Copyright © 2009 Pearson
Insight on Society
&n #ursuit o" E-mail #rivacy Class Discussion
What are some of the current risks and problems
ith using e1mail?
What are some of the technology solutions that have
been developed?
8/20/2019 Haris and Todaro
37/65
Copyright © 2009 Pearson
Securin% Channels o" Communication
Secure Sockets ayer 3SS5! Establishes a secure( negotiated client1server
session in hich -9 of reuested document(along ith contents( is encrypted
S17..'! 'rovides a secure message1oriented
communications protocol designed for use incon4unction ith 7..'
8irtual 'rivate /etork 38'/5!
8/20/2019 Haris and Todaro
38/65
Copyright © 2009 Pearson
Secure =e%otiated Sessions 4sin% SS<Figure 5.1#, Page -5
Slide 5-3.
8/20/2019 Haris and Todaro
39/65
Copyright © 2009 Pearson
#rotectin% =etwor(s
Bireall 7ardare or softare that filters packets
'revents some packets from entering the netorkbased on security policy
.o main methods!
'acket filters
8/20/2019 Haris and Todaro
40/65
Copyright © 2009 Pearson
6irewalls and #ro>y ServersFigure 5.15, Page -&
Slide 5-$
8/20/2019 Haris and Todaro
41/65
Copyright © 2009 Pearson
#rotectin% Servers and Clients
Operating system controls!
8/20/2019 Haris and Todaro
42/65
Copyright © 2009 Pearson
/ana%ement #olicies? Business
#rocedures? and #ublic
8/20/2019 Haris and Todaro
43/65
Copyright © 2009 Pearson
' Security #lan /ana%ement #olicies
9isk assessment Security policy
%mplementation plan
Security organization
8/20/2019 Haris and Todaro
44/65
Copyright © 2009 Pearson
Develo!in% an E-commerce Security #lanFigure 5.1!, Page "''
Slide 5-$$
8/20/2019 Haris and Todaro
45/65
Copyright © 2009 Pearson
Insight on Technology
Securin% @our &n"ormationCleversa"e i!!ie Stora%e
Class Discussion
What is OCJSS? What are the advantagesand disadvantages to OCJSS?
7o is Cleversafes storage method
different? 7o does it ork?
Why is it accurate to say that Cleversafes
method is :green or :hippie storage?
Slide 5-$5
8/20/2019 Haris and Todaro
46/65
Copyright © 2009 Pearson
The Role o"
8/20/2019 Haris and Todaro
47/65
Copyright © 2009 Pearson
Ty!es o" #ayment Systems
Cash
Checking .ransfer
Credit Card
Stored 8alue
alance
Slide 5-$
8/20/2019 Haris and Todaro
48/65
Copyright © 2009 Pearson
Cash
egal tender 2ost common form of payment in terms of
number of transactions
%nstantly convertible into other forms of valueithout intermediation
'ortable( reuires no authentication
:Bree 3no transaction fee5( anonymous( lo
cognitive demands imitations! easily stolen( limited to smaller
transaction( does not provide any float
Slide 5-$.
8/20/2019 Haris and Todaro
49/65
Copyright © 2009 Pearson
Chec(in% Trans"er
Bunds transferred directly via signed draft6check from aconsumers checking account to merchant6 other
individual
2ost common form of payment in terms of amount spent
Can be used for small and large transactions
Some float
/ot anonymous( reuires third1party intervention 3banks5
%ntroduces security risks for merchants 3forgeries(stopped payments5( so authentication typically reuired
Slide 5-$0
8/20/2019 Haris and Todaro
50/65
Copyright © 2009 Pearson
Credit Card
9epresents account that e=tends credit toconsumers; allos consumers to makepayments to multiple vendors at one time
Credit card associations!
/onprofit associations 38isa( 2asterCard5 that setstandards for issuing banks
%ssuing banks!
%ssue cards and process transactions 'rocessing centers 3clearinghouses5!
7andle verification of accounts and balances
Slide 5-5
8/20/2019 Haris and Todaro
51/65
Copyright © 2009 Pearson
Stored alue
8/20/2019 Haris and Todaro
52/65
Copyright © 2009 Pearson
'ccumulatin% Balance
8/20/2019 Haris and Todaro
53/65
Copyright © 2009 Pearson
Dimensions o" #ayment Systems Ta%le 5.!, Page "'-
Slide 5-53
8/20/2019 Haris and Todaro
54/65
Copyright © 2009 Pearson
E-commerce #ayment Systems
Credit cards are dominant form of onlinepayment( accounting for around +#, of online
payments in "##G
Other e1commerce payment systems! Digital allets
Digital cash
Online stored value payment systems
Digital accumulating balance systems
Digital checking
Slide 5-5$
8/20/2019 Haris and Todaro
55/65
Copyright © 2009 Pearson
ow an nline Credit Transaction *or(sFigure 5.1&, Page "1
Slide 5-55
8/20/2019 Haris and Todaro
56/65
Copyright © 2009 Pearson
8/20/2019 Haris and Todaro
57/65
Copyright © 2009 Pearson
Di%ital *allets
Seeks to emulate the functionality oftraditional allet
2ost important functions!
8/20/2019 Haris and Todaro
58/65
Copyright © 2009 Pearson
Di%ital Cash
One of the first forms of alternative paymentsystems
/ot really :cash
Borm of value storage and value e=change usingtokens that has limited convertibility into other
forms of value( and reuires intermediaries to
convert
2ost early e=amples have disappeared;protocols and practices too comple=
Slide 5-5.
8/20/2019 Haris and Todaro
59/65
Copyright © 2009 Pearson
nline Stored alue Systems
'ermit consumers to make instant( onlinepayments to merchants and other individuals
>ased on value stored in a consumers bank(checking( or credit card account
'ay'al most successful system
Smart cards
Contact smart cards! 9euire physical reader
2onde=
Contactless smart cards! -se 9B%D
EK'ass
Octopus
Slide 5-50
8/20/2019 Haris and Todaro
60/65
Copyright © 2009 Pearson
Di%ital 'ccumulatin% Balance#ayment Systems
8/20/2019 Haris and Todaro
61/65
Copyright © 2009 Pearson
Di%ital Chec(in% #ayment Systems
E=tends functionality of e=isting checkingaccounts for use as online shopping payment
tool
E=ample! 'ay>yCheck
Slide 5-)1
8/20/2019 Haris and Todaro
62/65
Copyright © 2009 Pearson
*ireless #ayment Systems
-se of mobile handsets as payment devicesell1established in Europe( apan( South Jorea
apanese mobile payment systems
E1money 3stored value5 2obile debit cards
2obile credit cards
/ot as ell established yet in -0S( but ithgroth in Wi1Bi and &A cellular phone systems(
this is beginning to change
Slide 5-)2
8/20/2019 Haris and Todaro
63/65
Copyright © 2009 Pearson
Insight on Business
/obile #aymentAs 6uture
*ave!ayme? Te>t!ayme+rou! Discussion
What technologies make mobile payment more
feasible no than in the past? Describe some ne e=periments that are
helping to develop mobile payment systems0
7o has 'ay'al responded? Why havent mobile payment systems gron
faster? What factors ill spur their groth?
Slide 5-)3
8/20/2019 Haris and Todaro
64/65
Copyright © 2009 Pearson
Electronic Billin% #resentment and#ayment 7EB##8
Online payment systems for monthly bills
I#, of households in "##G used some E>'';e=pected to gro to $I, by "#F"
.o competing E>'' business models!
>iller1direct! Dominant model
Consolidator! .hird party aggregates consumers bills >oth models are supported by E>''
infrastructure providers
Slide 5-)$
8/20/2019 Haris and Todaro
65/65