Page 335 - Introduction to Electronic Commerce and Social Commerce
P. 335
322 10 E-Commerce Security and Fraud Issues and Protections
almost impossible for an applicant to impersonate another Senior Management Commitment and Support
person. Overall, trust in online transactions and in EC in
general would increase significantly. Authentication can be The success of an EC security strategy and program depends
achieved in several ways, including the use of biometrics. on the commitment and involvement of senior management.
Many forms of security are unpopular because they are
Fraud Detecting Systems inconvenient, restrictive, time-consuming, and expensive.
Security practices may not be a top organizational priority
There are a large number of fraud detection systems such as unless they are mandated.
the use of data mining for credit card fraud. CyberSource also Therefore, an EC security and privacy model for effective
has developed several tools for detecting fraud. For details, see enterprisewide security should begin with senior manage-
Cyber Source periodic reports and authorize.net/resources/ ment’s commitment and support, as shown in Figure 10.10.
files/fdswhitepaper.pdf. The model views EC security (as well as the broader IT secu-
rity) as a combination of commitment and support, policies
and training, procedures and enforcement, and tools, all exe-
SECTION 10.7 REVIEW QUESTIONS cuted as a continuous process.
1. Describe consumer protection measures.
2. Describe assurance services. EC Security Policies and Training
3. What must a seller do to protect itself against fraud? How?
4. Describe types of electronic signatures. Who is protected? An important security task is developing an organizational
Why? EC security policy, as well as procedures for specific security
5. Describe authentication. and EC activities such as access control and protecting cus-
tomer data. Customers should:
10.8 IMPLEMENTING ENTERPRISEWIDE
E-COMMERCE SECURITY • Know that data is being collected, and when it is
done.
Now that you have learned about both the threats and the • Give their permission for the data to be collected.
defenses, we can discuss some implementation issues starting • Have knowledge and some control over how the
with the reasons why it is difficult, or even impossible, to stop data is controlled and used.
computer crimes and the malfunction of information systems. • Be informed that the information collected is not to
be shared with other organizations.
The Drivers of EC Security Management
To protect against criminal use of social media, you can:
The explosive growth of EC and SC, together with an increase
in the ever-changing strategies of cybercriminals, combined
with regulatory requirements and demands by insurance
• Develop policies and procedures to exploit opportu-
companies, drives the need for comprehensive EC security nities but provide customer protection.
management. Additional drivers are:
• Educate employees and others about what is accept-
able and what is not acceptable.
• The laws and regulations with which organizations
must comply.
• The conduct of global EC. More protection is needed According to sans.org, cyberintelligence is an important
when doing business with a foreign country. defense tool.
• Information assets have become critical to the oper-
ation of many businesses.
• New and faster information technologies are shared
throughout organizations. Organizational collabora- EC Risk Analysis and Ethical Issues
tion is needed.
EC security procedures require an evaluation of the digital
• The complexity of both the attacks and the defense
requires an organization-wide collaboration approach. and financial assets at risk—including cost and operational
considerations.
