Transcript
8/8/2019 Ebiz Finally Final
1/22
E-Business Security
Presented By:
Abhishek Harbhajanka
Kranti Deori
Nupur Singh
Priyashree Rai
Shreya Shrivastava
Yachna Rotwal
8/8/2019 Ebiz Finally Final
2/22
INTRODUCTION
Companies can reach newcustomers with e-commerce
applications, and then retain them
with online customer service.
Businesses have to provide trust
and confidence to web interfaces
The security technology is vital for
building trust and confidence inelectronic relationship
8/8/2019 Ebiz Finally Final
3/22
Technical knowledge - Security
Traditional Enterprise Security- did not fit the demands of E-
business
New approach is to provide strategic information to internal
employees as well as business partners and customers
Huge concern for security as it has corporate image as well as legal
implications
Building authorization and authentication functions separately-
requires software expertise, is time-consuming, and is expensive
Due to rapid emergence of e-business the security infrastructuretechnology is still emerging into the market
8/8/2019 Ebiz Finally Final
4/22
Privacy protection has become a major E-Business concern.
an e-commerce site may be personalized to fit each customersneeds, using stored information about the customer
Businesses that store this information need to protect it from
unauthorized use
The goal is to provide access to specific information, but also to
ensure that only the right level of access is provided to exactly the
right people.
8/8/2019 Ebiz Finally Final
5/22
Infrastructure Required( Physical Security)
Physical security :-
Store all your IT equipment in a secure and lockable location.
Keep up-to-date logs for all equipments.
Appropriate insurance policies and develop emergency repair
plans
Extra measures in place for notebook computers (such as
encrypting all data stored on them) Make sure all staff are aware of security policies.
Report any suspicious activities.
8/8/2019 Ebiz Finally Final
6/22
Personnel security :-
Make sure passwords and access systems are revoked
when staff resigns.
Do not give any single member of staff complete
access to all the data.
Keep logs documenting access to key business
information.
I
mplement and maintain a strong password policy . Conduct regular internal security audits.
8/8/2019 Ebiz Finally Final
7/22
Layered approach to security
Application Security
Network Security
Physical Security
Operating System Security
Organisational Security
8/8/2019 Ebiz Finally Final
8/22
Layered approach to security
Application Security
Network Security
Physical Security
Operating System Security
Organisational Security
Physical access restriction Biometrics
8/8/2019 Ebiz Finally Final
9/22
Layered approach to security
Application Security
Network Security
Physical Security
Operating System Security
Organisational Security User login Knowledge of vulnerabilities
Data / storage encryption
8/8/2019 Ebiz Finally Final
10/22
Layered approach to security
Application Security
Network Security
Physical Security
Operating System Security
Organisational Security
Training / education of employees
Calamity response team and policy
Security policy
PKI organisation Processes / organisation
8/8/2019 Ebiz Finally Final
11/22
eBusiness Risk Management
Risk Strategy
Risk Committees
Risk, Incident and Crisis Management
Risk Management Intranet Portals
Enterprise Risk Management
11
8/8/2019 Ebiz Finally Final
12/22
What Are The Major Types of Internet Fraud?
Auction and Retail Schemes Online.
Bogus money offers
Business Opportunity/"Work-at-Home" Schemes Online.
Identity Theft and Fraud
Bad checks for services or goods
Charity frauds
Investment Schemes Online-Market Manipulation Schemes. Pump-and-Dump scheme
Scalping" schemes
Credit-Card Schemes.
Phishing Pharming
Skimming
Dumpster diving
8/8/2019 Ebiz Finally Final
13/22
How to protect yourself
GENERAL TIPS ON POSSIBLE INTERNET FRAUD SCHEME.
Don't Judge by Initial Appearances.
Be Careful About Giving Out Valuable Personal Data Online.
Be Especially Careful About Online CommunicationsWith Someone
Who Conceals His True Identity Watch Out for "Advance-Fee" Demands.
AUCTION AND RETAIL SALES SCHEMES
Research The Prospective Seller Carefully.
Pay by Credit Card or Escrow Service If Possible.
INVESTMENT SCHEMES ONLINE Take Your Time In Making Investment Decisions.
Research The Potential Investment Opportunity - AndWho's BehindIt - Carefully.
8/8/2019 Ebiz Finally Final
14/22
Security technologies
What security technologies do you know about that
attempt to prevent the attacks.
Secure sockets layer
Firewalls
Intrusion detection systems
Anti-virus software
Managing users, groups, and access permissions
Encryption (of files, e-mails)
8/8/2019 Ebiz Finally Final
15/22
8/8/2019 Ebiz Finally Final
16/22
E-PAYMENT TRANSACTION CYCLE
8/8/2019 Ebiz Finally Final
17/22
Securing ePaymentsSecuring ePayments Identification and authenticate
the ability to verify both the transacting parties Authorization
the ability to validate the rightful owner to the
transaction Integrity and confidentiality the ability to transmit the transaction securely the ability to store the transaction properly
Accountability
The ability to provide audit trail as evidence in dispute Policies for sharing risks and liabilities
the mechanism to settle disputes/non-repudiation
17
8/8/2019 Ebiz Finally Final
18/22
Funds Flow in a Payment Gateway
Funds flow from PayPal account to the receivers bank account.
PayPal has a US $ bank account with Deutsche Bank in Singapore
PayPal sends payment instructions to DB Singapore along with US$
DB converts US$ into INR and disburses payments out ofIndia (out of DB owned bank
account, PP does not have a bank account inI
ndia)
2
How PayPal Works
Merchant has theoption to withdraw
funds or sendpayment to another
customer.
Customerclickson PayPal link
on merchantsauction or
website.
If New Customer:Customersigns up onPayPal website and enters
card/bank information andpayment amount.
If Existing Customer:
Customerlogs into PayPalwebsite and enterspayment amount.
Merchant getselectronic notification
of funds received.Merchant delivers
goods or services.
Sender Receiver
Payment for online purchase of goods or services
8/8/2019 Ebiz Finally Final
19/22
Case Study - IRCTC www.irctc .co. in was the largest growing website in the Asia Pacific
Region. Most popular service was to book tickets online.
For booking one needs to create a login name and booking can be doneusing debit/credit card using 2 payment gateways ICICI Bank
CitiBank
Received information that fraudulent credit card transactions werebeing made on the site by various IDs
On analysis, IDs and the card numbers had 1 thing in common alltickets were collected from the counter
The identity documents of the person revealed that he had the oldaddress on his PAN Card.
The accused was working in the Credit Card Section of a Multi-National Bank as Sales Executive
Obtained Card information by Social Engineering
Purchased tickets for self and family
8/8/2019 Ebiz Finally Final
20/22
Security in M-Banking
Main issue
Use of smart cards
Biometrics security
Aspects that need to be addressed: Physical security of the device
Security of client application running on the cell phone
Authentication of device with the service provider
User-ID and password authentication of banks customer
Data encryption-offline and the one being transmitted Scalability and reliability
8/8/2019 Ebiz Finally Final
21/22
Future of Security
Faster and accurate user authentication using biometrictechnology
Future lies in human intervention and innovation
Adaptive security-built around an API for its real secureintrusion detection system
Good vendor support
State of SSL and SET
Stronger encryption
More attempts to control physical access by limiting it toauthorized users
8/8/2019 Ebiz Finally Final
22/22
References
http://www.e-businessguide.gov.au/protecting/start/sources/physical
http://www.techlivez.com/2007/08/new-technology-
will-use-your-finger-instead-of-credit-card-for-payments/
http://www.theregister.co.uk/2002/01/28/future_trends_in_security_3i/
http://www.1888articles.com/the-future-of-internet-
security-05sab855.html http://www.ecommercetimes.com/story/32373.html
top related