Escolar Documentos
Profissional Documentos
Cultura Documentos
Kenneth C. Laudon
Chapter 5
Online Security and Payment Systems
Slide 5-2
2008 CSI survey: 49% respondent firms detected security breach in last year
Of those that shared numbers, average loss $288,000
servers
Slide 5-4
Figure 5.1, Page 267 Source: Based on data from Computer Security Institute, 2009.
Copyright 2010 Pearson Education, Inc. Slide 5-5
Industry standards
Other factors
Time value of money
Cost of security vs. potential loss Security often breaks at weakest link
Copyright 2010 Pearson Education, Inc. Slide 5-6
threaten nation-state
Copyright 2010 Pearson Education, Inc. Slide 5-9
Client Server
Communications pipeline
Slide 5-10
Malicious code
Viruses Worms
Trojan horses
Bots, botnets
Unwanted programs
Browser parasites
Adware Spyware
Slide 5-13
Phishing
Deceptive online attempt to obtain confidential information Social engineering, e-mail scams, spoofing legitimate Web sites Use information to commit fraudulent acts (access checking accounts), steal identity
Hackers vs. crackers Cybervandalism: intentionally disrupting, defacing, destroying Web site Types of hackers: white hats, black hats, grey hats
Slide 5-14
Fear of stolen credit card information deters online purchases Hackers target merchant servers; use data to establish credit under false identity
Spoofing: misrepresenting self by using fake e-mail address Pharming: spoofing a Web site
Hackers flood site with useless traffic to overwhelm network Hackers use multiple computers to attack target network
Sniffing
Insider jobs
Technology Solutions
Protecting Internet communications
(encryption)
Securing channels of communication
Slide 5-17
Encryption
Encryption
Transforms data into cipher text readable only by
sender and receiver Secures stored information and information transmission Provides 4 of 6 key dimensions of e-commerce security:
1. 2. 3. 4.
Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction
Strength of encryption
Length of binary key used to encrypt data
1. 2.
Hash function:
Mathematical algorithm that produces fixed-length number called message or hash digest
Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipients public key Entire cipher text then encrypted with recipients private keycreating digital signaturefor authenticity, nonrepudiation
Slide 5-23
Digital Envelopes
Uses symmetric key encryption to encrypt document Uses public key encryption to encrypt and send symmetric key
Slide 5-25
all parties
Copyright 2010 Pearson Education, Inc. Slide 5-27
may be
haphazard
No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations
Insight on Society
What are some of the current risks and problems with using e-mail? What are some of the technology solutions that have been developed? Are these solutions compatible with modern law? Consider the benefits of a thorough business record retention policy. Do you agree that these benefits are worth giving up some control of your e-mail?
Slide 5-30
S-HTTP:
Provides a secure message-oriented communications
Protecting Networks
Firewall
Hardware or software that filters packets Prevents some packets from entering the network based on security policy Two main methods:
1. 2.
Software servers that handle all communications originating from or being sent to the Internet
Slide 5-33
Anti-virus software
Easiest and least expensive way to prevent
Slide 5-35
U.S. firms and organizations spend 12% of IT budget on security hardware, software, services ($120 billion in 2009) Managing risk includes
Technology Effective management policies Public
Security audit
Slide 5-37
Insight on Technology
What is LOCKSS? What are the advantages and disadvantages to LOCKSS? How is Cleversafes storage method different? How does it work?
Laws that give authorities tools for identifying, tracing, prosecuting cybercriminals:
National Information Infrastructure Protection Act of 1996 USA Patriot Act Homeland Security Act CERT Coordination Center US-CERT
Cash
Most common form of payment in terms of number of
Checking transfer
Second most common payment form in the United States
Credit card
Credit card associations Issuing banks Processing centers
Slide 5-41
Stored Value
Funds deposited into account, from which funds are paid
Accumulating Balance
Accounts that accumulate expenditures and to which
Slide 5-42
Table 5.6, Page 312 Source: Adapted from MacKie-Mason and White, 1996.
Copyright 2010 Pearson Education, Inc. Slide 5-43
Digital wallets
Emulates functionality of wallet by authenticating consumer, storing and transferring value, and securing payment process from consumer to merchant
Digital cash
Slide 5-46
Digital checking:
Extends functionality of existing checking accounts for use
online
Copyright 2010 Pearson Education, Inc. Slide 5-47
Use of mobile handsets as payment devices wellestablished in Europe, Japan, South Korea Japanese mobile payment systems
E-money (stored value) Mobile debit cards Mobile credit cards
phone
Copyright 2010 Pearson Education, Inc. Slide 5-48
Insight on Business
What technologies make mobile payment more feasible now than in the past? Describe some new experiments that are helping to develop mobile payment systems. How has PayPal responded? Why havent mobile payment systems grown faster? What factors will spur their growth?
Online payment systems for monthly bills 40% + of households in 2009 used some EBPP; expected to grow significantly Two competing EBPP business models:
2.