Customer impersonation Essay

Customer is not the entity that firm can claim to be. This is called as customer impersonation. Due to characteristic of cyberspace, impersonation can be the one risk for the e-tailer. In simple word, Customer and merchant cannot meet by face to face. Therefore, customer can use fake or others ID to purchase product. There are two reasons for fake customer to use other identity. The reasons are theft and malice. The objective behind theft is to buy the goods or service without the need of paying. Also the bill will be forwarded to whom ID is misused or abuse. In other words, the theft will use others details to purchase goods or service. The intention of malice is difference from the theft. Instead of acquiring goods of services without paying, also they have other motives such as intrinsic satisfaction to the hacker, to hurt corporation profits and customer relations of competitor or former employer.   Denial of service attacks Denial service attacks occur in a typical connection. When the user sends a message asking the server to authenticate it, the server returns the authentication approval to the user. The user acknowledges this approval, and is allowed onto the server. In a denial of service attack, the user sends several authentication requests to the server. All requests have false return addresses, so the server cannot find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again–tying up the service indefinitely. Furthermore Denial-of-service attacks can essentially disable your computer or your network. Depending on the nature of your enterprise, this can effectively disable your organisation. Also some denial of service attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called an â€Å"asymmetric attack. † For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks. Risk Associated with Business Transaction   Data interception Data interception is the serious risk related to e-business entity. Data can be intercepted during transmission from one point to another point. The following three risk has arisen in relation with data interception.   Massage Origin authentication This authentication is to make sure that the massage received is really from the party claimed to be the sender. This is important to prevent any customer impersonation take place. In this case this, travel. com. au has to make sure the massage sender is the legitimate user. This important in order to protect consumer from theft, also protect travel. com. au itself from any harmful activity caused by hacker. For example if in the case the goods or services has been purchased by the theft, then one possibility is that merchants need to written off that certain products. In order to support this, non-repudiation is use in electronic commerce as provision of â€Å"proof of origin†. Authentication techniques such as digital signatures, and other tools are available to prevent any impersonation.   Proof of delivery Proof of delivery is to make sure whether the intended massage has been received by recipient form the sender. If the massage were not received, the communication would be useless. For example if purchase request or product information request are intercepted, a company’s customer relations and profitability can be damaged. Moreover misunderstanding between travel. com. au and customer would occur, because customer might think their massage or order is not responded. In fact the massage or order never reach travel. com. au, because the massage or order is intercepted.   Massage Integrity & Unauthorised viewing of massage. It is important to be able to know if the massage sent is exactly same as the massage received. For example, for example if an order was tampered with, incorrect orders could be placed on the message sent to travel. com’s site, the incorrect goods may then be processed to be delivered to the intended recipient. 6. 0 Security System and Mechanism of Travel. com. au The risks, which are discussed in section 5. 0, are the main cause that makes customer to hesitate to shop over Online. To reduce risk level, travel. com. au employ latest security system in order to protect customer data and its business. The system includes:   Business Policy As stated on Travel. com.au site, it has tried its best to protect customer’s sensitive information. Moreover, travel. com. au also guarantee that they would not share the sensitive information with others. Although, from time to time, travel. com. au may provide statistical information about sales, trading patterns and information on navigation techniques to reputable third parties, this will not include any direct personal information, identifying you as our customer. This privacy policy is clearly stated on the its Web site. Its security policy, such as encryption technique it has adopted, is listed as well. As it is mentioned earlier, the operator has to follow the policy as stated. Travel. com. au has followed its policy and it is the one key influence to motivate the customer move into its Web site. See appendix for its entire business policy stated on Website.   SSL (security socket layer) This is the one that can secure data transmission. Information entered into SSL secured forms is encrypted by the customer’s browser. Then sent direct to secure server via SSL. Travel. com. au’s secure server then forwards the encrypted details to a private folder and/or via e-mail. Moreover, all information sent via secured forms is safer from eavesdropping, tampering or message forgery. When customer connect to a travel. com’s secure web server, customer ask that server to authenticate it. This authentication is quite a complex process involving public keys, private keys and a digital certificate. (http://www3. travel. com. au/everest/index. cgi)   Westpac secure payments This additional features is used to assured customer that travel. com. au is processing customer’s credit card details securely over the Internet using Westpac-accredited Internet payment security system. Using this kind of system show us that it considers the security of customer credit card details to be of prime importance. In addition, customer does not use Westpac credit card in order to utilise this secure service. Westpac secure payment provides the secure link between the online store and the bank. When customer enter credit card details online, the information is scrambled (or encrypted) and passed directly to Westpac, so that only the bank can read information. Even the trevel. com. au does not actually see customer credit card details. Customer Login Account These features only can be utilised by the member of travel.om. au. Customer must firstly register and activate a personal account to become a member. However, non-member can conduct any purchases as well. The registration process will provide the customer with an username for login purposes and a password for the account. Moreover, Information you provide is stored on its secure servers and is protected by its security mechanism.   Safe Trade SafeTrade is one of Australian largest Insurance Company. It will protect customer from fraudulent as a result of credit card purchasing on the Internet and also will guarantee the delivery of product. These tools can assure customer that if anything goes wrong, Safe Trade will cover the loss up to AUD $2,000. Although it had employed latest technology, the risk is still existing. As it is mentioned before, there is no e-business entity that is 100% secured. Therefore, constant security management is needed. The security management and some other methods, which it can utilise to enhance security level, will be discussed next section. 7. 0 Recommendation & Conclusion To increase security level of travel. com. au, there are few ways. That includes   Build up risk management system. Utilise latest security mechanism   Use third-party assurance services (Web Site Seal Option) The Risk Management Paradigm The paradigm is a continuous process that recognises that risk management is an ongoing annual or biannual event. Each risk nominally goes through these functions sequentially, but the activity occurs continuously, concurrently and iteratively throughout the project life cycle. (Greenstein, et. al, 2000) Figure 1, Risk Management Paradigm (Source: http://www. sei. cmu. edu) There are six functions related to risk management paradigm. Those are:Identify – search for and locate risks before they become problems.   Analyse – Transform risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and priorities risks Plans – Translate risk information into decisions and mitigating actions (both present and future) and implement those actions.   Monitor – Monitor risk indicators and mitigation actions   Control – Correct for deviations from the risk mitigation plans.   Communicate – Provide information and feedback internal and external to the project on the risk activities, current risks, and emerging risks