Online Security

Abstract

Magalhaes (2003) explained that e-commerce requires huge commitment in securing online transaction of users’ credit card information, and other personal information. The top of the list of consumer complaints about e-business is the data security breaches, the identity theft and the phishing sites and e-mails. Most of the e-commerce web sites usually setup a secure gateway that can take customers payments, credit card information, billing and shipping information that can reveal personal information about customers. Some of the features that should be included in such gateway are:

  • Utilizing the latest security methods that ensure the encryption of the online transaction.
  • Compliant to all the security measures that complaint with the credit card providers.
  • Supports basic fraud detection where authentication requirements measures are in place. Such fraud detection system should include Address Verification System (Where billing address is used to authenticate a credit card), and Card Verification Value (certain numbers of digits related to the information in the back of the credit card).

Secure Electronic Transaction (SET) is a system used to secure the online transaction that includes the financial and personal information of e-business visitors. Such system makes use of the following technologies:

  • Secure Sockets Layer (SSL).
  • Secure Transaction Technology (STT), and
  • Secure Hypertext Transfer Protocol (S-HTTP).

Encryption and Digital Signatures

Secure Socket Layer (SSL) is a protocol that is used to secure data transmissions online. To implement an SSL connection, the SSL protocol requires that a server should contain a digital certificate installed. Such digital certificate is an electronic file that uniquely identifies specific server and specific individual. Digital certificate authenticate a specific server before the SSL session starts to be established. Implementing such protocol on the e-business web site guarantee that the transaction of data between the visitor of the site, and the server is secure and information can’t be intercepted by hackers (Grissett, n.d.).

The simple definition of encryption is the technology that can send a message across the networks online in code, and the only person that can decode such a message is the person who has the proper key for such encryption. Encryption is very essential part of securing data that can be sent online that has sensitive information. To avoid the problem of the interception of such information by hackers additional layer of security has to be added to ensure the protection of such information (Hass, 2009).

The digital signature is the electronic signature that can be equivalent to the handwritten signature that can verify the authenticity of the electronic documents. Some banks are using systems that can record the speed of writing, signing, and the press down of the handwritten signature to ensure the authenticity of the signature. Digital signature usually uses a public key encryption system to ensure that the signature is related to the same person. Digital signature are usually used anywhere where a system required authenticated data. Such system is used in e-commerce to protect confidential information from being exposed to unauthorized person online (Townsend and Rbertson, 2008).

 Online Security Issues

Grissett (n.d.) stated that despite the fact that most what we do online has certain layers of security, there is no strong evidence that no one will ever access the online information that goes through the transaction between the client and any web site servers, and there isn’t a foolproof to ensure that security of such information is intact. However, there are certain effective steps that can minimize the risk of having such information been exposed. Some of these steps are:

  • When sensitive information is passing through connection online, we need to make sure that encryption is implemented through Secure Sockets Layer (SSL). Such protocol will maintain security of the messages transmitted over the Internet via a public key or a password.
  • Using different e-mail accounts to different purposes can reduce the risk with transmitting information. Emails information can be given only to trusted parties such as ISP and web host. Filling forms online, for different purposes such as surveys and other purposes should be used through different e-mail account.
  • When the payment is done online, checking the credit report regularly can help indicate any threat to the information online, and to ensure that the information safe guarded by online businesses where the payments were made.
  • FTP privileges to the online web site should be given to one person that such access to upload and download files can be used. The same rule is applied to other features exist on the web site where certain authorities are given to certain peoples to reduce risk.
  • Any web accounts that are open to public should have general rules of password creation that can maintain security, and avoid others from guessing such passwords.

Eitel (2010) explained that with the recent stories about secure web sites getting hacked, the worries about the personal information that stored online that can be exposed to these hackers, and other intruders are increased in the recent years. Such behaviour spread fears to the online shoppers and online banking visitors. With the increasing security for online banking, the chances of having any bank account wiped out by online predators are quite possible through other means such as phishing e-mails, and phishing web sites. Also, phishing scams that recently was able to scamming login information from web site visitors is another way of gaining access to the web site that defeat any means of security. Steps taken toward securing personal information can not be only from the web host, but also from the web visitors and these steps are:

  • Investing in the right ant-virus software and the external drive that can keep your personal data hidden is a good idea to protect your personal information.
  • Setting up the limit of the attempts to log in on any account is a good idea to prevent hackers from trying to use the force attack to break the software encryption data.
  • Making sure that you have a unique password for each site instead of duplicating the passwords for multiple sites is a good idea to protect the personal data from being hacked. Also, by including numbers and letters in the password can create a strong password that is not easy for any hackers to gain access to it.

Johansen (2007) stated that it’s imperative for any computer users to protect their personal information from any online threats, and the first step toward such security is having the following software in place:

  • Firewall protection that can be setup to prevent any online threat. Also, make sure that OS firewall is turned on.
  • Antivirus software that can detect and eliminate viruses.
  • Anti Spyware software to prevent any software from being installed on your machine and stealing sensitive information.

Conclusion

As more business applications are developed to work online, business information and communications between business consumers becomes very critical part of the business. Securing such communications and data transaction that processed online becomes an important part of the business practice. Some steps that are taking toward securing online transactions for businesses and consumers are using different layers of security to ensure that such communication can’t be intercepted by hackers. Some of these security measures are the data encryption that used public or private encryption keys to secure these documents. Secure Sockets Layer (SSL) is used to secure the channels of communications between businesses and their clients.  One of the methods that can be used by business to authenticate users is the digital ID signature, which is the software that will be installed to validate the identity of a person. Another way of securing online document exchange between different entities is the digital signature, where such document can be authenticated. Such authentication will indicate who created the document, and that the document is intact and never been altered by any online predators.

References

Eitel, J. (2010) Online Security Issues: Cracking Down on Hackers [Online]. Available from: (Accessed: 13 February 2010).

Grissett, A. (n.d.) Online Security Issues, Part I [Online]. Available from: http://www.infoservemedia.com/support/articles/security_issues_02.html (Accessed: 13 February 2010).

 Grissett, A. (n.d.) Online Security Issues, Part II [Online]. Available from: http://www.infoservemedia.com/support/articles/security_issues_02.html (Accessed: 13 February 2010).

Hass, J. (2009) Public key Encryption and Digital Signatures [Online]. Available from: http://linux.about.com/b/2009/04/20/public-key-encryption-and-digital-signatures-2.htm (Accessed: 12 February 2010).

Johansen, R. (2007) The Main Online Threats [Online]. Available from: http://www.buzzle.com/articles/main-online-threats.html (Accessed: 13 February 2010).

Magalhaes, R. (2003) Authentication, Access control & encryption [Online]. Available from: http://www.windowsecurity.com/articles/Digital_Signatures.html (Accessed: 13 February 2010).

Townsend, L. & Rbertson, S. (2008) Encryption and digital signatures [Online]. Available from: http://www.out-law.com/page-442 (Accessed: 13 February 2010).

Advertisements

2 Comments »

  1. 1

    Thanks Bryan for the overview of Online Security including features, technology used, and consumer issues. FYI, I’ve linked this post from my blog since the points and sources you have for security are concise.

  2. […] The Basics of Online Security – features, technology used, and consumer issues: Abstract Magalhaes (2003) explained that e-commerce requires huge commitment in securing online transaction of users’ credit card information, and other personal information. The top of the list of consumer complaints about e-business is the data security breaches, the identity theft and the phishing sites and e-mails. Most of the e-commerce web sites usually setup a secure gateway that can take customers payments, credit card information, billin … Read More […]


RSS Feed for this entry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: