INFO 3435 – E-COMMERCE
Rachel Yen Chong
INFO 3435 eCommerce
Review Questions Online Security
and Payment Systems
Given the shift toward mobile commerce, do a
search on mobile commerce crime. Identify and
discuss the new security threats this type of
technology creates. Prepare a presentation
outlining your vision of the new opportunities for
1. WHY IS IT LESS RISKY TO STEAL ONLINE? EXPLAIN SOME OF THE WAYS CRIMINALS DECEIVE CONSUMERS AND MERCHANTS.
The potential for anonymity on the Internet can allow
criminals to assume identities that look legitimate and at
the same time, shield them from law enforcement agencies.
Using these assumed identities, criminals can place
fraudulent orders with online merchants, intercept e-mail,
steal customer information, and shut down e-commerce sites
using software viruses.
3. GIVE AN EXAMPLE OF SECURITY BREACHES AS THEY RELATE TO EACH OF THE SIX DIMENSIONS OF E-COMMERCE SECURITY.
FOR INSTANCE, WHAT WOULD BE A PRIVACY INCIDENT?
Integrity: This is the ability to ensure that information being displayed on a Web site or being transmitted/received over the Internet has not been altered in any way by an unauthorized party. One type of integrity security breach would be an unauthorized person intercepting and redirecting a bank wire transfer into a different account.
Nonrepudiation: the ability to ensure that e-commerce participants do not deny their online actions. An example of a repudiation incident would be a customer ordering merchandise online and later denying that he or she had done so. The credit card issuer will usually side with the customer because the merchant has no legally valid proof that the customer ordered the merchandise.
Authenticity: Authenticity is the ability to identify the identity of a person or entity you are transacting with on the Internet. One instance of an authenticity security breach is “spoofing,” in which someone uses a fake e-mail address, or poses as someone else. This can also involve redirecting a Web link to a different address.
Confidentiality: The ability to ensure that messages and data are available only to authorized viewers. One type of confidentiality security breach is “sniffing” in which a program is used to steal proprietary information on a network including e-mail messages, company files, or confidential reports.
Privacy: The ability to control the use of information a customer provides about him or herself to an e-commerce merchant. An example of a privacy security breach is a hacker breaking into an ecommerce site and gaining access to credit card or other customer information. This violates the confidentiality of the data and also the privacy of the people who supplied the data.
Availability: This is the ability to ensure that an e-commerce site continues to function as intended. One availability security breach is a DoS (Denial of Service) attack in which hackers flood a Web site with useless traffic that causes it to shut down, making it impossible for users to access the site.
5. EXPLAIN WHY THE U.S. GOVERNMENT WANTS TO RESTRICT THE EXPORT OF STRONG ENCRYPTION SYSTEMS. AND WHY WOULD OTHER COUNTRIES BE AGAINST IT?
U.S. government wants to restrict the export of strong encryption systems because of the belief that it hinders their ability to hunt down terrorists and criminals. This push to impose further restrictions on the development, dissemination, and use of encryption technologies is based on the assumptions that regulation can prevent terrorists from acquiring strong encryption. It also assumes that regulating encryption will not harm the information security of U.S. businesses and individuals. Other countries are against this because they believe that further regulations will not prevent terrorists from getting strong encryption. They believe that...
Please join StudyMode to read the full document