- Visit an e-commerce website and survey the mode of payment allowed. Would you trust the site with your business?
- Global e-commerce presents challenges exempt from domestic e-commerce. What security concerns add to the complexity of international e-business?
- Improper or unauthorized use of the organization's e-Commerce offering (i.e., web site)
- Using connectivity to the Internet as the path to the organization's internal, private systems for unauthorized access
- What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
- Are you visiting a secure site?
- Is the website certified by an Internet trust organization?
- Is the website owned by a company or organization that you know well?
- Does the website ask you for personal information?
- On a retail website, is there a way to contact someone by phone or mail?
- If you don't recognize the site, do you have other information to help you decide?
- The site is referred to you through an e‑mail message from someone you don't know.
- The site offers objectionable content, such as pornography or illegal materials.
- The site makes offers that seem too good to be true, indicating a possible scam or the sale of illegal or pirated products.
- You are lured to the site by a bait and switch scheme, in which the product or service is not what you were expecting.
- You are asked for a credit card as a verification of identity or for personal information that does not seem necessary.
- You are asked to provide a credit card number without proof that the transaction is secure.
- Visit 10 e-commerce websites. How many mention security on their home page? Is privacy mentioned? How many of them belong to the TRUSTe association?
- Visit the Verisign web site - what solutions does it offer for e-commerce?
- Visit your e-mail or WWW browser provider site and search for security. What technologies does your particular product support? I took the following screen shot of the Bigpond Security information page. I guess that they are primarily Windows based. I make this statement based upon the Windows Only stipulation on the Bigpond Security trial.
- Visit the TRUSTe web site. Describe what services and solutions are offered.
- Get the latest PGP software from http://web.mit.edu/network/pgp.html; install it on two machines and encrypt a message on one machine and decrypt it on the other.
- The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
A site that I have used multiple times is UMART Online. It is an online computer shop. They accept payment by Cash/EFTPos/Cheque. They do have a physical presence as well with multiple stores around Australia. Their method of payment by credit card requires filling in a paper based form, with your credit card details, faxing it to them, and if your order is over $500 sending in a photocopy of your Drivers Licence.
This method is a little confronting, when looked at from a security perspective, with Identity theft concerns. But their prices made it seem just to good.
Access by unauthorized users is the area of risk that approaches the level of "significant" and is perceived to present the greatest overall security risk to e-Commerce. (Isaca)
According to (Isaca), the security impact of e-Commerce can be placed into two categories:
Knowing when to trust a website depends in part on who publishes the website, what information they want, and what you want from the site. If you're not sure whether to trust a website, consider these questions:
According to Microsoft a website might not be trustworthy if:
Verisign provides SSL Certificates and other security services. Their site mentions 2 related products and services.
TRUSTe provides services to alleviate privacy concerns relating to company communications, by ensuring that those communications align with privacy standards.
The TRUSTe motto of "Their Privacy Is Your Business" identifies the goal of Building Customer Trust to ensure future Revenue.
Other methods of user validation include biometric authentication (fingerprints, palm prints, voice analysis, iris scans etc) and handheld password tokens.(Authentication Tools)
No comments:
Post a Comment