Abstract
Upon completion of this chapter, you will be able to:
-
1.
Understand the importance and scope of security of information systems for EC.
-
2.
Describe the major concepts and terminology of EC security.
-
3.
Understand about the major EC security threats, vulnerabilities, and technical attacks.
-
4.
Understand Internet fraud, phishing, and spam.
-
5.
Describe the information assurance security principles.
-
6.
Describe the major technologies for protection of EC networks, including access control.
-
7.
Describe various types of controls and special defense mechanisms.
-
8.
Describe consumer and seller protection from fraud.
-
9.
Discuss enterprisewide implementation issues for EC security.
-
10.
Understand why it is so difficult to stop computer crimes.
-
11.
Discuss the future of EC.
This is a preview of subscription content, access via your institution.
References
Alto, P. “Infographic: The Real Cost of Cyberattacks.” Enterprise Innovation, March 21, 2016.
Andress, J. The Basics of Information Security, Second Edition: Understanding the Fundamentals of InfoSec in Theory and Practice. Rockham, MA: Syngress Pub., 2014.
Apps, P., and J. Finkle. “Suspected Russian Spyware Turla Targets Europe, United States.” Reuters.com U.S. Edition, March 7, 2014. reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307 (accessed April 2016).
BankWest. “About Us.” bankwest-sd.com/about.htm (accessed April 2016).
Bort, J. “For the First Time, Hackers Have Used a Refrigerator to Attack Businesses.” Business Insider, January 16, 2014.
Cannell, J. “Cryptolocker Ransomware: What You Need to Know.” October 8, 2013. blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransom (accessed April 2016).
Casti, T. “Phishing Scam Targeting Netflix May Trick You With Phony Customer Service Reps.” The Huffington Post Tech, March 3, 2014a. huffingtonpost.com/2014/03/03/netflix-phishing-scam-customer-support_n_4892048.html (accessed April 2016).
Casti, T. “Scammers are Targeting Netflix Users Again, Preying on the Most Trusting among Us.” The Huffington Post Tech, April 17, 2014b. huffingtonpost.com/2014/04/17/netflix-comcast-phishing-_n_5161680.html (accessed April 2016).
Cloud, J. Internet Security: Online Protection from Computer Hacking. North Charleston, USA: CreateSpace Publishing Platform, 2015.
Cluley, G. “Phishing and Diet Spam Attacks Hit Twitter Users.” Cluley Associates Limited, January 9, 2014. grahamcluley.com/2014/01/phishing-diet-spam-attacks-hit-twitter-users (accessed April 2016).
Constantin, L. “Identity Thieves Obtain 100,000 Electronic Filing PINs from IRS System.” IDG News Service, February 10, 2016.
CyberSource. 14th Annual 2013 Online Fraud Report, CyberSource Corporation (2013).
Dawn Ontario. “Virus Information: Guide to Computer Viruses.” n.d.
Dog Breed Info Center. “Examples of Scam E-Mails.” n.d. dogbreedinfo.com/internetfraud/scamemailexamples.htm (accessed April 2016).
EMC/RSA. “2013 A Year in Review.” Report # JAN RPT 0114, January 2014. emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf (accessed April 2016).
Fink, E. “Google Glass Wearers Can Steal Your Password.” CNN News, July 7, 2014. money.cnn.com/2014/07/07/technology/security/google-glass-password-hack (accessed May 2016).
Finkle, J. “‘Pony’ Botnet Steals Bitcoins, Digital Currencies: Trustwave.” Reuters.com US Edition, February 24, 2014. reuters.com/article/2014/02/24/us-bitcoin-security-idUSBREA1N1JO20140224 (accessed April 2016).
Forrest, C. “Phishing Gets More Dangerous: New Report Analyzes the Weapons of Choice.” TechRepublic, January 27, 2016.
Frenkel, K. A. “2016 Has the Markings of a Perfect Storm for Fraud.” CIO Insight, January 28, 2016.
Goldman, D. “Hacker Hits on U.S. Power and Nuclear Targets Spiked in 2012.” January 9, 2013. money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks (accessed April 2016).
Goldman, J. “Data Breach Roundup: January 2014.” February 14, 2014a. esecurityplanet.com/network-security/data-breach-roundup-january-2014.html (accessed April 2016).
Goldman, D. “Take Down Any Website for $3.” CNN News, December 31, 2014b. money.cnn.com/2014/12/31/technology/lizard-squad-attack (accessed April 2016).
Goodchild, J. “Policy-Based Security and Access Control.” April 5, 2011. csoonline.com/article/2128022/mobile-security/case-stud--olicy-based-security-and-access-control.html (accessed April 2016).
Goodman, M. Future Crimes: Inside the Digital Underground and the Battle for our Connected World. New York: Anchor Reprint, 2016.
Greengard, S. “Breaches of Health Care Data: A Growing Epidemic.” Baseline, February 12, 2016.
Harrison, V., and J. Pagliery. “Nearly 1 Million New Malware Threats Released Everyday.” CNN News, April 14, 2015.
Harwood, M. Internet Security: How to Defend Against Attackers on the Web (Jones & Bartlett Learning Information Systems Security & Assurance), 2nd edition. Burlington, MA: John Bartlett Learning, 2015.
Hinckley, S. “Pay by Selfie? Amazon Says Your Portrait Can Protect Online Purchases.” CSMonitor, March 15, 2016.
Horowitz, D., and A. Horowitz. “Online Merchandise Scams Target Students.” The Costco Connection, December 2015.
Jennings, R. “This Hollywood Hospital Didn’t Backup Its Data? “Ransomware” Payday for Evil Hackers.” Computerworld, February 18, 2016.
John, A. Internet Security. Publisher: Self-Publishing, 2016.
Jones, M. “Facebook Tests Tool that Identifies Fake Accounts.” Value Walk, March 24, 2016.
Kaiser, T. “Hackers Use Refrigerator, Other Devices to Send 750,000 Spam Emails.” January 17, 2014. dailytech.com/Hackers+Use+Refrigerator+Other+Devices+to+Send+750000+Spam+Emails+/article34161.htm (accessed April 2016).
Kan, M. “Alibaba Uses Facial Recognition Tech for Online Payments.” Computer World, March 16, 2015.
Katz, O. “Analyzing a Malicious Botnet Attack Campaign through the Security Big Data Prism.” January 6, 2014. blogs.akamai.com/2014/01/analyzing-a-malicious-botnet-attack-campaign-through-the-security-big-data-prism.html (accessed April 2016).
Kavilanz, P. “Cyberattacks Devastated My Business!” (Last updated May 28, 2013). money.cnn.com/gallery/smallbusiness/2013/05/28/cybercrime/index.html?iid=Lead (accessed April 2016).
Kitten, T. “Case Study: How to Stop Scams.” July 14, 2010. bankinfosecurity.com/case-study-how-to-stop-scams-a-2748 (accessed April 2016).
Kravets, D. “How China’s Army Hacked America.” May 19, 2014 arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies (accessed June 2014).
Lawinski, J. “Security Slideshow: Malicious Attacks Skyrocket as Hackers Explore New Targets.” CIO Insight, May 7, 2012.
Lemos, R. “Phishing Attacks Continue to Sneak Past Defenses.” eWeek, February 11, 2016.
Lenovo. “Lenovo Recommends 15 Steps to Reducing Security Risks in Enterprise Mobility.” White Paper, August 2013. Available for download in.pdf format at techrepublic.com/resource-library/whitepapers/lenovo-recommends-15-steps-to-reducing-security-risks-in-enterprise-mobility/post (accessed April 2016).
Maxwell, D. Hacking: Bootcamp—How to Hack Computers, Basic Security and Penetration Testing (Hacking The Common Core). [Kindle Edition] Seattle, WA: Amazon Digital Services, 2016.
Nakashima, E., and M. Zapotosky. “U.S. Charges Iran-Linked Hackers with Targeting Banks, N.Y. Dam.” The Washington Post, March 24, 2016.
Pagliery, J. “Drug Site Silk Road Wiped Out by Bitcoin Glitch.” CNN Money, February 14, 2014a. money.cnn.com/2014/02/14/technology/security/silk-road-bitcoin (accessed April 2016).
Pagliery, J. “Your Car Is a Giant Computer- and It Can Be Hacked.” CNN Money, June 2, 2014b.
Pontrioli, S. “Social Engineering, Hacking the Human OS.” December 20, 2013. blog.kaspersky.com/social-engineering-hacking-the-human-os (accessed April 2016).
PWC. “Key Findings from the 2013 US State of Cybercrime Survey.” June 2013. pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/us-state-of-cybercrime.pdf (accessed April 2016).
Reisinger, D. “10 Mobile Security Issues that Should Worry You.” eWeek, February 11, 2014.
Reuters. “Malware Suspected in Bangladesh Bank Heist.” Fortune.com, March 12, 2016. fortune.com/2016/03/12/malware-bangladesh-bank-heist (accessed April 2016).
Russell, K. “Here’s How to Protect Yourself from the Massive Security Flaw That’s Taken over the Internet.” Business Insider, April 8, 2014.
Schwartz, M. J. “Target Breach: Phishing Attack Implicated.” Information Week Dark Reading, February 13, 2014. darkreading.com/attacks-and-breaches/target-breach-phishing-attack-implicated/d/d-id/1113829 (accessed April 2016).
Scott, J. Cybersecurity 101: What You Absolutely Must Know!- Volume 1: Learn to be Pwned, Thwart Spear Phishing and Zero Day Exploits, Cloud Security Basics and Much More. [Kindle Edition] Seattle, WA: Amazon Digital Services, 2016a.
Scott, J. Cybersecurity 101: What You Absolutely Must Know!- Volume 2: Learn JavaScript Threat Basics, USB Attacks, Easy Steps to Strong Cybersecurity, Defense Against Cookie Vulnerabilities, and Much More! [Kindle Edition] Seattle, WA: Amazon Digital Services, 2016b.
Scott, W. Information Security 249 Success Secrets- 249 Most Asked Questions on Information Security- What You Need to Know. Brisbane, Queensland, Australia: Emereo Publishing, 2014.
Singer, P. W., and A. Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. 1st Edition, New York: Oxford University Press, 2014.
Smith, C. “It Turns Out Target Could Have Easily Prevented Its Massive Security Breach.” March 13, 2014. bgr.com/2014/03/13/target-data-hack-how-it-happened (accessed April 2016).
Smith, R. Elementary Information Security, 2nd edition. Burlington, MA: Jones Bartlett, 2015.
SUNY College at Old Westbury. “Website Privacy Policy Statement.” 2014. oldwestbury.edu/policies/website-privacy-policy-statement (accessed May 2016).
Swann, C. T. Marlins Cry a Phishing Story. Spokane, WA: Cutting Edge Communications, Inc., 2012.
Symantec. “Infographic: The State of Financial Trojans 2013.” Updated January 8, 2014. symantec.com/connect/blogs/state-financial-trojans-2013 (accessed April 2016).
Symantec. “Web-Based Attacks.” White paper, #20016955, February 2009. symantec.com/content/en/us/enterprise/media/security_response/whitepapers/web_based_attacks_02-2009.pdf (accessed April 2016).
TechRepublic Staff. “The 15 Most Frightening Data Breaches.” TechRepublic, October 29, 2015.
Teo, F. “Monitoring Your Internal Network with Intelligent Firewalls.” Enterprise Innovation, January 18, 2016.
Timberg, C. “Foreign Regimes Use Spyware against Journalists, Even in U.S.” February 12, 2014. washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html (accessed April 2016).
Troinovski, A. “German Parliament Struggles to Purge Hackers from Computer Network.” The Wall Street Journal, June 12, 2015.
Van Allen, F. “The 18 Scariest Computer Viruses of All Time.” TechRepublic, January 22, 2016.
Victor, D. “Authorities Shut Down Darkode, a Marketplace for Stolen Personal Data.” New York Times, July 15, 2015.
Wagstaff, K. “Why Is the U.S. Going After Chinese Hackers? Jobs?” NBC News, May 19, 2014.
Wang, R. “Malware B-Z: Inside the Threat from Blackhole to Zero Access.” A Sophos White Paper, Sophos Ltd., January 2013. sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/sophos_from_blackhole_to_zeroaccess_wpna.pdf (accessed April 2016).
Westervelt, R. “Top 10 BYOD Risks Facing the Enterprise.” July 26, 2013. crn.com/slide-shows/security/240157796/top-10-byod-risks-facing-the-enterprise.htm (accessed April 2016).
Winton, R. “Hollywood Hospital Pays $17,000 in Bitcoin to Hackers: FBI Investigation.” Los Angeles Times, February 18, 2016.
Wollen, J. “10 Social Engineering Exploits Your Users Should Be Aware Of.” TechRepublic, January 27, 2016.
Yan, S. “Chinese Man Admits to Cyber Spying on Boeing and Other U.S. Firms.” Money CNN News, March 24, 2016.
Yadron, D. “Newest Hacker Target: Ads.” The Wall Street Journal Tech, January 31, 2014. online.wsj.com/news/articles/SB10001424052702303743604579350654103483462 (accessed April 2016).
Author information
Authors and Affiliations
Electronic Supplementary Material
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Turban, E., Whiteside, J., King, D., Outland, J. (2017). E-Commerce Security and Fraud Issues and Protections. In: Introduction to Electronic Commerce and Social Commerce. Springer Texts in Business and Economics. Springer, Cham. https://doi.org/10.1007/978-3-319-50091-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-50091-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50090-4
Online ISBN: 978-3-319-50091-1
eBook Packages: Business and ManagementBusiness and Management (R0)