ONLINE SECURITY AND PAYMENT SYSTEMS.

1
ONLINE SECURITY AND PAYMENT SYSTEMS.

• Faith Kariuki
• EBusiness Presentation

2
Management of Policies, Business Procedures and
Public Laws

• In 2007,US Business firms/Government Agencies
  spend about 10 of their IT Budgets on Security
  H/w, S/w and Services(100 Billion)
• Most CEOs , CIOs of Ecommerce
• operations believe Technology is not the sole
  answer to managing risk of Ecommerce.

3

• They believe Technology provides the Foundation.
• Management Policies, Public Laws, and enforcement
  of Cyber crime are also required to guard against
  Information Abuse.

4
Management Policies

• To minimize security risk, firms must develop
  policies that consider nature of risk,
  Information assets that need protection,
  Technologies and procedure required to address
  the risk.

5
Examples of Ecommerce Security Legislation and
significance

• Computer Fraud and Abuse Act(1986)- Federal
  Statute to combat computer Crime
• Electronic Communications Privacy Act(1986)-
  Impose fine /imprisonment for individuals who
  access ,intercept, disclose the private emails
  communications to others.
• Computer Security Enhancement Act(2000) -
  Protects federal Government Systems from Hacking

6
Steps In Developing a Security Plan.

• Perform Risk Assessment
• Develop Security Policy
• Develop an Implementation Plan
• Create a Security Organization
• Perform a Security Audit

7
1.Perform Risk Assessment

• Assess Risk/ Points of vulnarability.
• What Information is at Risk?
• Customer Info, Business Activities, Secret
  Information? Eg Payroll?

8
2.Develop Security Policy

• Set of laws, rules, and practices that regulate
  how an organization manages, protects, and
  distributes sensitive information.
• Who generates and Controls information in the
  firm?
• What security policies are in place to protect
  the Info?
• Enhancements you recommend to improve security of
  most valuable assets.

9
3.Develop an Implementation Plan

• Action steps to achieve the security plan goals.
• Include
• What Technology to deploy to achieve the goals,
• New Employee Procedures needed?

10
4.Create a Security Organization

• Organizational unit incharge of security is
  required.
• Security Organizations educates, trains users
  ,keeps management aware of security threats and
  breakdowns and maintains tools chosen to
  implement security.

11

• Security Organizations Roles
• a)Administer Access Controls
• Determine which Insiders and Outsiders can gain
  legitimate access to your networks. Outside
  access controls include fire walls. Inside
  controls include usernames

12

• b)Authentication Procedures
• Verifying the identity of a user logging onto a
  network.
• Passwords,Digital Certificates,
• Biometrics(Finger Print/Retina scan), Public Key
  Infrastracture can be used to prove the identity
  of the client to the network.

13

• c.Authorization Policies
• Determine differing Levels of access of
  Information Assets for different levels of users.

14
5.Perform Security Audit

• Systematic evaluation of the security of a
  company's information system by measuring how
  well it conforms to a set of established
  criteria.

15

• This process is necessary to Determine the
  effectiveness of existing security controls,
• watch for system misuse/abuse by users
• verify compliance with current security policies,
• validate that documented procedures are followed,
• detect of anomalies or intrusions

16
The role of laws and public policy

• Private and Public Cooperation Efforts
• There are coorperations devoted to tracking down
  criminal organizations and individuals engaged in
  attacks against Internet and Ecommerce Sites such
  as CERT(Computer Emergency Readiness Team")

17
CERT Coordination Center

• Formed by the Defense Advanced Research Projects
  Agency (DARPA) in November 1988 after the
  Internet was assaulted in the Internet worm
  incident.
• CERT focuses on security breach and
  denial-of-service incidents, providing alerts and
  incident-handling and avoidance guidelines.
• CERT also conducts an ongoing public awareness
  campaign and engages in research aimed at
  improving security systems.
• Private Organization which Monitors and tracks
  online criminal activity reported to it by
  corporations and Government agencies that seeks
  out its help

18
Ecommerce Payment Systems

• A main requirements in e-commerce is the ability
  to accept a form of electronic payment.
• This form of electronic payment is referred to as
  financial electronic data interchange (FEDI).
• FEDI has become popular due to the widespread use
  of the internet based shopping and banking.

19
1. Credit Cards and Smart Cards

• In the early years of B2C, many consumers were
  apprehensive of using their credit cards over the
  internet because of fear that their credit card
  numbers would get stolen. However, due to
  increased security with credit card companies
  such as VISA, American Express, and MasterCard
  there is widespread use of credit card use over
  the internet.

20
Main Disadvantage

• 1.Security issues -. Private, sensitive
  information such as credit card numbers can be
  stolen or altered.
• The Merchant could be a criminal organization
  designed to collect credit card numbers and the
  Consumer could be a thief using stolen or
  fradulent cards

21
2.Financial Cyber-mediaries

• Companies that enable financial transactions to
  transpire over the internet.
• One of the most successful financial
  cybermediaries is PayPal. This free online
  service allows consumers and/or businesses to
  send money to anyone with an email address
• PayPal is accepted by thousands of businesses
  worldwide and is the preferred payment method on
  eBay.com.
• PayPal is now owned by ebay.com.

22
3. Electronic Bill Presentment and Payment(EBPP)

• Is a fairly new technique that allows consumers
  to view and pay bills electronically eg power
  bills, water, oil, internet, phone service, etc.
• EBPP systems send bills from service providers to
  individual consumers via the internet. The
  systems also enable payments to be made by
  consumers