Ebiz Finally Final

8/8/2019 Ebiz Finally Final

1/22

E-Business Security

Presented By:

Abhishek Harbhajanka

Kranti Deori

Nupur Singh

Priyashree Rai

Shreya Shrivastava

Yachna Rotwal


2/22

INTRODUCTION

Companies can reach newcustomers with e-commerce

applications, and then retain them

with online customer service.

Businesses have to provide trust

and confidence to web interfaces

The security technology is vital for

building trust and confidence inelectronic relationship


3/22

Technical knowledge - Security

Traditional Enterprise Security- did not fit the demands of E-

business

New approach is to provide strategic information to internal

employees as well as business partners and customers

Huge concern for security as it has corporate image as well as legal

implications

Building authorization and authentication functions separately-

requires software expertise, is time-consuming, and is expensive

Due to rapid emergence of e-business the security infrastructuretechnology is still emerging into the market


4/22

Privacy protection has become a major E-Business concern.

an e-commerce site may be personalized to fit each customersneeds, using stored information about the customer

Businesses that store this information need to protect it from

unauthorized use

The goal is to provide access to specific information, but also to

ensure that only the right level of access is provided to exactly the

right people.


5/22

Infrastructure Required( Physical Security)

Physical security :-

Store all your IT equipment in a secure and lockable location.

Keep up-to-date logs for all equipments.

Appropriate insurance policies and develop emergency repair

plans

Extra measures in place for notebook computers (such as

encrypting all data stored on them) Make sure all staff are aware of security policies.

Report any suspicious activities.


6/22

Personnel security :-

Make sure passwords and access systems are revoked

when staff resigns.

Do not give any single member of staff complete

access to all the data.

Keep logs documenting access to key business

information.

I

mplement and maintain a strong password policy . Conduct regular internal security audits.


7/22

Layered approach to security

Application Security

Network Security

Physical Security

Operating System Security

Organisational Security


8/22



Network Security

Physical Security



Physical access restriction Biometrics


9/22



Network Security

Physical Security


Organisational Security User login Knowledge of vulnerabilities

Data / storage encryption


10/22



Network Security

Physical Security



Training / education of employees

Calamity response team and policy

Security policy

PKI organisation Processes / organisation


11/22

eBusiness Risk Management

Risk Strategy

Risk Committees

Risk, Incident and Crisis Management

Risk Management Intranet Portals

Enterprise Risk Management

11


12/22

What Are The Major Types of Internet Fraud?

Auction and Retail Schemes Online.

Bogus money offers

Business Opportunity/"Work-at-Home" Schemes Online.

Identity Theft and Fraud

Bad checks for services or goods

Charity frauds

Investment Schemes Online-Market Manipulation Schemes. Pump-and-Dump scheme

Scalping" schemes

Credit-Card Schemes.

Phishing Pharming

Skimming

Dumpster diving


13/22

How to protect yourself

GENERAL TIPS ON POSSIBLE INTERNET FRAUD SCHEME.

Don't Judge by Initial Appearances.

Be Careful About Giving Out Valuable Personal Data Online.

Be Especially Careful About Online CommunicationsWith Someone

Who Conceals His True Identity Watch Out for "Advance-Fee" Demands.

AUCTION AND RETAIL SALES SCHEMES

Research The Prospective Seller Carefully.

Pay by Credit Card or Escrow Service If Possible.

INVESTMENT SCHEMES ONLINE Take Your Time In Making Investment Decisions.

Research The Potential Investment Opportunity - AndWho's BehindIt - Carefully.


14/22

Security technologies

What security technologies do you know about that

attempt to prevent the attacks.

Secure sockets layer

Firewalls

Intrusion detection systems

Anti-virus software

Managing users, groups, and access permissions

Encryption (of files, e-mails)


15/22


16/22

E-PAYMENT TRANSACTION CYCLE


17/22

Securing ePaymentsSecuring ePayments Identification and authenticate

the ability to verify both the transacting parties Authorization

the ability to validate the rightful owner to the

transaction Integrity and confidentiality the ability to transmit the transaction securely the ability to store the transaction properly

Accountability

The ability to provide audit trail as evidence in dispute Policies for sharing risks and liabilities

the mechanism to settle disputes/non-repudiation

17


18/22

Funds Flow in a Payment Gateway

Funds flow from PayPal account to the receivers bank account.

PayPal has a US $ bank account with Deutsche Bank in Singapore

PayPal sends payment instructions to DB Singapore along with US$

DB converts US$ into INR and disburses payments out ofIndia (out of DB owned bank

account, PP does not have a bank account inI

ndia)

2

How PayPal Works

Merchant has theoption to withdraw

funds or sendpayment to another

customer.

Customerclickson PayPal link

on merchantsauction or

website.

If New Customer:Customersigns up onPayPal website and enters

card/bank information andpayment amount.

If Existing Customer:

Customerlogs into PayPalwebsite and enterspayment amount.

Merchant getselectronic notification

of funds received.Merchant delivers

goods or services.

Sender Receiver

Payment for online purchase of goods or services


19/22

Case Study - IRCTC www.irctc .co. in was the largest growing website in the Asia Pacific

Region. Most popular service was to book tickets online.

For booking one needs to create a login name and booking can be doneusing debit/credit card using 2 payment gateways ICICI Bank

CitiBank

Received information that fraudulent credit card transactions werebeing made on the site by various IDs

On analysis, IDs and the card numbers had 1 thing in common alltickets were collected from the counter

The identity documents of the person revealed that he had the oldaddress on his PAN Card.

The accused was working in the Credit Card Section of a Multi-National Bank as Sales Executive

Obtained Card information by Social Engineering

Purchased tickets for self and family


20/22

Security in M-Banking

Main issue

Use of smart cards

Biometrics security

Aspects that need to be addressed: Physical security of the device

Security of client application running on the cell phone

Authentication of device with the service provider

User-ID and password authentication of banks customer

Data encryption-offline and the one being transmitted Scalability and reliability


21/22

Future of Security

Faster and accurate user authentication using biometrictechnology

Future lies in human intervention and innovation

Adaptive security-built around an API for its real secureintrusion detection system

Good vendor support

State of SSL and SET

Stronger encryption

More attempts to control physical access by limiting it toauthorized users


22/22

References

http://www.e-businessguide.gov.au/protecting/start/sources/physical

http://www.techlivez.com/2007/08/new-technology-

will-use-your-finger-instead-of-credit-card-for-payments/

http://www.theregister.co.uk/2002/01/28/future_trends_in_security_3i/

http://www.1888articles.com/the-future-of-internet-

security-05sab855.html http://www.ecommercetimes.com/story/32373.html

Ebiz Finally Final

Documents

Transcript of Ebiz Finally Final