Tuesday, June 23, 2009

Exercise 16: Authentication and Encryption systems

  1. Visit an e-commerce website and survey the mode of payment allowed. Would you trust the site with your business?

    2. A site that I have used multiple times is UMART Online. It is an online computer shop. They accept payment by Cash/EFTPos/Cheque. They do have a physical presence as well with multiple stores around Australia. Their method of payment by credit card requires filling in a paper based form, with your credit card details, faxing it to them, and if your order is over $500 sending in a photocopy of your Drivers Licence.

    This method is a little confronting, when looked at from a security perspective, with Identity theft concerns. But their prices made it seem just to good.

  2. Global e-commerce presents challenges exempt from domestic e-commerce. What security concerns add to the complexity of international e-business?

    3. Access by unauthorized users is the area of risk that approaches the level of "significant" and is perceived to present the greatest overall security risk to e-Commerce. (Isaca)

    According to (Isaca), the security impact of e-Commerce can be placed into two categories:

    • Improper or unauthorized use of the organization's e-Commerce offering (i.e., web site)
    • Using connectivity to the Internet as the path to the organization's internal, private systems for unauthorized access

  3. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

    4. Knowing when to trust a website depends in part on who publishes the website, what information they want, and what you want from the site. If you're not sure whether to trust a website, consider these questions:

    • Are you visiting a secure site?
    • Is the website certified by an Internet trust organization?
    • Is the website owned by a company or organization that you know well?
    • Does the website ask you for personal information?
    • On a retail website, is there a way to contact someone by phone or mail?
    • If you don't recognize the site, do you have other information to help you decide?

    According to Microsoft a website might not be trustworthy if:

    • The site is referred to you through an e‑mail message from someone you don't know.
    • The site offers objectionable content, such as pornography or illegal materials.
    • The site makes offers that seem too good to be true, indicating a possible scam or the sale of illegal or pirated products.
    • You are lured to the site by a bait and switch scheme, in which the product or service is not what you were expecting.
    • You are asked for a credit card as a verification of identity or for personal information that does not seem necessary.
    • You are asked to provide a credit card number without proof that the transaction is secure.

  4. Visit 10 e-commerce websites. How many mention security on their home page? Is privacy mentioned? How many of them belong to the TRUSTe association?
  5. Visit the Verisign web site - what solutions does it offer for e-commerce?
    6. Verisign provides SSL Certificates and other security services. Their site mentions 2 related products and services.
  6. Visit your e-mail or WWW browser provider site and search for security. What technologies does your particular product support?
    7. I took the following screen shot of the Bigpond Security information page. I guess that they are primarily Windows based. I make this statement based upon the Windows Only stipulation on the Bigpond Security trial.



  7. Visit the TRUSTe web site. Describe what services and solutions are offered.

    8. TRUSTe provides services to alleviate privacy concerns relating to company communications, by ensuring that those communications align with privacy standards.

    The TRUSTe motto of "Their Privacy Is Your Business" identifies the goal of Building Customer Trust to ensure future Revenue.

  8. Get the latest PGP software from http://web.mit.edu/network/pgp.html; install it on two machines and encrypt a message on one machine and decrypt it on the other.
  9. The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

    10. Other methods of user validation include biometric authentication (fingerprints, palm prints, voice analysis, iris scans etc) and handheld password tokens.(Authentication Tools)

References Authentication Tools. Retrieved 1 July 2009, from http://www.cromwell-intl.com/security/security-authentication.html ISACA. e-Commerce Security - A Global Status Report. Retrieved 1 July 2009, from http://www.isaca.org/Template.cfm?Section=Deliverables&Template=/ContentManagement/ContentDisplay.cfm&ContentID=8547 Microsoft. When to trust a website. Retrieved 1 July 2009, from http://windowshelp.microsoft.com/Windows/en-US/Help/dfe83943-3394-48fb-8a4b-406f0b479c331033.mspx TRUSTe. Privacy Is Everyone's Business. Retrieved 1 July 2009, from http://www.truste.org/about/our_services.php Verisign. E-Commerce Security: What Is It? Retrieved 30 June 2009, from http://www.verisign.com.au/ssl-certificates/e-commerce-security/
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)