E Business w6 Discussion
CHAPTER 10 ELECTRONIC COMMERCE SECURITY
Summary
Online businesses today must deal with a wide range of security risks. They often create a formal security policy document that identifies risks and countermeasures that will reduce those risks to an acceptable level. Online security elements include secrecy, integrity, and necessity.These three elements are each enforced in the three components of online business transactions, including client devices, the communication channel, and Web server computers. Client devices can be threatened by active content, viruses, or worms delivered throughWeb browsing activity (by means of cookies or Web bugs), e-mail, or other devices on the same network. Antivirus software is an important element in the protection of client computers. The main communication channel used in online business is the Internet, which is especially vulnerable to attacks. Encryption provides secrecy and integrity protection against many of these attacks and can be implemented with private keys, public keys, or a combination of techniques. Digital certificates provide both integrity and user authentication, which can provide non-repudiation in online transactions. Secure Sockets Layer and Secure HTTP protocols can provide secure Web browser connections. Wireless networks are subject to threats of signal interception, but most wireless networks installed in businesses today (and many installed in homes) do use a secure form of wireless encryption.Web servers must be protected from both physical threats and Internet-based attacks on their software. Server protection methods include access control and authentication, which are provided by username and password login procedures and client certificates. Firewalls can be used to separate trusted inside networks and clients from untrusted outside networks, including other divisions of a company’s enterprise network system and the Internet.A number of organizations have been formed to share information about computer security threats and defenses. When large security outbreaks occur, the members of these organizations join together and discuss methods to locate and eliminate the threat. Computer forensics firms that undertake attacks against their clients computers can play an important role in helping to identify security weaknesses.
CHAPTER 11 PAYMENT SYSTEMS FOR ELECTRONIC COMMERCE
Summary
Credit, debit, and charge cards (payment cards) are the most popular forms of payment on the Internet. Processing payment card transactions requires that an online merchant establish a merchant account with an acquiring bank. Merchants can obtain card approval and transaction settlement services using tools included in their electronic commerce software, through a separate payment processing software application, or from a payment process service provider.Digital cash, a form of online payment that is portable and anonymous, has been slow to catch on in the United States. Digital cash could be useful for making micropayments because the cost of processing payment cards for small transactions is greater than the profit on such transactions. Digital wallets can store payment card information, digital cash, and personal consumer identification. Software-based digital wallets eliminate the need for consumers to reenter payment card and shipping information at each business’s Web site. Stored-value cards, including smart cards and magnetic stripe cards, are physical devices that hold information, including cash value, for the cardholder. Magnetic stripe cards have limited capacity. Smart cards can store greater amounts of data on a microchip embedded in the card and are intended to replace the collection of plastic cards people now carry, including payment cards, driver’s licenses, and insurance cards. Smart card use in the United States is not widespread; however, smart cards are popular in other parts of the world. Banks still process most monetary transactions, and a large part of the dollar volume of those transactions is still done by writing checks; however, banks often use Internet technologies to process those checks. Phishing expeditions and identity theft pose a significant threat to online financial institutions and their customers.