Page 315 - Introduction to Electronic Commerce and Social Commerce
P. 315

302                                                     10  E-Commerce Security and Fraud Issues and Protections

           ways. Software programs can be manipulated. Procedures and  when it is on the Web. Online piracy occurs when illegal soft-
           policies may be altered, and much more. Vulnerable areas are  ware is downloaded from a peer-to-peer network. An exam-
           frequently attacked.                               ple is the pirating of live sports events. At stake are millions
                                                              of dollars in lost revenue to sports leagues and media compa-
             Vulnerability Information                        nies.  These institutions are joining forces in lobbying for
                                                              stronger copyright legislation and by filing lawsuits against
           A vulnerability is where an attacker finds a weakness in the  violators. For facts and statistics about online piracy, see
           system and then exploits that weakness. Vulnerability creates   articles.latimes.com/2013/sep/17/business/la-fi-ct-piracy-
           opportunities for attackers to damage information systems.  bandwith-20130917.
           MITRE Corporation publishes a dictionary of publicly known
           security vulnerabilities called  common vulnerabilities and
           exposures (CVE) (cve.mitre.org). Exposure can result when   EC Security Requirements
           a cybercriminal exploits a vulnerability. See Microsoft’s guide
           to threats and vulnerabilities at technet.microsoft.com/en-us/  Good security is a key success factor in EC.
           library/dd159785.aspx.                               The following set of security requirements are used to
                                                              assure success and to minimize EC transaction risks:
           Attacking E-Mail
           One of the easiest places to attack is a user’s e-mail, since it
           travels via the unsecured Internet.
                                                                •  Authentication. Authentication is a process used
           Attacking Smartphones and Wireless Systems             to verify (assure) the real identity of an EC entity,
           Since mobile devices are more vulnerable than wired sys-  which could be an individual, software agent, com-
           tems, attacking smartphones and tablets is becoming popular   puter program, or EC website. For electronic mes-
           due to the explosive growth of mobile computing. According   sages, authentication verifies that the sender/receiver
           to Fink (2014), hackers can steal your phone password wear-  of the message is who the person or organization
           ing digital glasses.                                   claims to be. (The ability to detect the identity of a
                                                                  person/entity with whom you are doing business.)
           The Vulnerability of RFID Chips                      •  Authorization. Authorization is the provision of
           These chips are embedded everywhere, including in credit   permission to an authenticated person to access sys-
           cards and U.S. passports. Cards are designed to be read from   tems and perform certain operations in those spe-
           some distance (contactless), which also creates a vulnerability.   cific systems.
           When you carry a credit card in your wallet or pocket, anyone   •  Auditing.  When a person or program accesses  a
           with an RFID reader that gets close enough to you may be able   website  or  queries  a  database,  various  pieces  of
           to read the RFID information on your card. For a presentation,   information are recorded or logged into a file. The
           watch the video “How to Hack RFID-Enabled Credit Cards   process of maintaining or revisiting the sequence of
           for $8 (BBtv)” at youtube.com/watch?v=vmajlKJlT3U.     events during the transaction, when, and by whom,
                                                                  is known as auditing.
             The Vulnerabilities in Business IT and EC Systems  •  Availability. Assuring that systems and information
                                                                  are available to the user when needed and that the
           Vulnerabilities can be of technical nature (e.g., unencrypted   site continues to function. Appropriate hardware,
           communications;  insufficient  use  of  security  programs  and   software, and procedures ensure availability.
           firewalls) or they can possess organizational weaknesses (e.g.,   •  Nonrepudiation. Closely associated with authenti-
           lack of user training and security awareness, and an insider   cation is nonrepudiation, which is the assurance
           who steals data and engages in inappropriate use of business   that online customers or trading partners will not be
           computers).                                            able to falsely deny (repudiate) their purchase,
                                                                  transaction, sale, or other obligation. Nonrepudiation
             Pirated Videos, Music, and Other                     involves several assurances, including providing
           Copyrighted Material                                   proof of delivery from the sender and proof of
                                                                  sender and recipient identities and the identity of
           It is relatively easy to illegally download, copy, or distribute   the delivery company.
           music, videos, books, software, and other intellectual  property
   310   311   312   313   314   315   316   317   318   319   320