Page 339 - Introduction to Electronic Commerce and Social Commerce
P. 339
326 10 E-Commerce Security and Fraud Issues and Protections
doors to security attacks. Every EC business knows that Fraud
there are threats of stolen credit cards, data breaches, General controls
phishing, malware, and viruses that never end—and that Hacker
these threats must be addressed comprehensively and Identity theft
strategically. Information assurance (IA)
11. The future of EC. EC is growing steadily and rapidly, Information security
expanding to include new products, services, business Integrity
models, and countries. The most notable areas of growth Internet underground economy
are the integration of online and offline commerce, mobile Intrusion detection system (IDS)
commerce (mostly due to smartphone apps), video-based Key (key value)
marketing, and social media and networks. Several emerg- Keystroke logging (keylogging)
ing technologies, ranging from intelligent applications to Macro virus (macro worm)
wearable devices, are facilitating the growth of EC. On the Malware (malicious software)
other hand, several factors are slowing down the spread of Nonrepudiation
EC such as security and privacy concerns, limited band- Penetration test (pen test)
width, and lack of standards in some areas of EC. Phishing
Plaintext
Prevention measures
KEY TERMS Private key
Public key
Access control Public (asymmetric) key encryption
Application controls Public key infrastructure (PKI)
Authentication Risk
Authorization Search engine spam
Availability Social engineering
Banking Trojan Spam
Biometric authentication Spam site
Biometric systems Splog
Botnet Spyware
Business continuity plan Standard of due care
Business impact analysis (BIA) Symmetric (private) key encryption
Certificate authorities (CAs) Trojan horse
CIA security triad (CIA triad) Virtual private network (VPN)
Ciphertext Virus
Computer Fraud and Abuse Act (CFAA) Vulnerability
Confidentiality Vulnerability assessment
Cracker Worm
Cybercrime Zombies
Cybercriminal
Darknet
Data breach DISCUSSION QUESTIONS
Denial-of-service (DoS) attack
Detection measures 1. Consider how a hacker might trick people into divulging
Deterrent methods their user IDs and passwords to their Amazon.com
Digital signature accounts. What are some of the specific ways that a
EC security strategy hacker might accomplish this? What crimes can be per-
Electronic signature formed with such information?
E-mail spam 2. B2C EC sites and social networks continue to experi-
Encryption ence DoS and DDoS attacks. How are these attacks exe-
Encryption algorithm cuted? Why is it so difficult to safeguard against them?
Exposure What are some of the things a site can do to mitigate
Firewall such attacks?
