MBA I SEM

E-BUSINESS FUNDAMENTALS UNIT V

 Security Environment
In conducting e-business, every organization ought to be able to:
• positively identify or confirm the identity of the party they are dealing with on the
other end of the transaction;
• determine that the activities being engaged in by an individual or machine is
commensurate with the level of authorization assigned to the individual or machine;
• confirm the action taken by the individual or machine and be able to prove to a third
party that the entity (person or machine) did in fact perform the action;
• protect information from being altered either in storage or in transit;
• be certain that only authorized entities have access to information;
• ensure that every component of the e-business infrastructure is available when
needed;
• be capable of generating an audit trail for verification of transactions.
 Security Environment

Effective information security policy must have the following six objectives :
• confidentiality;
• integrity;
• availability;
• legitimate use (identification, authentication, and authorization);
• auditing or traceability;
• non-repudiation
 Security Threats

• The Risk of Fraud: An electronic payment system has a huge risk of fraud.
The computing devices use an identity of the person for authorizing a
payment such as passwords and security questions. These authentications are
not full proof in determining the identity of a person.
• The Risk of Tax Evasion: The Internal Revenue Service law requires that
every business declare their financial transactions and provide paper records
so that tax compliance can be verified. The problem with electronic systems
is that they don't provide cleanly into this paradigm.
 Security Threats

• The Risk of Payment Conflicts: In electronic payment systems, the

payments are handled by an automated electronic system, not by humans.
The system is prone to errors when it handles large amounts of payments on a
frequent basis with more than one recipients involved.
• Backdoors Attacks: It is a type of attacks which gives an attacker to
unauthorized access to a system by bypasses the normal authentication
mechanisms. It works in the background and hides itself from the user that
makes it difficult to detect and remove.
 Security Threats

• The Risk of Payment Conflicts: In electronic payment systems, the

payments are handled by an automated electronic system, not by humans.
The system is prone to errors when it handles large amounts of payments on a
frequent basis with more than one recipients involved.
• Backdoors Attacks: It is a type of attacks which gives an attacker to
unauthorized access to a system by bypasses the normal authentication
mechanisms. It works in the background and hides itself from the user that
makes it difficult to detect and remove.
 Security Threats

• Denial of service attacks: A denial-of-service attack (DoS attack) is a security attack in

which the attacker takes action that prevents the legitimate (correct) users from
accessing the electronic devices. It makes a network resource unavailable to its intended
users by temporarily disrupting services of a host connected to the Internet.

• Direct Access Attacks: Direct access attack is an attack in which an intruder gains physical
access to the computer to perform an unauthorized activity and installing various types of
software to compromise security. These types of software loaded with worms and
download a huge amount of sensitive data from the target victims.
 Security Threats

• Eavesdropping: This is an unauthorized way of listening to private

communication over the network. It does not interfere with the normal
operations of the targeting system so that the sender and the recipient of
the messages are not aware that their conversation is tracking
 Security Threats

Credit/Debit card fraud

• Skimming: It is the process of attaching a data-skimming device in the card
reader of the ATM. When the customer swipes their card in the ATM card reader,
the information is copied from the magnetic strip to the device. By doing this, the
criminals get to know the details of the Card number, name, CVV number, expiry
date of the card and other details.
• Unwanted Presence: It is a rule that not more than one user should use the ATM
at a time. If we find more than one people lurking around together, the intention
behind this is to overlook our card details while we were making our transaction.
 Security Threats

Vishing/Phishing: Phishing is an activity in which an intruder obtained the

sensitive information of a user such as password, usernames, and credit card
details, often for malicious reasons, etc.
Vishing is an activity in which an intruder obtained the sensitive information of
a user via sending SMS on mobiles. These SMS and Call appears to be from a
reliable source, but in real they are fake. The main objective of vishing and
phishing is to get the customer's PIN, account details, and passwords.
 Security Threats

Online Transaction
• Online transaction can be made by the customer to do shopping and pay their bills
over the internet. It is as easy as for the customer, also easy for the customer to hack
into our system and steal our sensitive information. Some important ways to steal
our confidential information during an online transaction are-
• By downloading software which scans our keystroke and steals our password and
card details.
• By redirecting a customer to a fake website which looks like original and steals our
sensitive information.
• By using public Wi-Fi
 Security Threats

POS Theft: It is commonly done at merchant stores at the time of POS

transaction. In this, the salesperson takes the customer card for processing
payment and illegally copies the card details for later use.
 TECHNOLOGY SOLUTION FOR E-
COMMERCE SECURITY

Site Security Solutions: To secure services and network at sites location, the
following factors must be considered:
• The “deny all” model in which all the services are turn off and then
selectively, services are enabled on case by case basis as required.
• The “allow all” model in which all the services are turn on usually with the
default at the host level; and allowing all protocols to travel across network
boundaries.
 TECHNOLOGY SOLUTION FOR E-
COMMERCE SECURITY

NETWORK SECURITY SOLUTIONS

Firewalls- regulate the activities between networks within the same
organization. The firewall provides a strict controlled access to host,
protection from services which are more prone to attacks, maintain the
statistics of network use and misuse.
 TECHNOLOGY SOLUTION FOR E-
COMMERCE SECURITY

Client Server Security Solutions Various client- server network security methods
are stated as follows:
• Security through Obscurity: Security through Obscurity method is particularly
used by small group or organization that can be made secure as long as nobody
outside its management group is allowed to find out anything about its
operational details and users are provided information on a need –to know basis.
• Password Schemes: Vital information can be protected by using passwords. It is
widely used in network security. In password schemes, generally eight character
length mixed case alphanumeric characters are chosen as password. The majority
of hackers access client computers because of easy passwords.
 TECHNOLOGY SOLUTION FOR E-
COMMERCE SECURITY

• Biometric Systems: Biometric Systems Biometric System is considered as

the most secured of security methods. In this method, unique aspects of a
person's body are taken as a recognition pattern. E.g. finger prints, palm
prints, retinal patterns of eyes, signatures or voice recognition.
• Use of Anti- Virus software: Client must always use the protection method
and that is to scan for malicious data and program fragments that are
transferred from the server to the client, and filter out data and programs
known to be dangerous.
Ethical, Social and Political Issues in E
Commerce
 Ethical, Social and Political Issues in E
Commerce
• Information rights: What rights to their own personal information do individuals have in a
public marketplace, or in their private homes, when Internet technology make information
collection so pervasive and efficient? What rights do individuals have to access information
about business firms and other organizations?
• Property rights: How can traditional intellectual property rights be enforced in an internet
world where perfect copies of protected works can be made and easily distributed
worldwide in seconds?
• Governance: Should the Internet and e-commerce be subject to public laws? And if so, what
law-making bodies have jurisdiction - state, federal, and/or international?
• Public safety and welfare: What efforts should be undertaken to ensure equitable access to
the Internet and ecommerce channels? Should governments be responsible for ensuring
that schools and colleges have access to the Internet? Is certain online content and activities
- such as pornography and gambling - a threat to public safety and welfare? Should mobile
commerce be allowed from moving vehicles?
 Ethical, Social and Political Issues in E
Commerce

Basic Ethical Concepts:

• Responsibility
• Accountability
• Liability
 Ethical, Social and Political Issues in E
Commerce
Ethical, social, and political controversies usually present themselves as dilemmas. The
following is a five step process that should help.
• Identify and describe clearly the facts: Find out who did what to whom, and where, when,
and how. In many instances, you will be surprised at the errors in the initially reported facts,
and often you will find that simply getting the facts straight helps define the solution. It
also helps to get the opposing parties involved in an ethical dilemma to agree on the facts.
• Define the conflict or dilemma and identify the higher order value involved: Ethical,
social, and political issues always reference higher values. Otherwise, there would be no
debate. The parties to a dispute all claim to be pursuing higher values (e.g., freedom,
privacy, protection of property, and the -enterprise system). For example, Double Click and
its supporters argue that their tracking of consumer movements on the Web increases
market efficiency and the wealth of the entire society. Opponents argue this claimed
efficiency comes at the expense of individual privacy, and Double Click should cease its or
offer Web users the option of not participating in such tracking.
 Ethical, Social and Political Issues in E
Commerce
• Identify the stakeholders: Every ethical, social, and political issue has stakeholders:
players in the game who have an interest in the outcome, who have its vested in the
situation, and usually who have vocal opinions. Find out the identity of these groups
and what they want. This will be useful later when designing a solution.
• Identity the options that you can reasonably take: You may find that none of the
options satisfies all the interests involved, but that some options do a better job
than others. Sometimes, arriving at a “good” or ethical solution may not, always be
a balancing of consequences to stakeholders.
• Identify the potential consequences of your options: Some options may be
ethically correct, but disastrous from other points of view. Other options may work
in this one instance, but not in other similar instances. Always ask yourself, “what if I
choose this option consistently over time?” Once your analysis is complete, you can
refer to the following well established ethical principle to help decide the matter.