lecture 5 electronic commerce security asst.prof. supakorn kungpisdan, ph.d. [email protected]
TRANSCRIPT
![Page 2: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/2.jpg)
Cyberwar Becomes a Reality
What is a DDoS attack? Why did it prove to be so effective against Estonia?
What are botnets? Why are they used in DDoS attacks?
What percentage of computers belong to botnets? What percentage of spam is sent by botnets?
Can anything be done to stop DDoS attacks?
NETE4630 Advanced Network Security and Implementation
2
![Page 3: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/3.jpg)
The E-commerce Security Environment: The Scope of the Problem
Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses
Symantec: Cybercrime on the rise from 2007
IC3: Processed 200,000+ Internet crime complaints
2007 CSI survey: 46% respondent firms detected security breach in last year
Underground economy marketplace that offers sales of stolen information growing
NETE4630 Advanced Network Security and Implementation
3
![Page 4: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/4.jpg)
Figure 5.1, Page 262Categories of Internet Crime Complaints Reported to IC3
NETE4630 Advanced Network Security and Implementation
4
![Page 5: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/5.jpg)
Types of Attacks Against Computer Systems
NETE4630 Advanced Network Security and Implementation
5
![Page 6: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/6.jpg)
What Is Good E-commerce Security?
To achieve highest degree of security New technologies Organizational policies and procedures Industry standards and government laws
Other factors Time value of money Cost of security vs. potential loss Security often breaks at weakest link
NETE4630 Advanced Network Security and Implementation
6
![Page 7: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/7.jpg)
E-Commerce Security Components
NETE4630 Advanced Network Security and Implementation
7
![Page 8: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/8.jpg)
Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security
NETE4630 Advanced Network Security and Implementation
8
![Page 9: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/9.jpg)
The Tension Between Security and Other Values
Security vs. ease of use:
The more security measures added, the more difficult a site is to use, and the slower it becomes
Security vs. desire of individuals to act anonymously
Use of technology by criminals to plan crimes or threaten nation-state
NETE4630 Advanced Network Security and Implementation
9
![Page 10: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/10.jpg)
Security Threats in the E-commerce Environment
Three key points of vulnerability:
Client
Server
Communications pipeline
NETE4630 Advanced Network Security and Implementation
10
![Page 11: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/11.jpg)
A Typical E-commerce Transaction
SOURCE: Boncella, 2000.
NETE4630 Advanced Network Security and Implementation
11
![Page 12: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/12.jpg)
Vulnerable Points in an E-commerce Environment
SOURCE: Boncella, 2000.
NETE4630 Advanced Network Security and Implementation
12
![Page 13: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/13.jpg)
Most Common Security Threats in the E-commerce Environment
Malicious code (viruses, worms, Trojans)
Unwanted programs (spyware, browser parasites)
Phishing/identity theft
Hacking and cyber-vandalism
Credit card fraud/theft
Spoofing (pharming)/spam (junk) Web sites
DoS and DDoS attacks
Sniffing
Insider attacks
Poorly designed server and client software
NETE4630 Advanced Network Security and Implementation
13
![Page 14: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/14.jpg)
Malicious Code
Viruses: Replicate and spread to other files; most deliver “payload”
(destructive or benign) Macro viruses, file-infecting viruses, script viruses
Worms: Designed to spread from computer to computer
Trojan horse: Appears benign, but does something other than expected
Bots: Covertly installed on computer; respond to external
commands sent by attacker
NETE4630 Advanced Network Security and Implementation
14
![Page 15: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/15.jpg)
Unwanted Programs
Installed without user’s informed consent
Browser parasites
Can monitor and change settings of a user’s browser
Adware
Calls for unwanted pop-up ads
Spyware
Can be used to obtain information, such as a user’s keystrokes, e-mail, IMs, etc.
NETE4630 Advanced Network Security and Implementation
15
![Page 16: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/16.jpg)
Phishing and Identity Theft
Any deceptive, online attempt by a third party to obtain confidential information for financial gain, e.g.
E-mail scam letter – most popular phishing attack
Spoofing legitimate financial institution’s Web site
Use information to commit fraudulent acts (access checking accounts), steal identity
One of fastest growing forms of e-commerce crime
NETE4630 Advanced Network Security and Implementation
16
![Page 17: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/17.jpg)
Hacking and Cyber-vandalism
Hacker: Individual who intends to gain unauthorized access to
computer systems
Cracker: Hacker with criminal intent
Cyber-vandalism: Intentionally disrupting, defacing, destroying Web site
Types of hackers White hats Black hats Grey hats
NETE4630 Advanced Network Security and Implementation
17
![Page 18: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/18.jpg)
Credit Card Fraud
Fear of stolen credit card information deters online purchases
Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity
Online companies at higher risk than offline
In development: New identity verification mechanisms
NETE4630 Advanced Network Security and Implementation
18
![Page 19: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/19.jpg)
Spoofing (Pharming) and Spam (Junk) Web Sites
Spoofing (Pharming)
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else
Threatens integrity of site; authenticity
Spam (Junk) Web sites
Use domain names similar to legitimate one, redirect traffic to spammer-redirection domains
NETE4630 Advanced Network Security and Implementation
19
![Page 20: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/20.jpg)
DoS and DDoS Attacks
Denial of service (DoS) attack
Hackers flood Web site with useless traffic to inundate and overwhelm network
Distributed denial of service (DDoS) attack
Hackers use multiple computers to attack target network from numerous launch points
NETE4630 Advanced Network Security and Implementation
20
![Page 21: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/21.jpg)
Other Security Threats
Sniffing:
Eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network
Insider jobs
Single largest financial threat
Poorly designed server and client software
Increase in complexity of software programs has contributed to increase in vulnerabilities that hackers can exploit
NETE4630 Advanced Network Security and Implementation
21
![Page 22: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/22.jpg)
Technology Solutions
Protecting Internet communications (encryption)
Securing channels of communication (SSL, S-HTTP, VPNs)
Protecting networks (firewalls)
Protecting servers and clients
NETE4630 Advanced Network Security and Implementation
22
![Page 23: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/23.jpg)
Tools Available to Achieve Site Security
NETE4630 Advanced Network Security and Implementation
23
![Page 24: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/24.jpg)
Protecting Internet CommunicationsEncryption
Encryption
Transforming plain text, data into cipher text that can’t be read by anyone other than sender and receiver
Secures stored information and information transmission
Provides:
Message integrity
Nonrepudiation
Authentication
Confidentiality
NETE4630 Advanced Network Security and Implementation
24
![Page 25: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/25.jpg)
Encryption
NETE4630 Advanced Network Security and Implementation
25
![Page 26: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/26.jpg)
Hash Function
NETE4630 Advanced Network Security and Implementation
26
![Page 27: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/27.jpg)
Digital Envelope
NETE4630 Advanced Network Security and Implementation
27
![Page 28: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/28.jpg)
Digital Certificates and PKI
Digital certificate includes: Name of subject/company Subject’s public key Digital certificate serial number Expiration date, issuance date Digital signature of certification authority (trusted third
party institution) that issues certificate Other identifying information
Public Key Infrastructure (PKI): CAs and digital certificate procedures that are accepted by all parties
NETE4630 Advanced Network Security and Implementation
28
![Page 29: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/29.jpg)
Digital Certificates and CAs
NETE4630 Advanced Network Security and Implementation
29
![Page 30: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/30.jpg)
Limits to Encryption Solutions
PKI applies mainly to protecting messages in transit
PKI is not effective against insiders
Protection of private keys by individuals may be haphazard
No guarantee that verifying computer of merchant is secure
CAs are unregulated, self-selecting organizations
NETE4630 Advanced Network Security and Implementation
30
![Page 31: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/31.jpg)
In Pursuit of E-mail PrivacyDiscussion
What are some of the current risks and problems with using e-mail?
What are some of the technology solutions that have been developed?
Are these solutions compatible with modern law?
Consider the benefits of a thorough business record retention policy. Do you agree that these benefits are worth giving up some control of your e-mail?
NETE4630 Advanced Network Security and Implementation
31
![Page 32: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/32.jpg)
Securing Channels of Communication
Secure Sockets Layer (SSL): Establishes a secure, negotiated client-server session in
which URL of requested document, along with contents, is encrypted
S-HTTP: Provides a secure message-oriented communications
protocol designed for use in conjunction with HTTP
Virtual Private Network (VPN): Allows remote users to securely access internal network
via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
NETE4630 Advanced Network Security and Implementation
32
![Page 33: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/33.jpg)
SSL or TLS
NETE4630 Advanced Network Security and Implementation
33
![Page 34: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/34.jpg)
Protecting Networks
Firewall Hardware or software that filters packets
Prevents some packets from entering the network based on security policy
Two main methods:
Packet filters Application gateways
Proxy servers (proxies) Software servers that handle all communications originating
from or being sent to the Internet
NETE4630 Advanced Network Security and Implementation
34
![Page 35: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/35.jpg)
Figure 5.15, Page 298Firewalls and Proxy Servers
NETE4630 Advanced Network Security and Implementation
35
![Page 36: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/36.jpg)
Protecting Servers and Clients
Operating system controls:
Authentication and access control mechanisms
Anti-virus software:
Easiest and least expensive way to prevent threats to system integrity
Requires daily updates
NETE4630 Advanced Network Security and Implementation
36
![Page 37: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/37.jpg)
Management Policies, Business Procedures, and Public Laws
U.S. firms and organizations spend 10% of IT budget on security hardware, software, services
Attacks against organizational computers down
Attacks against Web sites, individual records up
Technology a foundation of security
Effective management policies also required
NETE4630 Advanced Network Security and Implementation
37
![Page 38: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/38.jpg)
A Security Plan: Management Policies
Risk assessment
Security policy
Implementation plan Security organization Access controls Authentication procedures
Biometrics Authorization policies
Authorization management systems
Security audit
NETE4630 Advanced Network Security and Implementation
38
![Page 39: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/39.jpg)
Developing Security Plan
NETE4630 Advanced Network Security and Implementation
39
![Page 40: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/40.jpg)
Types of Payment Systems
Cash
Checking Transfer
Credit Card
Stored Value
Accumulated Balance
NETE4630 Advanced Network Security and Implementation
40
![Page 41: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/41.jpg)
Cash
Legal tender
Most common form of payment in terms of number of transactions
Instantly convertible into other forms of value without intermediation
Portable, requires no authentication
“Free” (no transaction fee), anonymous, low cognitive demands
Limitations: easily stolen, limited to smaller transaction, does not provide any float
NETE4630 Advanced Network Security and Implementation
41
![Page 42: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/42.jpg)
Checking Transfer
Funds transferred directly via signed draft/check from a consumer’s checking account to merchant/ other individual
Most common form of payment in terms of amount spent
Can be used for small and large transactions
Some float
Not anonymous, requires third-party intervention (banks)
Introduces security risks for merchants (forgeries, stopped payments), so authentication typically required
NETE4630 Advanced Network Security and Implementation
42
![Page 43: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/43.jpg)
Credit Card
Represents account that extends credit to consumers; allows consumers to make payments to multiple vendors at one time
Credit card associations: Nonprofit associations (Visa, MasterCard) that set
standards for issuing banks
Issuing banks: Issue cards and process transactions
Processing centers (clearinghouses): Handle verification of accounts and balances
NETE4630 Advanced Network Security and Implementation
43
![Page 44: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/44.jpg)
Stored Value
Accounts created by depositing funds into an account and from which funds are paid out or withdrawn as needed
Examples: Debit cards, gift certificates, prepaid cards, smart cards
Peer-to-peer payment systems
Variation on stored value systems
e.g. PayPal
NETE4630 Advanced Network Security and Implementation
44
![Page 45: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/45.jpg)
Accumulating Balance
Accounts that accumulate expenditures and to which consumers make period payments
Examples: Utility, phone, American Express accounts
Evaluating payment systems:
Different stakeholders (consumers, merchants, financial intermediaries, government regulators) have different priorities in payment system dimensions (refutability, risk, anonymity, etc.)
NETE4630 Advanced Network Security and Implementation
45
![Page 46: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/46.jpg)
NETE4630 Advanced Network Security and Implementation
46
![Page 47: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/47.jpg)
E-commerce Payment Systems
Credit cards are dominant form of online payment, accounting for around 60% of online payments in 2008
Other e-commerce payment systems:
Digital wallets
Digital cash
Online stored value payment systems
Digital accumulating balance systems
Digital checking
NETE4630 Advanced Network Security and Implementation
47
![Page 48: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/48.jpg)
E-payment System
NETE4630 Advanced Network Security and Implementation
48
![Page 49: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/49.jpg)
Limitations of Online Credit Card Payment Systems
Security:
Neither merchant nor consumer can be fully authenticated
Cost:
For merchants, around 3.5% of purchase price plus transaction fee of 20 – 30 cents per transaction
Social equity:
Many people do not have access to credit cards
NETE4630 Advanced Network Security and Implementation
49
![Page 50: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/50.jpg)
Digital Wallets
Seeks to emulate the functionality of traditional wallet
Most important functions:
Authenticate consumer through use of digital certificates or other encryption methods
Store and transfer value
Secure payment process from consumer to merchant
Early efforts to popularize have failed
Newest effort: Google Checkout
NETE4630 Advanced Network Security and Implementation
50
![Page 51: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/51.jpg)
Digital Cash
One of the first forms of alternative payment systems
Not really “cash” Form of value storage and value exchange using tokens
that has limited convertibility into other forms of value, and requires intermediaries to convert
Most early examples have disappeared; protocols and practices too complex
NETE4630 Advanced Network Security and Implementation
51
![Page 52: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/52.jpg)
Online Stored Value Systems
Permit consumers to make instant, online payments to merchants and other individuals
Based on value stored in a consumer’s bank, checking, or credit card account
PayPal most successful system Smart cards
Contact smart cards: Require physical reader Mondex
Contactless smart cards: Use RFID EZPass Octopus
NETE4630 Advanced Network Security and Implementation
52
![Page 53: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/53.jpg)
Allows users to make micropayments and purchases on the Web
Users accumulate a debit balance for which they are billed at the end of the month
Valista’s PaymentsPlus
Clickshare
Micropayment
NETE4630 Advanced Network Security and Implementation
53
![Page 54: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/54.jpg)
Digital Checking Payment Systems
Extends functionality of existing checking accounts for use as online shopping payment tool
Example: PayByCheck
NETE4630 Advanced Network Security and Implementation
54
![Page 55: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/55.jpg)
Wireless Payment Systems
Use of mobile handsets as payment devices well-established in Europe, Japan, South Korea
Japanese mobile payment systems
E-money (stored value)
Mobile debit cards
Mobile credit cards
Not as well established yet in U.S, but with growth in Wi-Fi and 3G cellular phone systems, this is beginning to change
NETE4630 Advanced Network Security and Implementation
55
![Page 56: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/56.jpg)
Electronic Billing Presentment and Payment (EBPP)
Online payment systems for monthly bills
50% of households in 2008 used some EBPP; expected to grow to 75% by 2012
Two competing EBPP business models:
Biller-direct: Dominant model
Consolidator: Third party aggregates consumer’s bills
Both models are supported by EBPP infrastructure providers
NETE4630 Advanced Network Security and Implementation
56
![Page 57: Lecture 5 Electronic Commerce Security Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th](https://reader030.vdocument.in/reader030/viewer/2022032803/56649e225503460f94b0fd62/html5/thumbnails/57.jpg)
Questions?Next lecture: Information Security Standards
NETE4630 Advanced Network Security and Implementation