Upload
techdee7
View
858
Download
9
Embed Size (px)
DESCRIPTION
E-Commerce is a relatively new way of doing business. Over the last several years, it has become a convenient, trusted, accepted and often less expensive way to purchase goods and services. As E-business continues to grow, the potential for exposure to threats also increases. As the threats become more damaging and/or widespread, “security” becomes critical in preventing fraud. There are many types of security already in place, however most internet credit card fraud occurs when an e-Commerce merchant is unaware that an order was not placed by, and will not be paid for, by the authentic cardholder
Citation preview
E-Commerce Security:
Preventing Fraud
By preventing
Identity Theft
Diane M. DuhéMay 6, 2012
E-Commerce and Internet Fraud
• As E-business continues to grow, the potential for exposure to threats also increases.
• As the threats become more damaging and/or widespread, “security” becomes critical.
• There are many types of security in place, however most internet credit card fraud occurs when an order was placed illegally, by someone other than the authentic cardholder.
Series10
1
2
3
4
5
6
7
8
9
E-Commerce GrowthExposure to Threats
What is Internet fraud?
• Internet fraud is a type of cybercrime.
• Transactions are committed by using deception, credit card information gained illegally.
• Occurs when an e-Commerce merchant is unaware that an order was not placed by, and will not be paid for, by the authentic cardholder.(3)
• When fraud occurs, a chargeback must be issued by the merchant.
• This means that the merchant incurs costs: must refund all the expenses, and pay an additional fee. (4)
How do identity thieves do it?
• Stealing checks, bank statements, wallets/purses, anything containing oersonal information
• Proffering phony offers via phone or email
• Creating realistic looking websites, that request information from the consumer
• The information is used to access bank accounts, obtain loans, or to use credit cards.
Merchants are negatively affected:
Merchants who accept credit cards online are subject to:
• Additional examination and processes that protect credit card information.
• Higher transaction fees to offset the cost of security
• More stringent shipping requirements
• Paying the cost of becoming and staying PCI compliant
• Being held responsible for any accepted fraudulent transaction.
•There are at least 25 current internet scams, including:
• Nigerian letter scam• Counterfeit checks • Credit or debit card fraud • Identity theft• Investment schemes• Online auction and other sales• Phony escrow• Pyramid or “ponzi” schemes (Fraudulent investment operations) (1)
Preventing Fraud
Existing Issues
• Privacy: information must be kept safe from unauthorized access.
• Integrity: information must not be altered or tampered with.
• Authentication: sender and recipient must prove their identities to each other.
• Non-repudiation: proof is needed that the message was actually received
There are many ways to implement security methods and practices. Examples:
• Creating and maintaining security policies (passwords, backups) , utilizing anti-virus/spyware, hacker protection, & firewalls,
• Fortified web servers, setting database security, and securing webpage content.
Despite this, Internet Fraud continues
The primary underly
ing
goal of a
ll secu
rity m
ethods
is to deter and prevent fraud!
Can empowering consumers with information and resources
for protecting their sensitive information, help to prevent
identity theft, and thereby lower internet fraud???
Method
Teach an Identity Theft Prevention class, consisting of visual presentation, class discussion, online interactive content, pre and post tests
Topics Covered:
• safeguarding personal information using the “Detect, Deter and Defend” method.
• How to identify spoofed email, phishing email
• How to use public WiFi safely
• How to use Social Networking websites safely
• Learning steps to take, if victimized
The pre and post test:
• 10 true/false questions, administered online via “QuizStar.com”
• Each question worth 10 points
• One attempt, given for pre-test
• One attempt for post test
• Pre test administered 5 days before Identity Theft Prevention class
• Post test administered one week after Identity Theft Prevention class
RESU
LTS
Pre Test Results
Question Analysis:
Futu
re W
ork