際際滷

際際滷Share a Scribd company logo

Security issues in e commerce

Download as PPTX, PDF
S
sadaf tst

The document discusses various security issues in e-commerce, including privacy, authentication, non-repudiation, phishing, confidentiality, security threats like denial of service attacks and unauthorized access, and types of fraud. It outlines authentication versus authorization and describes technologies used for security like encryption, decryption, cryptography, biometrics, and two-step verification.

1 of 42
Downloaded 533 times
Security issues in e commerce
SECURITY ISSUES IN E-COMMERCE PRESENTED BY: SADAF WAJID ALI
CONTENTS INTRODUCTION TO SECURITY ISSUES TYPES OF ISSUES PRIVACY AUTHENTICATION NON-REPUDIATION PHISHING CONFIDENTIALITY
遺或鰻意鴛鰻雨掘 SECURITY THREATS DENIAL OF SERVICES UNAUTHORIZED ACCESS THEFT AND FRAUD
遺或鰻意鴛鰻雨掘 TYPES OF SECURITIES ENCRYPTION DECRYPTION CRYPTOGRAPHY BIOMETRIC
INTRODUCTION E-COMMERCE CAN BE CLEARLY DEFINED AS THE BUYING AND SELLING OF SER- VICES OVER INTERNET. IT CAN ALSO BE REFERRED TO AS E-BUSINESS. WIKIPEDIA DESCRIBES MOBILE COMMERCE AS THE DELIVERY OF ELECTRONIC COMMERCE CAPABILITIES DIRECTLY INTO THE CONSUMERS HAND. THERES AN INCREASES IN E-COMMERCE AND AS A RESULT THIS HAS LED TO A LOT OF SECURITY ISSUES PARTICULARLY IN THE MOBILE COMMERCE ARENA. PEOPLE USING THE INTERNET FOR COMMERCIAL TRANSACTIONS ALWAYS REMAIN AT RISK OF THEIR CONFIDENTIAL INFORMATION (PASS, CREDIT CARD)
BASIC SECURITY AUTHENTICATION AUTHORIZATION CONFIDENTIALITY INTEGRITY NON-REPUDIATION
AUTHENTICATION AUTHENTICATION IS DEFINED AS ESTABLISHING THE IDENTITY OF ONE PARTY TO ANOTHER. AUTHENTICATION MECHANISMS ALWAYS WORK IN TWO DIRECTIONS USER THAT HAS TO PROVE HIS IDENTIFY TO AN INFORMATION SYSTEM THE INFORMATION SYSTEM HAS TO CONFIRM THIS IDENTITY ONCE THE AUTHENTICATION TO A SYSTEM IS PERFORMED CORRECTLY, THE USER IS AUTHORIZED FOR FURTHER ACTIONS E.G. EDITING PERSONAL SETTINGS OR CLOSING CONTRACTS.
AUTHENTICATION
AUTHORIZATION AUTHORIZATION IS THE PROCESS OF GIVING SOMEONE PERMISSION TO DO OR HAVE SOMETHING. THE PROCESS OF GRANTING OR DENYING ACCESS TO A NETWORK RESOURCE. MOST COMPUTER SECURITY SYSTEMS ARE BASED ON A TWO-STEP PROCESS. THE FIRST STAGE IS AUTHENTICATION WHICH ENSURES THAT A USER IS WHO HE OR SHE CLAIMS TO BE THE SECOND STAGE IS AUTHORIZATION, WHICH ALLOWS THE USER ACCESS TO VARIOUS RESOURCES BASED ON THE USER'S IDENTITY. IN MULTI-USER COMPUTER SYSTEMS, A SYSTEM ADMINISTRATOR DEFINES FOR THE SYSTEM WHICH USERS ARE ALLOWED ACCESS TO THE SYSTEM AND WHAT PRIVILEGES OF USE E.G.: ACCESS TO WHICH FILE DIRECTORIES, HOURS OF ACCESS, AMOUNT OF ALLOCATED STORAGE SPACE, AND SO FORTH.
遺或鰻意鴛鰻雨掘
遺或鰻意鴛鰻雨掘
DIFFERENCE B/W THEM
CONFIDENTIALITY CONFIDENTIALITY IS THE PROTECTION OF PERSONAL INFORMATION. MEANS KEEPING A CLIENTS INFORMATION BETWEEN YOU AND THE CLIENT, AND NOT TELLING OTHERS INCLUDING CO-WORKERS, FRIENDS, FAMILY, ETC. INDIVIDUAL FILES ARE LOCKED AND SECURED SUPPORT WORKERS DO NOT TELL OTHER PEOPLE WHAT IS IN A CLIENTS FILE UNLESS THEY HAVE PERMISSION FROM THE CLIENT INFORMATION ABOUT CLIENTS IS NOT TOLD TO PEOPLE WHO DO NOT NEED TO KNOW
遺或鰻意鴛鰻雨掘 THE TYPES OF INFORMATION THAT IS CONSIDERED CONFIDENTIAL CAN INCLUDE: NAME, DATE OF BIRTH, AGE, SEX AND ADDRESS CURRENT CONTACT DETAILS OF FAMILY, GUARDIAN ETC BANK DETAILS SERVICE RECORDS AND FILE PROGRESS NOTES INDIVIDUAL PERSONAL PLANS INCOMING OR OUTGOING PERSONAL CORRESPONDENCE. PRIVACY IS ABOUT PEOPLE. CONFIDENTIALITY IS ABOUT DATA.
INTEGRITY IT REFERS TO THE CORRECTNESS AND COMPLETENESS OF DATA. RELIABLE AND TRUSTABLE (ERROR FREE DATA). BY LOGICAL MEANS (IN THE DATA BASE DATA MUST BE CONSISTENT) ENSURING THAT INFORMATION WILL NOT BE ACCIDENTLY OR MALICIOUSLY ALTERED OR DESTROYED.
NON REPUDIATION NONREPUDIATION IS THE ASSURANCE THAT SOMEONE CANNOT DENY SOMETHING. TO REPUDIATE MEANS TO DENY. FOR MANY YEARS, AUTHORITIES HAVE SOUGHT TO MAKE REPUDIATION IMPOSSIBLE IN SOME SITUATIONS. YOU MIGHT SEND REGISTERED MAIL, FOR EXAMPLE, SO THE RECIPIENT CANNOT DENY THAT A LETTER WAS DELIVERED. SIMILARLY, A LEGAL DOCUMENT TYPICALLY REQUIRES WITNESSES TO SIGNING SO THAT THE PERSON WHO SIGNS CANNOT DENY HAVING DONE SO.
遺或鰻意鴛鰻雨掘 A DIGITAL SIGNATURE IS USED NOT ONLY TO ENSURE THAT A MESSAGE OR DOCUMENT HAS BEEN ELECTRONICALLY SIGNED BY THE PERSON BUT ALSO, SINCE A DIGITAL SIGNATURE CAN ONLY BE CREATED BY ONE PERSON TO ENSURE THAT A PERSON CANNOT LATER DENY THAT THEY FURNISHED THE SIGNATURE. SINCE NO SECURITY TECHNOLOGY IS ABSOLUTELY FOOL-PROOF, IT IS SUGGESTED THAT MULTIPLE APPROACHES BE USED, SUCH AS CAPTURING UNIQUE BIOMETRIC INFORMATION AND OTHER DATA ABOUT THE SENDER OR SIGNER THAT COLLECTIVELY WOULD BE DIFFICULT TO REPUDIATE.
THE BIGGEST E-COMMERCE SECURITY ISSUES PRIVACY ISSUES PHISHING
PRIVACY COMPROMISED PRIVACY IS ONE OF THE MOST COMPLICATED PROBLEM. THEY GATHER, AND THEY ARE RESPONSIBLE FOR, PERSONAL DATA THAT ARE IDENTIFIABLE, AND MAY TRIGGER IDENTITY THEFT AND IMPERSONATION. CURRENTLY, ANY RISK TAKEN IN THE FORM OF AN E-COMMERCE TRANSACTION LIES IN THE HANDS OF THE PROVIDER. FOR EXAMPLE, PAYPAL, AMAZON ETC FORTY-ONE PERCENT OF WEB BUYERS SURVEYED LAST YEAR THEY SAID THEY HAVE CONTACTED A SITE TO BE TAKEN OFF THEIR DATABASES BECAUSE THEY FELT THAT THE ORGANIZATION USED THEIR
遺或鰻意鴛鰻雨掘 MOST ONLINE CONSUMERS ARE AWARE THAT VARIOUS WEBSITES ARE COLLECT- ING AND STORING THEIR PRIVATE INFORMATION. THEY FEAR, SOMETIMES RIGHTLY, THAT IF THIS DATA WERE TO FALL INTO THE WRONG HANDS, THEY COULD BE IMPERSONATED AND PERHAPS LEFT OUT OF POCKET
PHISHING IT IS THE CRIMINALLY FRAUDULENT PROCESS TO ACQUIRE SENSITIVE INFORMATION SUCH AS USERNAMES, PASSWORDS AND CREDIT CARD DETAILS, BY PRETENDING AS A TRUSTWORTHY ENTITY. PHISHING SCAMS GENERALLY ARE CARRIED OUT BY EMAILING THE VICTIM WITH A FRAUDULENT EMAILS. WHEN THE VICTIM FOLLOWS THE LINK EMBEDDED WITHIN THE EMAIL THEY ARE BROUGHT TO AN ELABORATE AND SOPHISTICATED DUPLICATE OF THE LEGITIMATE ORGANIZATIONS WEBSITE. PHISHING ATTACKS GENERALLY TARGET BANK CUSTOMERS, ONLINE AUCTION SITES (SUCH AS EBAY), ONLINE RETAILERS (SUCH AS AMAZON)
遺或鰻意鴛鰻雨掘
SECURITY THREATS DENIAL OF SERVICES UNAUTHORIZED ACCESS THEFT AND FRAUD
DENIAL OF SERVICES ATTACK DENIAL OF SERVICE (DOS) ATTACKS CONSIST OF OVERWHELMING A SERVER, A NETWORK OR A WEBSITE IN ORDER TO PARALYZE ITS NORMAL ACTIVITY . DEFENDING AGAINST DOS ATTACKS IS ONE OF THE MOST CHALLENGING SECURITY PROBLEMS ON THE INTERNET TODAY. SYMPTOMS OF DENIAL-OF-SERVICE ATTACKS TO INCLUDE UNUSUALLY SLOW NETWORK PERFORMANCE UNAVAILABILITY OF A PARTICULAR WEB SITE
遺或鰻意鴛鰻雨掘 INABILITY TO ACCESS ANY WEB SITE DRAMATIC INCREASE IN THE NUMBER OF SPAM EMAILS RECEIVED PHLASHING ALSO KNOWN AS A PERMANENT DENIAL-OF-SERVICE (PDOS) IS AN ATTACK THAT DAMAGES A SYSTEM SO BADLY THAT IT REQUIRES REPLACEMENT OR REINSTALLATION OF HARDWARE RECENTLY TWITTER WAS THE SUBJECT OF A DOS ATTACK.
Security issues in e commerce
UNAUTHORIZED ACCESS WHEN A PERSON WHO DOES NOT HAVE PERMISSION TO CONNECT TO OR USE A SYSTEM GAINS ENTRY IN A MANNER UN-INTENDED BY THE SYSTEM OWNER. THE POPULAR TERM FOR THIS IS HACKING INFORMATION TO SECURE YOUR SYSTEM : CHANGE PASSWORDS OFTEN. IT IS RECOMMENDED AT LEAST ONCE EVERY FEW MONTHS. CREATE A BIOS PASSWORD. WHEN CREATING A PASSWORD, ADD NUMBERS OR OTHER CHARACTERS TO THE PASSWORD TO MAKE IT MORE DIFFICULT TO GUESS; FOR EXAMPLE: 1MYPASSWORD23!.
THEFT AND FRAUD CARD-BASED PAYMENTS FRAUD: INTERNET PAYMENT FRAUD IS CONSTANTLY INCREASING, AND IS, APPARENTLY, UNSTOPPABLE THE NUMBER OF FRAUD CASES HAS INCREASED BY 19 PERCENT COMPARED TO 2013 FRAUD IS NOT EXCLUSIVE TO CREDIT CARD PAYMENTS USE OF MALWARE TO COMMAND ONLINE BANKING LOGINS VIA PHONES, TABLETS AND COMPUTERS USING THE STOLEN BANK ACCOUNT DETAILS TO MAKE FRAUDULENT PAYMENTS ALTERNATIVE PAYMENT METHODS ARE ALSO ATTRACTING CRIMINALS FRAUD OCCURS WHEN THE STOLEN DATA IS USED OR MODIFIED.
DIFFERENCE FRAUD HAS THE INTENTION OF HIDING THE CRIMINAL ACT OF STEALING, WHILE THEFT DOES NOT. THIEVES KNOW THEY CANT HIDE THE ACT SO THEY DONT MAKE MUCH EFFORT TO HIDE IT, WHILE THE FRAUDSTER MAKES AN EXTRA EFFORT TO HIDE THE ACT. BANK ROBBERY IS THEFT WHILE BANK EMBEZZLEMENT(GHAPLA) IS FRAUD.
TYPES OF SECURITIES ENCRYPTION DECRYPTION CRYPTOGRAPHY BIOMETRIC TWO STEP VERIFICATION
ENCRYPTION THUS "ENCRYPTION" BASICALLY IS SOME PROCESS OR ALGORITHM (KNOWN AS A CIPHER) TO MAKE INFORMATION HIDDEN OR SECRET THE PROCESS OF SCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS DIFFICULT, EXPECTING OR TIME CONSUMING FOR AN UNAUTHORIZED PERSON TO UNSCRAMBLE (DECRYPT) IT. METHODS OF ENCRYPTION: HASHING, SYMMETRIC METHODS ,ASYMMETRIC METHODS
Security issues in e commerce
DECRYPTION THE PROCESS OF UNSCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS UNDERSTAND BY UNAUTHORIZED PERSON.
遺或鰻意鴛鰻雨掘
CRYPTOGRAPHY CRYPTO" STANDS FOR "HIDDEN, SECRET", AND "GRAPHY" DENOTES "A PROCESS OR FORM OF DRAWING, WRITING, REPRESENTING, RECORDING, DESCRIBING, ETC., CRYPTOGRAPHY IS THE SCIENCE CONCERNED WITH THE STUDY OF SECRET COMMUNICATION THE CONVERSION OF INFORMATION FROM A READABLE STATE TO APPARENT NONSENSE.
BIOMETRIC IT REPLACES THE TRADITIONAL VERIFICATION METHODS OF SHOWING IDENTITY CARDS OR ENTERING PASSWORDS WITH THE SCANNING OF FINGERPRINTS, FACE OR A PALM. BIOMETRICS ALSO INCLUDES THE IDENTIFICATION OF BEHAVIORAL ASPECTS SUCH AS VOICE SIGNATURE OR THE WAY A USER STRIKES THE KEYS ON A KEYBOARD.
遺或鰻意鴛鰻雨掘 BIOMETRICS ASSISTS CUSTOMERS IN RETAINING THEIR IDENTITY RATHER THAN REMEMBERING PASSWORDS, CODES, OR SECRET QUESTIONS.
TECHNOLOGIES USED TODAY
TWO STEP VERIFICATION TWO-STEP VERIFICATION IS A PROCESS THAT INVOLVES TWO AUTHENTICATION METHODS PERFORMED ONE AFTER THE OTHER TO VERIFY THAT SOMEONE OR SOMETHING REQUESTING TO ACCESS IS WHO OR WHAT THEY ARE DECLARED TO BE. 2-STEP VERIFICATION. YOU ADD AN EXTRA LAYER OF SECURITY TO YOUR ACCOUNT. YOU SIGN IN WITH SOMETHING YOU KNOW (YOUR PASSWORD) AND SOMETHING YOU HAVE (A CODE SENT TO YOUR PHONE). EVEN IF SOMEONE ELSE FINDS YOUR PASSWORD, THEY'LL BE STOPPED IF THEY DON'T HAVE ACCESS TO YOUR SECURITY INFO
遺或鰻意鴛鰻雨掘 IF YOU TURN ON TWO-STEP VERIFICATION, YOULL GET A SECURITY CODE TO YOUR EMAIL, PHONE, OR AUTHENTICATOR APP EVERY TIME YOU SIGN IN ON A DEVICE THAT ISN'T TRUSTED.
Security issues in e commerce

More Related Content

Security issues in e commerce

  • 2. SECURITY ISSUES IN E-COMMERCE PRESENTED BY: SADAF WAJID ALI
  • 3. CONTENTS INTRODUCTION TO SECURITY ISSUES TYPES OF ISSUES PRIVACY AUTHENTICATION NON-REPUDIATION PHISHING CONFIDENTIALITY
  • 4. 遺或鰻意鴛鰻雨掘 SECURITY THREATS DENIAL OF SERVICES UNAUTHORIZED ACCESS THEFT AND FRAUD
  • 5. 遺或鰻意鴛鰻雨掘 TYPES OF SECURITIES ENCRYPTION DECRYPTION CRYPTOGRAPHY BIOMETRIC
  • 6. INTRODUCTION E-COMMERCE CAN BE CLEARLY DEFINED AS THE BUYING AND SELLING OF SER- VICES OVER INTERNET. IT CAN ALSO BE REFERRED TO AS E-BUSINESS. WIKIPEDIA DESCRIBES MOBILE COMMERCE AS THE DELIVERY OF ELECTRONIC COMMERCE CAPABILITIES DIRECTLY INTO THE CONSUMERS HAND. THERES AN INCREASES IN E-COMMERCE AND AS A RESULT THIS HAS LED TO A LOT OF SECURITY ISSUES PARTICULARLY IN THE MOBILE COMMERCE ARENA. PEOPLE USING THE INTERNET FOR COMMERCIAL TRANSACTIONS ALWAYS REMAIN AT RISK OF THEIR CONFIDENTIAL INFORMATION (PASS, CREDIT CARD)
  • 7. BASIC SECURITY AUTHENTICATION AUTHORIZATION CONFIDENTIALITY INTEGRITY NON-REPUDIATION
  • 8. AUTHENTICATION AUTHENTICATION IS DEFINED AS ESTABLISHING THE IDENTITY OF ONE PARTY TO ANOTHER. AUTHENTICATION MECHANISMS ALWAYS WORK IN TWO DIRECTIONS USER THAT HAS TO PROVE HIS IDENTIFY TO AN INFORMATION SYSTEM THE INFORMATION SYSTEM HAS TO CONFIRM THIS IDENTITY ONCE THE AUTHENTICATION TO A SYSTEM IS PERFORMED CORRECTLY, THE USER IS AUTHORIZED FOR FURTHER ACTIONS E.G. EDITING PERSONAL SETTINGS OR CLOSING CONTRACTS.
  • 10. AUTHORIZATION AUTHORIZATION IS THE PROCESS OF GIVING SOMEONE PERMISSION TO DO OR HAVE SOMETHING. THE PROCESS OF GRANTING OR DENYING ACCESS TO A NETWORK RESOURCE. MOST COMPUTER SECURITY SYSTEMS ARE BASED ON A TWO-STEP PROCESS. THE FIRST STAGE IS AUTHENTICATION WHICH ENSURES THAT A USER IS WHO HE OR SHE CLAIMS TO BE THE SECOND STAGE IS AUTHORIZATION, WHICH ALLOWS THE USER ACCESS TO VARIOUS RESOURCES BASED ON THE USER'S IDENTITY. IN MULTI-USER COMPUTER SYSTEMS, A SYSTEM ADMINISTRATOR DEFINES FOR THE SYSTEM WHICH USERS ARE ALLOWED ACCESS TO THE SYSTEM AND WHAT PRIVILEGES OF USE E.G.: ACCESS TO WHICH FILE DIRECTORIES, HOURS OF ACCESS, AMOUNT OF ALLOCATED STORAGE SPACE, AND SO FORTH.
  • 14. CONFIDENTIALITY CONFIDENTIALITY IS THE PROTECTION OF PERSONAL INFORMATION. MEANS KEEPING A CLIENTS INFORMATION BETWEEN YOU AND THE CLIENT, AND NOT TELLING OTHERS INCLUDING CO-WORKERS, FRIENDS, FAMILY, ETC. INDIVIDUAL FILES ARE LOCKED AND SECURED SUPPORT WORKERS DO NOT TELL OTHER PEOPLE WHAT IS IN A CLIENTS FILE UNLESS THEY HAVE PERMISSION FROM THE CLIENT INFORMATION ABOUT CLIENTS IS NOT TOLD TO PEOPLE WHO DO NOT NEED TO KNOW
  • 15. 遺或鰻意鴛鰻雨掘 THE TYPES OF INFORMATION THAT IS CONSIDERED CONFIDENTIAL CAN INCLUDE: NAME, DATE OF BIRTH, AGE, SEX AND ADDRESS CURRENT CONTACT DETAILS OF FAMILY, GUARDIAN ETC BANK DETAILS SERVICE RECORDS AND FILE PROGRESS NOTES INDIVIDUAL PERSONAL PLANS INCOMING OR OUTGOING PERSONAL CORRESPONDENCE. PRIVACY IS ABOUT PEOPLE. CONFIDENTIALITY IS ABOUT DATA.
  • 16. INTEGRITY IT REFERS TO THE CORRECTNESS AND COMPLETENESS OF DATA. RELIABLE AND TRUSTABLE (ERROR FREE DATA). BY LOGICAL MEANS (IN THE DATA BASE DATA MUST BE CONSISTENT) ENSURING THAT INFORMATION WILL NOT BE ACCIDENTLY OR MALICIOUSLY ALTERED OR DESTROYED.
  • 17. NON REPUDIATION NONREPUDIATION IS THE ASSURANCE THAT SOMEONE CANNOT DENY SOMETHING. TO REPUDIATE MEANS TO DENY. FOR MANY YEARS, AUTHORITIES HAVE SOUGHT TO MAKE REPUDIATION IMPOSSIBLE IN SOME SITUATIONS. YOU MIGHT SEND REGISTERED MAIL, FOR EXAMPLE, SO THE RECIPIENT CANNOT DENY THAT A LETTER WAS DELIVERED. SIMILARLY, A LEGAL DOCUMENT TYPICALLY REQUIRES WITNESSES TO SIGNING SO THAT THE PERSON WHO SIGNS CANNOT DENY HAVING DONE SO.
  • 18. 遺或鰻意鴛鰻雨掘 A DIGITAL SIGNATURE IS USED NOT ONLY TO ENSURE THAT A MESSAGE OR DOCUMENT HAS BEEN ELECTRONICALLY SIGNED BY THE PERSON BUT ALSO, SINCE A DIGITAL SIGNATURE CAN ONLY BE CREATED BY ONE PERSON TO ENSURE THAT A PERSON CANNOT LATER DENY THAT THEY FURNISHED THE SIGNATURE. SINCE NO SECURITY TECHNOLOGY IS ABSOLUTELY FOOL-PROOF, IT IS SUGGESTED THAT MULTIPLE APPROACHES BE USED, SUCH AS CAPTURING UNIQUE BIOMETRIC INFORMATION AND OTHER DATA ABOUT THE SENDER OR SIGNER THAT COLLECTIVELY WOULD BE DIFFICULT TO REPUDIATE.
  • 19. THE BIGGEST E-COMMERCE SECURITY ISSUES PRIVACY ISSUES PHISHING
  • 20. PRIVACY COMPROMISED PRIVACY IS ONE OF THE MOST COMPLICATED PROBLEM. THEY GATHER, AND THEY ARE RESPONSIBLE FOR, PERSONAL DATA THAT ARE IDENTIFIABLE, AND MAY TRIGGER IDENTITY THEFT AND IMPERSONATION. CURRENTLY, ANY RISK TAKEN IN THE FORM OF AN E-COMMERCE TRANSACTION LIES IN THE HANDS OF THE PROVIDER. FOR EXAMPLE, PAYPAL, AMAZON ETC FORTY-ONE PERCENT OF WEB BUYERS SURVEYED LAST YEAR THEY SAID THEY HAVE CONTACTED A SITE TO BE TAKEN OFF THEIR DATABASES BECAUSE THEY FELT THAT THE ORGANIZATION USED THEIR
  • 21. 遺或鰻意鴛鰻雨掘 MOST ONLINE CONSUMERS ARE AWARE THAT VARIOUS WEBSITES ARE COLLECT- ING AND STORING THEIR PRIVATE INFORMATION. THEY FEAR, SOMETIMES RIGHTLY, THAT IF THIS DATA WERE TO FALL INTO THE WRONG HANDS, THEY COULD BE IMPERSONATED AND PERHAPS LEFT OUT OF POCKET
  • 22. PHISHING IT IS THE CRIMINALLY FRAUDULENT PROCESS TO ACQUIRE SENSITIVE INFORMATION SUCH AS USERNAMES, PASSWORDS AND CREDIT CARD DETAILS, BY PRETENDING AS A TRUSTWORTHY ENTITY. PHISHING SCAMS GENERALLY ARE CARRIED OUT BY EMAILING THE VICTIM WITH A FRAUDULENT EMAILS. WHEN THE VICTIM FOLLOWS THE LINK EMBEDDED WITHIN THE EMAIL THEY ARE BROUGHT TO AN ELABORATE AND SOPHISTICATED DUPLICATE OF THE LEGITIMATE ORGANIZATIONS WEBSITE. PHISHING ATTACKS GENERALLY TARGET BANK CUSTOMERS, ONLINE AUCTION SITES (SUCH AS EBAY), ONLINE RETAILERS (SUCH AS AMAZON)
  • 24. SECURITY THREATS DENIAL OF SERVICES UNAUTHORIZED ACCESS THEFT AND FRAUD
  • 25. DENIAL OF SERVICES ATTACK DENIAL OF SERVICE (DOS) ATTACKS CONSIST OF OVERWHELMING A SERVER, A NETWORK OR A WEBSITE IN ORDER TO PARALYZE ITS NORMAL ACTIVITY . DEFENDING AGAINST DOS ATTACKS IS ONE OF THE MOST CHALLENGING SECURITY PROBLEMS ON THE INTERNET TODAY. SYMPTOMS OF DENIAL-OF-SERVICE ATTACKS TO INCLUDE UNUSUALLY SLOW NETWORK PERFORMANCE UNAVAILABILITY OF A PARTICULAR WEB SITE
  • 26. 遺或鰻意鴛鰻雨掘 INABILITY TO ACCESS ANY WEB SITE DRAMATIC INCREASE IN THE NUMBER OF SPAM EMAILS RECEIVED PHLASHING ALSO KNOWN AS A PERMANENT DENIAL-OF-SERVICE (PDOS) IS AN ATTACK THAT DAMAGES A SYSTEM SO BADLY THAT IT REQUIRES REPLACEMENT OR REINSTALLATION OF HARDWARE RECENTLY TWITTER WAS THE SUBJECT OF A DOS ATTACK.
  • 28. UNAUTHORIZED ACCESS WHEN A PERSON WHO DOES NOT HAVE PERMISSION TO CONNECT TO OR USE A SYSTEM GAINS ENTRY IN A MANNER UN-INTENDED BY THE SYSTEM OWNER. THE POPULAR TERM FOR THIS IS HACKING INFORMATION TO SECURE YOUR SYSTEM : CHANGE PASSWORDS OFTEN. IT IS RECOMMENDED AT LEAST ONCE EVERY FEW MONTHS. CREATE A BIOS PASSWORD. WHEN CREATING A PASSWORD, ADD NUMBERS OR OTHER CHARACTERS TO THE PASSWORD TO MAKE IT MORE DIFFICULT TO GUESS; FOR EXAMPLE: 1MYPASSWORD23!.
  • 29. THEFT AND FRAUD CARD-BASED PAYMENTS FRAUD: INTERNET PAYMENT FRAUD IS CONSTANTLY INCREASING, AND IS, APPARENTLY, UNSTOPPABLE THE NUMBER OF FRAUD CASES HAS INCREASED BY 19 PERCENT COMPARED TO 2013 FRAUD IS NOT EXCLUSIVE TO CREDIT CARD PAYMENTS USE OF MALWARE TO COMMAND ONLINE BANKING LOGINS VIA PHONES, TABLETS AND COMPUTERS USING THE STOLEN BANK ACCOUNT DETAILS TO MAKE FRAUDULENT PAYMENTS ALTERNATIVE PAYMENT METHODS ARE ALSO ATTRACTING CRIMINALS FRAUD OCCURS WHEN THE STOLEN DATA IS USED OR MODIFIED.
  • 30. DIFFERENCE FRAUD HAS THE INTENTION OF HIDING THE CRIMINAL ACT OF STEALING, WHILE THEFT DOES NOT. THIEVES KNOW THEY CANT HIDE THE ACT SO THEY DONT MAKE MUCH EFFORT TO HIDE IT, WHILE THE FRAUDSTER MAKES AN EXTRA EFFORT TO HIDE THE ACT. BANK ROBBERY IS THEFT WHILE BANK EMBEZZLEMENT(GHAPLA) IS FRAUD.
  • 32. ENCRYPTION THUS "ENCRYPTION" BASICALLY IS SOME PROCESS OR ALGORITHM (KNOWN AS A CIPHER) TO MAKE INFORMATION HIDDEN OR SECRET THE PROCESS OF SCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS DIFFICULT, EXPECTING OR TIME CONSUMING FOR AN UNAUTHORIZED PERSON TO UNSCRAMBLE (DECRYPT) IT. METHODS OF ENCRYPTION: HASHING, SYMMETRIC METHODS ,ASYMMETRIC METHODS
  • 34. DECRYPTION THE PROCESS OF UNSCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS UNDERSTAND BY UNAUTHORIZED PERSON.
  • 36. CRYPTOGRAPHY CRYPTO" STANDS FOR "HIDDEN, SECRET", AND "GRAPHY" DENOTES "A PROCESS OR FORM OF DRAWING, WRITING, REPRESENTING, RECORDING, DESCRIBING, ETC., CRYPTOGRAPHY IS THE SCIENCE CONCERNED WITH THE STUDY OF SECRET COMMUNICATION THE CONVERSION OF INFORMATION FROM A READABLE STATE TO APPARENT NONSENSE.
  • 37. BIOMETRIC IT REPLACES THE TRADITIONAL VERIFICATION METHODS OF SHOWING IDENTITY CARDS OR ENTERING PASSWORDS WITH THE SCANNING OF FINGERPRINTS, FACE OR A PALM. BIOMETRICS ALSO INCLUDES THE IDENTIFICATION OF BEHAVIORAL ASPECTS SUCH AS VOICE SIGNATURE OR THE WAY A USER STRIKES THE KEYS ON A KEYBOARD.
  • 38. 遺或鰻意鴛鰻雨掘 BIOMETRICS ASSISTS CUSTOMERS IN RETAINING THEIR IDENTITY RATHER THAN REMEMBERING PASSWORDS, CODES, OR SECRET QUESTIONS.
  • 40. TWO STEP VERIFICATION TWO-STEP VERIFICATION IS A PROCESS THAT INVOLVES TWO AUTHENTICATION METHODS PERFORMED ONE AFTER THE OTHER TO VERIFY THAT SOMEONE OR SOMETHING REQUESTING TO ACCESS IS WHO OR WHAT THEY ARE DECLARED TO BE. 2-STEP VERIFICATION. YOU ADD AN EXTRA LAYER OF SECURITY TO YOUR ACCOUNT. YOU SIGN IN WITH SOMETHING YOU KNOW (YOUR PASSWORD) AND SOMETHING YOU HAVE (A CODE SENT TO YOUR PHONE). EVEN IF SOMEONE ELSE FINDS YOUR PASSWORD, THEY'LL BE STOPPED IF THEY DON'T HAVE ACCESS TO YOUR SECURITY INFO
  • 41. 遺或鰻意鴛鰻雨掘 IF YOU TURN ON TWO-STEP VERIFICATION, YOULL GET A SECURITY CODE TO YOUR EMAIL, PHONE, OR AUTHENTICATOR APP EVERY TIME YOU SIGN IN ON A DEVICE THAT ISN'T TRUSTED.