UNIT III

E-Security: Information system Security

Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised.
Following are the essential requirements for safe e-payments/transactions −
 Confidentiality − Information should not be accessible to an unauthorized
person. It should not be intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over
the network.
 Availability − Information should be available wherever and whenever
required within a time limit specified.
 Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
 Non-Repudiability − It is the protection against the denial of order or
denial of payment. Once a sender sends a message, the sender should not
be able to deny sending the message. Similarly, the recipient of message
should not be able to deny the receipt.
 Encryption − Information should be encrypted and decrypted only by an
authorized user.
 Auditability − Data should be recorded in such a way that it can be audited
for integrity requirements.

Measures to ensure Security

Major security measures are following −

 Encryption − It is a very effective and practical way to safeguard the data
being transmitted over the network. Sender of the information encrypts the
data using a secret code and only the specified receiver can decrypt the data
using the same or a different secret code.
 Digital Signature − Digital signature ensures the authenticity of the
information. A digital signature is an e-signature authenticated through
encryption and password.
 Security Certificates − Security certificate is a unique digital id used to
verify the identity of an individual website or user.

Security Protocols in Internet

We will discuss here some of the popular protocols used over the internet to
ensure secured online transactions.

Secure Socket Layer (SSL)

It is the most commonly used protocol and is widely used across the industry. It
meets following security requirements −
 Authentication
 Encryption
 Integrity
 Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used
for HTTP urls without SSL.

Secure Hypertext Transfer Protocol (SHTTP)

SHTTP extends the HTTP internet protocol with public key encryption,
authentication, and digital signature over the internet. Secure HTTP supports
multiple security mechanism, providing security to the end-users. SHTTP works
by negotiating encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration.
Theoretically, it is the best security protocol. It has the following components −
 Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.
 Merchant Software − This software helps merchants to communicate with
potential customers and financial institutions in a secure manner.
 Payment Gateway Server Software − Payment gateway provides
automatic and standard payment process. It supports the process for
merchant's certificate request.
 Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and
to enable them to register their account agreements for secure electronic
commerce.
Security on the Internet

E-commerce is all about selling or buying goods and services from Internet and
paying through this medium. This transaction happens between clients to
business, B2B, client to client and as in between there is money transaction we
should be cautious when using and also while setting up e-commerce sites.

Top e-Commerce Platforms

Here is a list of some well-known e-Commerce platforms and how their security
configuration works.
Magento
You can get further details of this platform on the following link
– https://magento.com
This platform is one of the best as it is developed by eBay and it can be easily
get integrated with a PayPal gateway. It has both free and paid versions to
choose from. The vulnerabilities are patched too fast.

1. Online Security
There is a whole range of security threats out there to beware of, including

malware, phishing attacks, hacking and spam mail.

To defend against these threats, make sure that you update your platform’s

operating system regularly, and use a strong SSL (Secure Sockets Layer).

2. System Reliability
The Internet service provider (ISP) server could crash, your online payment

system could show errors and the ecommerce plugin could have bugs.

Except keeping all operating systems and APIs updated, these are just some

things that may happen outside of our control.

3. Privacy Issues
Customers’ personal data could be compromised and used for spamming,

identity theft and unsolicited marketing.

In addition to the online security measures previously mentioned, make sure to

require customers to use strong passwords.

4. Customer Disputes
A customer might not have received their order, their credit card was charged

twice, or the product their received didn’t fit the online description.

Whether the customer is right or not, it’s important to always have great

customer service and to rectify all possible mistakes that were made.

5. Credit Card Fraud

Someone could use a stolen credit card to make an online purchase, or a hacker

could use stolen credit data from other customers in your system.

No matter how good your online security measures are, always watch out for

any suspicious transactions.

6. Intellectual Property Issues

Your website images, product descriptions, logos, videos, music, as well as your

products, could be copied by others, or violate someone else’s intellectual

property.
7. SEO
Google or other platforms could do a complete makeover of their algorithm at

any time, and make your website traffic drop significantly overnight.

8. Taxation
You might not be including the appropriate sales tax in your sales, or you are

not paying fair shipping and/or import taxes depending on your shipping

destination.

9. Return of Goods and Warranty

Common headaches when dealing with product returns: Increase in supply

chain costs and not being able to resell the items at their original price.

10. Warehousing and Logistics Issues

You could run out of stocks while orders are coming in, a product shipment

might be delayed, or a parcel could be delivered to the wrong recipient.

E-business Risk Management Issues –

It also has a vast variety of plugins and customization options. It has SaaS
solutions: Elastic scalability, high resilience and availability, PCI compliance,
global availability and automated patching, while still maintaining flexibility in
software customization that our merchants require.
Shopify
You can get further details of this platform on the following link
– https://www.shopify.com
So if you’re trying to design the checkout page to be exactly how you want,
Shopify is probably not for you. In fact, none of the hosted solutions will offer
customizable checkout process, so you can jump the Self-Hosted section right
away. Shopify has many apps that you can download and install on your store,
which further extend the default or introduce new functionalities.
WooCommerce
You can get further details of this platform on the following link
– https://wordpress.org/plugins/woocommerce/
WooCommerce is a free e-commerce plugin that allows you to sell anything and
very practically. Built to integrate seamlessly with WordPress, WooCommerce
is the world’s favorite e-commerce solution that gives both store owners and
developers complete control owing to the use of WordPress templates.
With endless flexibility and access to hundreds of free and premium WordPress
extensions, WooCommerce now powers 30% of all online stores – more than
any other platform.

Bigcommerce
You can get further details of this platform on the following link
– https://www.bigcommerce.com
It has over 115 e-commerce templates, unlimited product uploads and a mobile
view as well. It effects integration with Amazon and eBay, and it also can be
integrated with most of the payment gateways. From the security point of view,
it is very secure because it is PCI compliant.

How to Buy in a Secure Way?

As you know, in order to navigate and purchase goods, services online the
retails should always be authenticated through Digital certificates, from the
security point of view this parameter is not negotiable.

Some of the secure online stores which have multi-seller platforms are −
 Amazon.com
 Ebay.com
 Aliexpress.com
It is important to mention that in these platforms there are scammers too. So in
this case before buying from any seller you should see the reviews from the
other buyers and what is their reputation, which are generally marked by stars.

Setup a Secure Online Shop

In order to be reliable from the customer’s point of view, it is mandatory that

your ecommence site has to be compliant with the PCI standards. These
standards are proprietary information standard for sites that handles payment
online and uses credit cards like Visa, MasterCard, American Express,
Discover, JCB and others.
information Technology Act, 2000

(i) The act regulates use of computers, computer systems, computer networks
and also data and information in electronic format.

(ii) The act lists down among other things, following as offences:

Tampering with computer source documents.

Hacking with computer system

Act of cyber terrorism i.e. accessing a protected system with the intention of
threatening the unity, integrity, sovereignty or security of country.

Cheating using computer resource etc.

Strategies under National Cyber Policy, 2013

Creating a secure cyber ecosystem.

Online Piracy

This is a great challenge that plagues online businesses.

It's when an unauthorized party takes ownership of electronic intellectual

property.

This may happen out of ignorance of the law. In other cases, it may accidentally
happen.

Just take a look at the common violations:

❌ Imitative Logos. Your logo is an essential part of your branding. It's

designed to represent your business to your target audience. To spend less,
others copy an already existing design.

❌ Plagiarized Content. For starting businesses, they might not have enough

budget for content marketing. They may copy blog posts, newsletters, product
descriptions, captions, etc.
❌ Image And Video Theft. High-quality photos are a must for an excellent
website. Copyrighted videos are also important for advertising. These marketing
tools can be expensive. Some people think it's better to steal them for their own
website.

The very nature of stealing can lead to lawsuits. Or worse, your website is
bound for suspension and poor SERPs ranking.

So, what is the best course of action you can do?

Be original!

Create your own content. Hire content writers, photographers, and other content
creators to create something new for you.

Of course, it doesn't hurt to document all of your transactions to show you are
the authorized organization.

You can also leverage Debutify's Shop Protectors. The Add-On Shop Protect
secures your product description, images, articles, and other content from
thieves.

When we talk about electronic commerce, we need to consider customer data.

That leads us to...

2. Vulnerable Data Lakes

A data lake is a storage of a large amount of raw data.

It may sound like a good thing. But don't be fooled!

Data lakes are like hoarding data subjects hoping they may be useful someday.

And they are prone to security breaches.

Here's more. The log data can slow down your system. And you won't even be
able to keep track of all of them.

Plus, they are unethical and bordering on illegal.

You see, storing identifiable personal details of users is illegal. It's a matter of
privacy concerns for the General Data Protection Regulation (GDPR).

You could get fines!

Sadly, many organizations hold heaps of users' personal details for profit. They
are endangering the privacy of their customers, which can create a huge
problem for the business itself.

Scared of your surfing history being tracked?

Well, it's possible with...

3. Web Tracking

Online companies track individuals' movement on their web activities with log
files.

They will use the data for installing software that can pluck relevant information
from files in-house.
The tracking software and the special files called cookies can monitor your
customer's stored tracking history.

What does that mean for customer privacy?

The computer will know everything about your visitation to web pages and
history.

In fact, a certain data miner application combines the internet browsing history
of your users.

Thankfully, many smart end-users install an application service to control

cookies.

To combat web trackers, computer end-users can also protect their data by
erasing browser cache and cookies.

There are also specially designed programs that combat other malicious
programs.

Another issue you need to keep an eye on?

Some eCommerce businesses also need to be aware of electronic deception

with their electronic payment systems. Your customer's identity on your
electronic payment system should be of utmost confidentiality.

But it's not just the customers that are in peril.

Data protection also covers your employees.

Let me explain.

Some companies install monitoring systems to identify employees who do non-

business activities during business hours. It can monitor e-mail and other
activities.

A lot of workers find this inappropriate and unethical.

With an online medium, there's also the downfall of...

 4. Cyber-Squatting

This refers to registering an existing domain name with the intent of selling it
for a higher price.
The people who do this are called cyber squatters. They usually target well-
known organizations.

The person or firm registers and purchases an organization's domain. Then, they
will extort the original trademark's owner. The payment occurs when they get
the price they ask for.

To protect your business, you can leverage authentication and non-repudiation.

Unlike physical stores, you have to worry about...

5. Web Spoofing

This electronic deception relates to an attacker creating a fake website. They

will make it look like the original website to bait customers for their credit card
details.

With a fake website, they can reveal the credit card numbers of your customers.
They can also gain access to personal details belonging to customers, such as
bank account details.

For instance, the bogus website can be called amaz0n.com. They use the

number "0" instead of the letter "O".

Unsuspecting visitors will enter their information unknowingly.

Let's go to the topic of digital telecommunications for a bit...

6. Email Spamming

Spamming means when attackers send users a bogus email that contains viruses
or malware. Malicious programs delivered quietly can steal information on your
computer.

It can also include clickable links that defraud them. This activity is
called phishing.

Others also broadcast unwanted advertisements to customers.

As an eCommerce business, you gather customer emails so you can keep in
touch with them. They also have the option to opt-in to your subscription.

To continue building on their trust, do not "spam" your subscribers with a

heaping amount of emails. Find a good balance for you to not look "spammy."

Or else, you'll end up in their spam folder forever.

You might think that you can patch all the holes in your business.

But the next one is tricky...

7. Counterfeit Products

You try your hardest to give the best quality products to your customers.

So be vigilant!

Let me give you a better idea...

When you are an online retailer or use third-party suppliers, you may be open to
this risk.

You don't necessarily know where your product will be coming from. You can
become a victim of fake products.

To prevent this, you can...

 Personally check your products. Buy a few of your products to check

their quality.

 Verify with your manufacturer. Ask for the product's serial number and
visual identifiers.

 Work with trustworthy suppliers. Check with legit organizations such

as Better Business Bureau. Talk with other retailers about their
experiences.

The next one may seem impossible, but it happens...

 
8. Unreliable Customer Service

When customers have issues or questions about your product or service, they
will contact you.

And as a standup business, you commit yourself to providing the best customer
service.

Unethical businesses, however, do the opposite. They may decline to answer

emails or any other communication efforts.

With their refusal, they hope that the customer will just give up on their issue.

That means it will be too late for them to request a chargeback from their credit
card company.

Isn't that the most dishonest thing you've ever heard?

All of these issues sound bleak.

But to be a dependable business, consider the next section...

Ethical Benchmarks Your eCommerce Brand Needs To Follow

To have a more ethical approach to your operations, take a look at these ethical
guidelines to boost customer trust:
  Transparency. With transparency, you let your customers know what
data you are collecting and what you will use it for. Display your data
policy to be more trustworthy.

 Integrity. Your foundation should have clear policies and guidelines for

you to follow. That way, you can rightly manage any wrong behavior.

 Trustworthiness. Fulfill all your promises and commitments to your

customers.

 Respect. Value your customers' rights and privacy. Protect their

information to the standard of your country's laws.

Cyber Stalking
In Cyber Stalking, a cyber criminal uses the internet to consistently threaten
somebody. This crime is often perpetrated through email, social media, and the
other online medium. Cyber Stalking can even occur in conjunction with the
additional ancient type of stalking, wherever the bad person harasses the
victim offline.
There’s no unified legal approach to cyber Stalking, however, several
governments have moved toward creating these practices punishable by law.
Social media, blogs, image sharing sites and lots of different ordinarily used
online sharing activities offer cyber Stalkers with a wealth of data that helps
them arrange their harassment. It includes actions like false accusations, fraud,
information destruction, threats to life and manipulation through threats of
exposure. It has stalkers take the assistance of e-mails and other forms of
message applications, messages announce to an online website or a discussion
cluster, typically even the social media to send unwanted messages, and harass
a specific person with unwanted attention. Cyber Stalking is typically cited as
internet stalking, e-stalking or online stalking.
Types of Cyber Stalking:
 Webcam Hijacking:
Internet stalkers would attempt to trick you into downloading and putting in
a malware-infected file that may grant them access to your webcam. the
method is therefore sneaky that it’s probably you wouldn’t suspect anything
strange.
 Observing location check-ins on social media:
In case you’re adding location check-ins to your Facebook posts, you’re
making it overly simple for an internet stalker to follow you by just looking
through your social media profiles.
 Catfishing:
Catfishing happens via social media sites, for example, Facebook, when
internet stalkers make counterfeit user-profiles and approach their victims as
a companion of a companion.
Protective Measures:
 Develop the habit of logging out of the PC when not in use.
 Remove any future events you’re close to attending from the social
networks if they’re recorded on online approaching events and calendars.
 Set strong and distinctive passwords for your online accounts.
 Cyber Stalkers can exploit the low security of public Wi-Fi networks to
snoop on your online activity. Therefore, avoid sending personal emails or
sharing your sensitive info when connected to an unsecured public Wi-Fi.
 Make use of the privacy settings provided by the social networking sites and
keep all info restricted to the nearest of friends.
 Do a daily search on the internet to search out what information is
accessible regarding you for the public to check.

What are the privacy issues in e-commerce?

Threats affecting an e-commerce site can compromise personal data from their
visitors. These can be accidental, intentional or due to human error. The most
typical security and privacy threats include phishing and social engineering,
personal or card data theft or misuse, malware, and hacking.

What is a phishing attack

Phishing is a type of social engineering attack often used to steal user data,

including login credentials and credit card numbers. It occurs when an attacker,
masquerading as a trusted entity, dupes a victim into opening an email, instant
message, or text message. The recipient is then tricked into clicking
a malicious link, which can lead to the installation of malware, the freezing of
the system as part of a ransomware attack or the revealing of sensitive
information.

An attack can have devastating results. For individuals, this includes

unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is often used to gain a foothold in corporate or

governmental networks as a part of a larger attack, such as an advanced
persistent threat (APT) event. In this latter scenario, employees
are compromised in order to bypass security perimeters, distribute malware
inside a closed environment, or gain privileged access to secured data.
 An organization succumbing to such an attack typically sustains severe financial
losses in addition to declining market share, reputation, and consumer trust.
Depending on scope, a phishing attempt might escalate into a security incident
from which a business will have a difficult time recovering.

Phishing attack examples

The following illustrates a common phishing scam attempt:

 A spoofed email ostensibly from myuniversity.edu is mass-distributed to as

many faculty members as possible.
 The email claims that the user’s password is about to expire. Instructions are
given to go to myuniversity.edu/renewal to renew their password within 24
hours.

6 Common Types of Ecommerce Fraud and How to Fight Them

Ecommerce fraud takes many forms, including account takeover fraud, friendly
fraud, card testing fraud, and more. To reduce the impact ecommerce fraud has
on your store, you need to understand the specific fraud type and source.

Quick Navigation

 What is ecommerce fraud?

 6 Common Types of Ecommerce Fraud
 How to Fight Back Against Ecommerce Fraud
 Some Future Trends in Ecommerce Fraud
 Defending Yourself Against Bad Actors
If you run an ecommerce store, you should be protecting your customers – and
your business – against potential ecommerce fraud. Recently, ecommerce fraud
has risen nearly twice as fast as ecommerce sales. More than ever, ecommerce
stores need to use fraud management systems that detect and protect against
fraud while helping you manage chargeback disputes.

It’s important to take these threats seriously by developing strategies to combat

and reduce the impact of fraud on your online store. To help, we’ve compiled a
list of the most common types of ecommerce fraud and tactics that you can
leverage to protect your ecommerce store from fraud. For convenience, we’ve
broken this article into the following sections. Feel free to jump to the one that’s
most useful to you:
  What is ecommerce fraud?
 6 common types of ecommerce fraud
 How to fight back against ecommerce fraud
 Some future trends in ecommerce fraud

With these fundamentals in mind, you can better identify and combat different
types of fraud that may affect your ecommerce business. Let’s get started.

What is ecommerce fraud?

Ecommerce fraud is any type of fraud that occurs on an ecommerce platform.

Using a stolen or fake credit card, using a false identity, and affiliate fraud
advertising are all forms of ecommerce fraud. When a customer engages in
fraud on your online store, you as a retailer absorb this cost, negatively affecting
your revenue.

As opposed to fraud in a brick-and-mortar location, online fraud can be

conducted with personal and credit card information and the card doesn’t need
to be present for the transaction. In some cases, hackers steal personal and
financial information and sell it on the black market. This type of criminal fraud
is more severe, but there are other types of customer fraud, such as friendly
fraud, where the customer intentionally files a chargeback to gain a free product
and avoid payment.

Part of why ecommerce fraud is so prevalent today is because prosecutions are

rare, due to time and resource constraints, the burdens of gathering evidence,
and more. This means ecommerce fraud prosecutions are rare, and it is best to
integrate a high-quality fraud detection and prevention management system to
eliminate fraud on your platform and reduce its impact on your revenue.

Ecommerce fraud is sophisticated and ever-evolving, as fraudsters leverage

more advanced tactics with every passing year. Malicious actors only need to be
right once, whereas you need to be right every time. Before we look at strategies
to combat fraud, let’s look at the most common types of fraud on an online
store.

6 Common Types of Ecommerce Fraud

The best way to combat fraud is to identify why fraud is occurring in the first
place, and then develop strategies to prevent and protect against these attacks, in
order to secure your ecommerce site. To start, you’ll want to identify the type of
fraud that is occurring on your platform, and then address it directly.

While there are countless schemes that fraudsters can use, we want to highlight
some of the most common types of ecommerce fraud. These strategies have
been used successfully against both small and large ecommerce websites.
Recognizing them now can help you avoid becoming a victim.

1. Card Testing Fraud

Card testing fraud (also known as card cracking) is a widespread tactic used to
defraud ecommerce businesses. In 2017, for instance, card testing fraud jumped
by more than 200 percent, accounting for 16 percent of all ecommerce fraud and
7 percent for larger ecommerce merchants.

Card testing fraud is when someone gains access to one or more stolen credit
card numbers, through theft or by purchasing card data on the dark web. Even
though they have the credit card numbers, they do not know (1) whether the
card numbers can be used to successfully complete a transaction or (2) the limit
associated with that credit card.

Fraudsters visit an ecommerce website, making small test purchases, often using
scripts or bots to test multiple credit card numbers quickly. These initial
purchases are extremely small, as the entire purpose is to see whether the credit
card can be used to complete transactions. Once they know that a credit card
number works, they will begin making much more expensive purchases.
Ultimately, the initial small purchase testing tactic often goes undiscovered.
Merchants and impacted customers tend to realize that they have been victims
of card testing fraud when larger purchases are made. By that point, they may
have been able to make several significant purchases using stolen credit card
information.

2. Friendly Fraud
Friendly fraud (also called chargeback fraud) is when someone purchases an
item or service online and then requests a chargeback from the payment
processor, claiming the transaction was invalid. The credit card companies or
bank returns the transaction value to the customer, which must still be paid by
the retailer.

In a chargeback fraud, an individual makes claims that appear to be believable

and honest, and in some cases, that individual may be right (hence, “friendly
fraud”). That said, friendly fraud can be used to receive items for free. For
instance, the fraudster may purchase an item from your online store and argue
that the item was never delivered, they may tell their credit card issuer that they
returned the item to the merchant, but that a refund was never processed, or they
can even say that they canceled the order, but it was still sent to them.

Whatever the case may be, chargeback fraud occurs when they contact their
credit card issuer to dispute a charge that they actually intended to make. Use
a chargeback management software tool that will reduce fraud loss and help you
manage disputes.

3. Refund Fraud
Refund fraud is when someone uses a stolen credit card to make a purchase on
an ecommerce website. The fraudster then contacts the ecommerce business and
requests a reimbursement due to an accidental overpayment. They request a
refund of the excess amount, but then state that the money will need to be sent
via an alternative method since their credit card is closed. Ultimately, this
means that the original credit card charge is not refunded and the ecommerce
business is responsible to the card owner for the full amount.

With refund fraud, the ecommerce merchant is stuck in the middle. The
fraudster may appear to be making a legitimate claim on the surface, but in
reality, they are trying to steal money from your business.

4. Account Takeover Fraud

Account takeover fraud occurs when someone gains access to a user’s account
on an ecommerce store or website. This can be achieved through a variety of
methods, including purchasing stolen password, security codes, or personal
information on the dark web or successfully implementing a phishing scheme
against a particular customer.

Once they have gained access to a user’s account, they can engage in fraudulent
activity. For instance, they can change the details of a user’s account, make
purchases on ecommerce stores, can withdraw funds, and can even gain access
to other accounts for this user.

Account takeover fraud is a serious form of identity theft, costing victims and
your reputation as a retailer. Customers that feel that their data may be
vulnerable on your website or ecommerce store are less likely to checkout and
will consider competitors that offer stronger security measures.

5. Interception Fraud
Interception fraud is when fraudsters place orders on your ecommerce website
where the billing address and shipping address match the information linked to
a stolen credit card. Once the order is placed, their goal is to intercept the
package and take the goods for themselves.

This can be done in several ways. First, they may ask a customer service
representative at your company to change the address on the order before it is
shipped. By doing this, they aim to receive the goods while the actual payment
is made by the victim. They may also contact the shipper (whether it is FedEx,
UPS, or another courier) to reroute the package to an address of their choosing.
If they live close to the victim, they may even wait for the physical delivery of
the package, sign for the package, and take it for themselves.

6. Triangulation Fraud
Triangulation fraud requires three different types of actors: the person doing the
fraud, a shopper, and an ecommerce store. The fraudster sets up a storefront (on
Amazon, Shopify or another platform) that sells high-demand goods at
competitive prices.

Setting up this storefront brings in a number of legitimate customers who are

looking to take advantage of an incredible bargain. Once these customers place
orders on the fraudster’s website, the fraudster uses stolen credit card numbers
to purchase legitimate goods from your ecommerce website, and then send
those goods to their customers.

While the customers of the fraudster’s store may be receiving real goods for an
unbelievable price, the victims are (1) those whose credit cards have been stolen
and (2) your ecommerce website. Your ecommerce store ships real items to the
fraudster after they use stolen credit card information to place these orders.
 Skimming goes digital
While attacks targeting ATMs have been around for virtually as long as the
ATMs themselves, security awareness and the capabilities of technology have
led to an evolution of these attacks from being predominantly physical to
increasingly digital in nature. The COVID pandemic—coupled with a steady
shift from in-store and card present (CP) transactions, to online and card-not-
present (CNP) transactions—has also required cybercriminals to change their
tactics. 
Financial institutions, retailers, and ATM manufacturers have found ways to
protect their assets against traditional physical attacks. While threat actors are
still interested in stealthy skimmers and shimmers—small, physical devices
that threat actors insert onto and into ATM card slots to swipe payment card
data and PIN codes—many are moving away from cash transactions and onto e-
skimming. 

What is e-skimming?
Also known as digital skimming, web skimming, online skimming, formjacking
malware, or a magecart attack, e-skimming is a major cybersecurity concern for
financial institutions and their vendors, including retailers, plus any other
company that processes payment information on their behalf, such as an
entertainment or travel company. 
E-skimmers drive customers to a domain controlled by a fraudster that looks
and feels like a legitimate checkout page, and then utilize e-skimming to steal
data during a purchase. The impact of an e-skimming attack includes the breach
of sensitive customer information, loss of profits due to a drop in customer trust,
and issues with regulator and privacy compliance that may affect your
organization’s ability to do business.
A digital version of shimmers and skimmers, e-skimmers are lines of malicious
code that a threat actor injects into a website, which steals data from HTML
fields, including credit card data and other credentials. 
How e-skimming code is introduced
Malicious e-skimming code can be introduced in several ways:
 Through the exploitation of a vulnerability in an ecommerce website’s
payment platform
 By using phishing emails to enter a victim’s network or a brute force attack
of administrative credentials 
 Attacking a third-party or supply chain entity and hiding skimming code
in the JavaScript that is loaded by the third-party onto the victim’s site 
 Cross-site scripting to discreetly redirect victims to a malicious domain that
can capture their PII during payment processing
Recommended reading: ‘Inside Magecart’ Exposes the Operation Behind the
Web’s Biggest E-Commerce Scourge

Creating a plan of action in the event of an e-skimming attack

Where there is payment information, there is the potential for an e-skimming
attack, and threat actors are always on the lookout for organizations with
vulnerabilities that they can target. 
E-Skimming Detection
There are several warning signs that your company may be getting attacked that
your security team should look for, including:
 Multiple customer complaints of fraudulent activity that is being traced back
to purchases from your site
 Edits to your JavaScript code that may indicate an unauthorized party has
been tampering with it
 Identification of a new domain that is not registered by your organization,
which signals that customers are potentially being redirected to a malicious
site

E-Skimming Response
If your organization falls victim to an e-skimming attack, it is important to have
a plan in place that lets your security teams take action swiftly and stop it from
furthering its damage. 
 Identify the source of the skimming code and use this information to
determine its access point (third-party, network, etc.)
 Save a copy of the malicious code or domain to give to law enforcement
 Change credentials that may have been stolen and exploited during the
attack
 Report the attack to law enforcement and the IC3 for documentation 

Minimizing your risk

 There are steps your organization can take to prevent e-skimming attacks and
protect customers from their impact. The following best practices should be put
in place to keep your data and infrastructure secure.
 Regularly update payment software and promptly install patches from
payment vendors that address potential security vulnerabilities
 Implement code integrity checks that alert you if system files have signs of
corruption or malware
 Use and update antivirus software 
 Continuously monitor and confirm that you are Payment Card Industry Data
Security Standard (PCI DSS) compliant
 Prioritize a strong threat intelligence program that alerts you if your
organization is mentioned within illicit communities

Ecommerce Copyright Law

By Vanessa Salvia, 3/10/08

Today’s technology makes it extremely easy for unscrupulous marketers to
browse a website, grab a photo or few lines of text, paste it into their website
and call it their own. There’s a better than average chance that at some point
you will find your content being used in a manner in which you have not given
permission, and you will be faced with the decision of what, if anything, to do
about it. In this article we will attempt to clarify some of the esoteric laws
governing fair usage of copyrighted materials, including text and photos. In this
series of articles, planned for three parts, we will delve into some of the issues
surrounding trademark law, and other legal issues related to search and online
commerce.*

What is a copyright?
According to Copyright.gov, the website of the United States copyright office,
copyright is “a form of protection grounded in the U.S. Constitution and granted
by law for original works of authorship fixed in a tangible medium of
expression.” Copyright covers both published and unpublished works. Unlike a
patent, which protects inventions and discoveries, copyright protects works of
original authorship.
In its most basic sense, copyright means “the right to copy” an original creation,
and only the owner of the copyright can set limits on how the copyrighted work
is used or exhibited. Copyright should not be confused with “copywrite,” which
applies to the process of writing promotional material.

What is protected by copyright?

Copyright protects “original works of authorship including literary, dramatic,
musical, and artistic works, such as poetry, novels, movies, songs, computer
software, and architecture.” If you register a copyright on one of your original
works, it allows you to display the work with the copyright symbol of "©."
Legal protection extends to original work even without the registration, but
registering does entitle you to more protections, such as statutory damages and
compensation of attorney’s fees if your copyrighted materials is involved in
successful litigation. Plus, there’s a public record of your work being registered
to you as your own.

DMCA Compliance
The Digital Millenium Copyright Act became a copyright law in 1998. Part of
the act criminalizes the use or distribution of technology which attempts to
circumvent copyright controls. Another part limits the liability of Online
Service Providers in the event of copyright infringement involving someone
they provide service for. MightyMerchant has posted a DMCA compliance
statement which we adhere to. In the event that one of our clients experiences
their copyrighted material being used improperly, we would do our best to assist
and advise on a course of action.

Copyright for Internet marketers

Items appearing on a website, including photos, artwork and written content
may be protected by a copyright. The government’s publication, Circular 66,
Copyright Registration for Online Works, explains the details of copyright law
for online work by saying that “works accessed via network (websites,
homepages, and FTP sites) and files and documents transmitted and/or
downloaded via network” are protected, as well as works transmitted online
including “text, artwork, music, audiovisual material (including any sounds),
sound recordings, etc.” This could include multimedia such as podcasts with
video or audio, and displays or presentations drawn up for conferences or
conventions.

Submitting a registration
To register a work online, three things must be submitted to the Copyright
Office together in the same envelope: a completed and signed application, a
copy of the material to be copyrighted, and the filing fee. Different materials
require different forms as the following list shows:
• Form TX—literary material
• Form VA—pictorial and graphic works
• Form PA—audiovisual material, including any sounds, music, or lyrics
• Form SR—sound recordings
• Form SE—a single issue of a serial
• Form SE/Group—a group of issues of a serial, including daily newsletters
• Form GR/CP—a group of contributions to a periodical. (This form must be
used in conjunction with Form TX, PA, or VA.)
As of this writing the filing fee using a paper application was $45, and $35 for
an electronic filing.

Copyright infringement online

Copyright infringement occurs whenever someone uses someone else’s
copyrighted material without permission. Online, copyright infringement is
governed by the (DMCA), and allows for infringement in the case of
unauthorized access and/or copying of a copyrighted work.
It’s very easy for someone to take work on the web and republish it as their
own. While technologies do exist to help you track when your content has been
used, it’s not always noticeable when someone else has used your content, at
least not right away. The good news is that copyrights protecting online works
are just as enforceable as other copyrights. The bad news is that online
copyright infringement is constantly evolving as new technologies emerge and
there’s so much money to be made by taking advantage of new online
publishing opportunities.
Content on the Internet could include original articles, text, videos, music,
images, or podcasts. Now, let’s take a look at some of the ways that your
content on and offline could be compromised.

Scraper sites
Sites that utilize content entirely taken from other websites are called scraper
sites. These sites almost entirely exist as revenue sources from advertising.
Typically, AdSense ads are added to the site along with very little or no real
content. The hope is that without finding anything of real value, visitors will
click on an ad or affiliate link to earn the site money.
These sites typically pull in excerpts from sites which rank highly for keywords
they have targeted. Particularly vulnerable are sites or blogs utilizing RSS feeds,
which scraper technology can easily exploit. This is not to suggest that using
RSS feeds on your site is a bad idea or unsafe, because for the most part these
scraper sites are harmless and easy to ignore, but it does add another layer to
what you should be aware of.
Scraper sites may display excerpts of blog posts with a link back to the original
blog. While many scraper sites attribute the content to the original owner, you
may find duplicates of your blog posts in your own, exact words attributed to
“admin,” or “unknown.” This type of unauthorized use is a violation of
copyright laws, if you choose to pursue it. Often, these sites pop up and
disappear quickly, and pursuing them may be a waste of time as they often don't
respond to letters or emails. Ignoring these sites may be the best strategy, unless
you want to give it a try and see if they respond to you.

User-generated content sites

User-generated content describes such online services as YouTube, where
millions of people go to post videos of themselves, their business, or anything
that happens in the world. The problem with this is that YouTube allows people
to post videos without pre-screening them, so someone could easily post video
that belonged to someone else. In fact, this has happened many times and due to
outcry YouTube has always pulled the video in the past, but not before some
popular videos received thousands of hits.

Music sharing
The music industry’s opposition to copying CDs numerous times, or online file
sharing of music has received much press in recent years. Numerous
infringement cases have been brought against people for using file-sharing
services like Napster to easily share copyrighted songs and music.
In the ‘olden days,’ illegally traded music was called bootleg recordings, and
they usually circulated in the form of cassette tapes. The musicians didn’t like
bootlegs then and they don’t like it now. If you are a musician or sell audio
recordings, this issue is clearly a prime one to watch.

Misappropriation of text
This may be the most common misuse of content online. It’s so easy to cut and
paste someone else’s text and use it as your own. Often an article may be stolen
and not attributed to you and circulated with someone else’s name on it. Or
perhaps your product description appears on someone else’s website who
happens to sell the same product as you. Sometime, people may just lift a line or
two of text from a landing page. This type of content usage can be very hard to
spot because you may have no way of knowing who’s using your content unless
you go looking for it.

Graphics
Sometimes, graphics may be stolen from one site and placed on another as free
graphics or ‘adoptables.’ Then other people visit the site and assume that the
person distributing the images has the right to them, and takes the image for
their own use. Then other people may do the same thing. Often, this is out of
ignorance of the nature of copyright law and the incorrect assumption that
everything on the Internet is ‘fair game.’
One of our clients experienced the unauthorized usage of photographs of
products from her website, which were placed on another website that sold the
same products. In the next newsletter, part 2 of this article series will look at
how she noticed the infringement, what steps she took, and also some free tools
you can use to monitor your own content usage.
*Please note that I am not a lawyer, and this article should be considered as
general information only and should not substitute for legal counsel from a
qualified lawyer.
Online Gambling
Author: Mr. Sonu Kumar, ICFAI Law School, Dehradun

It is often shown in movies that to earn money actors bet on a cricket team or a
player at the peril of losing some possession or cash. Also, winning and losing
is decided even by a shot. Nowadays, people in order to avoid penalties given
for offline gambling resort to various means of online gambling. The same can
be seen in our daily lives.

MEANING:
Online gambling can be defined as being involved in betting on casinos or
sports over the internet. Well, it is also known as Internet Gambling or e-
gambling. Usually, credit cards are used to place the bet, and win or losses are
enjoyed thereby.

HISTORY:
Just like everything has a beginning, gambling has it’s origin too. Some traces
of betting, a form of gambling can be seen in the chapters of Mahabharata
where the Kauravas through illicit means and cheating made Pandavas lose their
Kingdom and their wife, Draupadi’s dignity which led the foundation of the
greatest war called Mahabharata. Even the betting amusements that date back to
2300 BC or 1500 BC are also found in many places, especially in China and
Greece.
Also, dice were used by the rulers to decide how the domain would be
partitioned. The same was done by rulers, named Olaf with a ruler of Sweden.  

When gambling started taking its deep root in society and the government
banned gambling at physical places, then the loopy of gambling started coming
with the concept of Online Gambling. It begins in the year 1994 after the
complete commercialization of the Internet. It also started with the Caribbean
nation of Barbuda and Antigua after the enactment of the Free Trade and
Processing Act when it granted licenses to companies willing to engage in
online gambling services.

TYPES OF ONLINE GAMBLING

Online Gambling is of the following types:

1. Poker:
It is one of the famous online gambling types. You can play Poker with players
belonging to different nations.  You can play tournaments or actual cash game if
you are looking for winning money.

 Horses:
Online Gambling on horses is somewhat new. Earlier, it was done physically.
But now, you can get to bet on the horses faster and accurately.

 Slots:
It is used in the Casinos. People play slots with an amount that suits them per
spin and afterward spin and hit the lines. If hitting works then it gives you a
tremendous amount of money.

 Blackjack:
You will get the same feel of playing blackjack online as you feel in the casino.
You need to beat the dealer without being busted. That’s all.

 Roulette:
This game is all about luck and playing online does not make a difference. The
online game works in the same manner as just offline Roulette. You bet, the
wheel spins, and the ball stop at a random number.

 Online Sports Betting:

Well, online gambling is not only limited to Casino games but, nowadays it is
being used in the betting on sports games. There are numerous sites for betting
on sports games like Soccer, Cricket, Basketball, etc. They tell you the bets and
the returns you can get from it.
However, there are various sites that offer you the joy of playing an online
casino game and sports betting, both. But the only problem here is that they
have a limited number of gaming options comparatively.

Threats to Children.

Inappropriate Content
The Internet is chock-full of “inappropriate content.” Your children may try
searching for such content, or they may stumble upon it accidentally.
Regardless, it’s very easy to find if the websites containing the content are not
blocked. Invest in parental control software such as Norton Family to block
websites you don’t want kids to browse. Another option is to use a child-
friendly browser that automatically blocks websites unsuitable for kiddies. It
also helps to keep a close eye on your kids while they’re online, or check their
recent search histories so you have an idea of what sites they’re visiting. Placing
your computer in a room the whole family uses regularly is also a good idea.

Chat Room “Friends”

Some predators enter chat rooms or use social media to find young children.
They befriend them by pretending to be their age, and usually try to meet up at
some point. Setting up fake profiles is quite simple, making it important for
parents to emphasize this danger to your children. Go over the warning signs,
and stress that they can always come to you if concerned. Encourage your kids
to interact online only with those they know, such as friends and relatives. Also
let them know that meeting anyone they met online presents very real, very
scary dangers.

Cyberbullying
Just as predators no longer have to leave their homes to interact with children,
bullies no longer have to be face to face with their victims. Cyberbullying
through social media sites is unfortunately prevalent in today’s world, and
causes just as much damage as any other form of bullying. This is arguably one
of the most challenging threats to deal with, though a solution is to prevent your
children from creating social media profiles in the first place. Let them know
they can create theirs when they’re older. If you don’t want to do this, remind
your children that they can always come to you if they’re being bullied, whether
online or not. You won’t be able to do much unless you know it’s happening in
the first place.
Online Scams
While older adults are often thought of as the main targets of online scams,
children are very vulnerable to them as well. Common scams include emails
claiming you’ve won large sums of money and requesting payments to receive
said “winnings,” websites offering something for a low price but never
explaining what it is exactly; and essentially anything that’s extremely cheap or
free.
Education is key in preventing online scam issues, so be sure to let your
children know what the signs are. Also emphasize that they should never, ever
purchase something online without checking with you, and discourage them
from clicking on suspect links. The more they know, the better—you don’t want
them accidentally infecting the family computer with a virus or otherwise
costing you a large chunk of change.
Remember, you’re the parent, and you control how much your kids use the
Internet. They don’t have to have smartphones—flip phones for emergencies
and calling their friends is more than enough. They don’t have to have social
media profiles either—there are plenty of Internet-based activities that can wait
until they’re older. Now’s the time for children to play outside and behave...as
kids!