The E-commerce SecurityEnvironment

The E-commerce Security
Environment
 Overall size and losses of cybercrime
unclear
Reporting issues
 2013 survey: Average annualized cost of
cybercrime was $11.56 million/year
 Underground economy marketplace:
Stolen information stored on underground
economy servers

What Is Good E-commerce Security?
 To achieve highest degree of security
New technologies
Organizational policies and procedures
Industry standards and government laws
 Other factors
Time value of money
Cost of security vs. potential loss
Security often breaks at weakest link


The Tension Between Security and
Other Values
 Ease of use
The more security measures added, the more
difficult a site is to use, and the slower it
becomes
 Public safety and criminal uses of the
Internet
Use of technology by criminals to plan crimes or
threaten nation-state


Security Threats in the
E-commerce Environment
Three key points of vulnerability in
e-commerce environment:
1. Client
2. Server
3. Communications pipeline (Internet
communications channels)


Most Common Security Threats in the
E-commerce Environment
 Malicious code (malware) – threat at both
client and server level
 Exploits and exploit kits
 Drive-by downloads
 Viruses
 Worms
 Ransomware
 Trojan horses
 Backdoors
 Bots, botnets


Most Common Security Threats (cont.)
 Potentially unwanted programs (PUPs)
Browser parasites
Adware
Spyware
 Phishing
Social engineering
E-mail scams
Spear phishing
Identity fraud/theft