Download
1 / 29
E N D
Introduction • What is online shopping security? These days, damaging threats like viruses, adware, spyware, scum ware, hacker attacks and even identity theft and fraud are a common occurrence. A recent survey suggested that people are generally more concerned about their online security & Internet safety than they are about their cars being broken into. What does this tell us?
Introduction • Online Security System is one of the hottest topics in the e-commerce industry today. Industry experts predict security issues on the Internet are the primary reasons many companies and consumers are hesitant to do business online. The Internet is a large-scale network of systems that is highly unbounded. This means it has no system of administrative control and no security policies. If there are security policies or laws they constantly need to be altered because of the changing technology.
Introduction • You are always up for an attack or an intrusion of your own privacy. Survivability is the key. Just the simple task of checking email, browsing, chartrooms, or even onlineshopping on e commerce websites can be harmful. You can be safe in this environment but you must always be on the alert for problems.
Under Pinning of system Any secure online shopping has to meet following four requirements: • Privacy: information must be kept from unauthorized parties. • Integrity: message must not be altered or tampered with. • Authentication: sender and recipient must prove their identities to each other. • Non-repudiation: proof is needed that the message was indeed received.
Under Pinning of system • Privacy is handled by encryption. In PKI (public key infrastructure) a message is encrypted by a public key, and decrypted by a private key. The public key is widely distributed, but only the recipient has the private key. For authentication (proving the identity of the sender, since only the sender has the particular key) the encrypted message is encrypted again, but this time with a private key. Such procedures form the basis of RSA (used by all banks and governments – banks provide a RSA secure token.) and PGP (Pretty Good Privacy, used to encrypt emails). Public key encryption is displayed as an image on next slide.
Under Pinning of system– Digital Signature • Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as throughout this page), a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also time stamped by a third party agency, which provides non-repudiation.
Under Pinning of system–Secure Socket Layer SSL • What about authentication? How does a customer know that the website receiving sensitive information is not set up by some other party posing as the e-merchant? They check the digital certificate. This is a digital document issued by the CA (certification authority: Verisign, Thawte, etc.) that uniquely identifies the merchant. Digital certificates are sold for emails, e-merchants and web-servers.
Under Pinning of system – Secure Socket Layer SSL Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. Individual packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates. See this logo in any SSL secured website.
Analysis of the Technology • Online Shopping has never been easier and more fun. In just a few clicks, we can jump from bazaars to boutiques to shopping malls across the continents. The Internet has become the world’s biggest marketplace and revolutionized our age-old activity of buying and selling things. • It’s easy to see why more and more people are switching on their computers instead of heading for the shops. Online shopping is hugely convenient and presents an unmatched range of products to choose from. Price comparison web sites offer instant analysis for bargain hunters, any time of the day. And instead of getting frustrated by queues and parking problems, we can chat online with other armchair consumers to share the best deals, product reviews and shopping tips.
Analysis of the Technology • Whether you are looking for Bolivian sports memorabilia or Tibetan prayer bells, using the web saves time and makes it simple to send gifts to family and friends. For many people, online auctions like eBay have become the preferred way of buying both new and used products. • But online shopping also has its risks. Browsing through the Internet’s never-ending supermarket may be entertaining virtual travel, but there is nothing ‘virtual’ about sending your credit card details across the Web. With billions of dollars exchanging hands on the Internet every day, online criminals make their money from unprotected or careless shoppers who don’t follow basic security measures.
Analysis of the Technology • Making secure payments There are also useful things to look out for when you have clicked on the ‘checkout’ button but have not yet typed in your credit card numbers or PayPal details. Many online shops display a closed padlock or unbroken key symbol and switch to a https:// address when you proceed to the checkout. Be reassured that https stands for Hypertext Transfer Protocol over Secure Socket Layer. Spotting that padlock or https should therefore bring a warm glow of relief to the face of every online shopper. It means that the sensitive information you send during the checkout process is encrypted and can’t be read by others. The padlock should be located in the address bar or status bar in Internet Explorer, or the navigation tool bar in Firefox. If it appears on the page itself, you have ran into a fraudulent web site.Paying by credit card is a good idea because you can usually get refunded if it has been wrongly charged by a shop or used fraudulently by someone else. Keep a sharp eye on your credit card statements and immediately contact your bank if unauthorized payments have been made on your card. Print out the e-mail order confirmations and receipts for your purchases. If you do have problems with a shop, remember that normal consumer rights also apply on the products that you buy on the Internet.
Analysis of the Technology • Safe habits save money Never, ever, buy anything advertised in a spam message. Junk mail offers that seem too good to be true are usually exactly that. They are scams designed to steal your personal details, to infect your computer with nasty stuff like spyware, and to part you from your money. Clicking on attachments or links in spam messages is simply asking for trouble. Also watch out for bogus messages asking you to verify your eBay, PayPal or online banking details. Reputable companies will never do that, so delete all such requests.The key to avoiding shopping disappointments on the Web is to follow your common sense, backed up by up-to-date security software. If you have any doubts about a web site, then spend your money elsewhere. With so many retailers at your fingertips who are prepared to make online shopping safe and enjoyable, it’s really not worth taking any risks.
Analysis of the Technology • Get ready for shopping actionIt’s your money at stake, so it pays to make sure that your online shopping experience is as safe as possible. Going online without any safety awareness or security software is nowadays a bit like deliberately jumping into in shark-infested waters. Before spending any money, it’s essential to make sure that your computer, Internet connection and web browser are all as secure as possible. F-Secure’s free Health Check pinpoints the possible security vulnerabilities on your PC and helps to make sure your system stays in good shape. If you do discover some problems and the constantly evolving world of Internet threats is not quite your area of expertise, then the first item in your shopping basket should be a security program for your computer. Software like F-Secure Internet Security 2009 keeps you protected and automatically updates your computer’s defences, wherever your online shopping expedition takes you. Now focus for a moment on the Internet connection that brings the world’s marketplace to your computer screen. Remember that it’s always risky to send personal information over the unsecured wireless networks found in cafés, libraries, airports or other local Hotspots. Messages sent over unsecured networks can be intercepted by outsiders. So before whipping out the credit card to complete a purchase, make sure you are on a secured broadband connection at home or work, or log on to a secured wireless network that requires a user name and password. Safe computer, safe connection, safe browser. The third preventive safety measure is to ensure that your Internet Explorer, Mozilla Firefox, or whatever browser you are using to surf the net, is up to date. Browsers without the latest security updates are vulnerable to attack by hackers and other malware merchants trying get inside your computer. Clicking on the update bubbles from Microsoft, Mozilla or other browser vendors helps to keep the baddies out. It’s that simple.
Analysis of the Technology • Buy from reputable storesSince you can’t physically touch the products or judge the trustworthiness of the salesperson, get into the habit of identifying the signs of a reputable web site. Just as you wouldn’t buy a Rolex watch for 20 euros from a shady character on the street corner, don’t take any chances with online vendors.The first alarm bells should start ringing if you have never heard of the shop, it doesn’t have a postal address, and nobody answers when you call the customer service contact number. A quick web search should reveal if the company really exists and whether anyone else has experienced problems dealing with it. Pop-up adverts and questionnaires jumping around the screen are another bad sign. Never write your personal details in the pop-ups that may appear when you are shopping around, unless you really want more spam e-mail in your inbox. If a shopping web site requires you to open an account and to log on with a password, make your passwords more secure by mixing upper case, lower case and special characters. Always scrutinize the product descriptions and shipping costs before buying something. Read the small print and make sure you know how to follow the status of your order in case of a delay. Most importantly, don’t forget to check the company’s refund policy so that you’re not left wearing the wrong-sized shoes.
Personal Response • I know it sounds like I think the internet's a den of iniquity. It's not, it's a mixed bag of people, some exceptionally neat and some exceptionally nasty. The best approach I can suggest is to just be cautious. It doesn't cost anything to be cautious about who you're dealing with, and it may save you some hassle in the long run. • Again, I'm not saying avoid the online shopping. That would be as dumb as saying avoid footpaths because that's where muggings happen. What I am is control what information you give out, and to whom. There are some points to remember:
Personal Response • Be cautious about giving out information about yourself - particularly your address and phone number. • Be cautious about narrowing down the search area by giving snippets of information - i.e. your Town, Your school, etc • Be alert to people who seem to want to know a lot about you. Sure, they may be normal people who are genuinely interested, but they also may be internet dirt bags. • Be cautious of people who're overly friendly or suggestive. Better safe than sorry
Personal Response • Be practical. The internet is a great place to meet people, but it's more difficult to tell what people are like. (Anyone can come across as a nice, caring, witty, charming and funny person on the internet. Hell, if I can pull it off, anyone can) • Be hugely cautious about meeting people in person. Especially alone, or in strange places. • Be cautious about giving out information about your friends too. Keep their information as private as (or more private than) your own.
Conclusion As the Internet has exploded so too has the number and type of online shopping websites. It is now possible to buy virtually anything online and as general confidence builds in the Internet, it is possible to become complacent or to take for granted the fact that your details will be stored correctly and not misused. However, there are some simple steps you can take when shopping online to protect yourself, your card details and your identity.
Conclusion • Is the Site Secure? When you first go onto a website you will see http:// at the left hand side of your browser bar. As soon as you are requested to put any personal information in, or to log in to a site of which you are already a member, this should become https:// and there should be a padlock emblem at the bottom of your browser. It is not sufficient for a website simply to state that it is secure, or that it has a privacy policy (which is how the website owners deal with your information once they have collected it.)
Conclusion • Is the Web Address Correct? Look at the address in the browser bar. Is it exactly the same as the web address you typed in to the browser bar? If you searched for the website by entering keywords in a search engine, are you sure that you’ve been directed to the right website? Some fraudsters will set up replica sites which look and feel exactly like the real site, but will be purely a way of capturing consumers’ private data.
Conclusion • Is there a Green Bar? A number of websites now have a green bar on the left hand side of the browser that shows you are entering a secure website and that all the content between your browser and the website will be encrypted. It’s important to remember that the presence of this green bar (called EV-SSL) that the website is secure does not mean that your entire online experience is secure.
Conclusion • Do you know who Owns/Operates the Site? If you’ve found the website by searching for generic keywords e.g. ‘buy digital radio’ then you may have found a company that you haven’t previously heard of, and not have any prior knowledge of its validity or reputation. If that is the case, you should do some research into them: they may have competitive prices, but you should also be sure that they will be willing to rectify any problems that you have (and bear in mind that they may not survive.) For this reason, it can be a better policy to ensure that you only shop with well known and/or trusted companies
Conclusion • Does the Site use Paypal or a Similar Third Party Payment System? Payment services such as Paypal ensure that the vendor never sees your card details, but vendors can be deterred from offering these payment services because of the fees involved (payable by the seller, not the buyer). However, if the vendor offers this method of payment you should consider using it because of the security benefits.
Conclusion • Is your Computer Sufficiently Protected? Do you have anti-virus software and a firewall that you update on a regular basis with patch installations (updates)? Although websites can be safe to use, your computer may have security weaknesses and you should always ensure that you are sufficiently protected when you go online. For this same reason it is also better to do your online shopping on your own computer, or a trusted computer, rather than from an Internet café or other public computer.
Online Shopping Security Thank You.
