E-commerce & SecurityNetstarter Tech Talk April 10th 2014

Agenda

General E-Business Security Issues Security Questions Threats and Attacks E-Commerce Security

Introduction

In the past decade there have been two major developments;- Computerization: almost every aspect

of business as well as human life is “computerized”.

- Networking & Internet: the entire world is now a network of networks, connecting millions of computers, devices and sharing petabytes of data every second.

General E-Business Security Issues

Any E-Business needs to be concerned about network security.

The Internet is a “public” network consisting of thousands of interconnected private computer networks.

Private computer network systems are exposed to threats from anywhere on the public network.

Businesses must protect against the unknown. New methods of attacking networks and Web sites, and

new network security holes, are being constantly discovered or invented.

An E-Business cannot expect to achieve perfect security for its network and Web site.

Security Questions

How is the data protected once it is delivered to the E-Business?

How are credit card transactions authenticated and authorized?

The biggest potential security problem in an E-Business is of human, rather than electronic, origin.

The weakest link in any security system is the people using it.

Facts

According to PriceWaterhouseCooper Hacking cost United States companies

$1.5 trillion in 2000 World Trade Center insurable loss

$50 billion One year of hacking equals 30 Trade

Center attacks.

Threats and Attacks

Mainly there is two types of attacks Technical attacks▪ An attack perpetrated using software and

systems knowledge or expertise.

Non technical attacks▪ An attack that uses chicanery to trick people

into revealing sensitive information or performing actions that compromise the security of a network.

Technical attacks Hacking▪ Denial of Service attack▪ Packet Sniffing▪ Spoofing▪ Keystroke Monitoring▪ Viruses / Malware▪ Cracking▪ Zero-day incidents▪ Botnets (hijacked computers).▪ Web site defacement.

Non technical attacks Social Engineering

Threats and Attacks

E-Commerce Security

Today’s most ecommerce solutions are pre-build customizable solutions provided by varied range of organizations. Most of these solutions has built in reliable security features.

Customizations to these applications should be done in accordance with solution provider guide lines and standard coding methods.

E-Commerce Security contd.. Tools such as passwords, firewalls, intrusion

detection systems, and virus scanning software should be used to protect an E-Business’s network and Web site.

Transaction Security and Data Protection Use a predefined key to encrypt and decrypt the data

during transmission Use the secure sockets layer (SSL) protocol to protect

data transmitted over the Internet. Move sensitive customer information such as credit

card numbers offline or encrypting the information if it is to be stored online.

E-Commerce Security contd..

E-Commerce Security contd..

Remove all files and data from storage devices including disk drives and tapes before getting rid of the devices.

Shred all hard-copy documents containing sensitive information before trashing them.

Security is only as strong as the weakest link.

Security Audits and Penetration Testing

Can provide an overall assessment of the firm’s current exposure and vulnerabilities.

This is an outsourced item.

Consultant will provide a comprehensive recommendation to address list of vulnerabilities.

Conclusion

E-Commerce will continue to grow and the threats to it too will evolve. In order to safe guard privacy and trust on E-Commerce its critical organizations actively plan and implement strategies prevent security breaches. This will value added to the business.

Thank You