Internet Security Essay
Security issues in cyberspace continue to threaten the integrity of information distributed and accessed. In today’s digital economy, Alvin Toffler in his book Power Shift indicated that the axis of power is shifting towards the entity that possesses more substantial knowledge. Information technology in this case is both a powerful medium and a vulnerable platform. Although information is emerging as a new currency, it is not a guarantee that all information collected is true and accurate.
The entry and dominance of information technology in all aspects of life in this century have generated various issues that affect the entire social, political and economic structure of world economies. The influx of information technology affects people as “every new technology creates hidden effects in its environment, rearranging the social order it penetrates. Many of these effects are inextricably linked to ethical issues” (Cooper 71+). Fillis & Wagner discussed in E-business Development: An Exploratory Investigation of the Small Firm some of the benefits of adopting small business into e-commerce.
The benefits include “improved communications, cost savings, greater visibility, ability to develop new markets and greater levels of information retrieval”(625). The authors likewise discussed the barriers associated with e-commerce. They include issues like privacy, security and inadequate technical knowledge (625). While information technology provides the impetus for a new business paradigm to develop, there are issues that remain. With e-business overcoming the national boundaries and barriers, companies engaged in e-commerce should not relax its vigilance on security concerns.
The Internet is a gateway for companies to globalize their operations but security issues remain a threat. Security as an Ongoing Concern Some of the major trends associated with recent developments in e-business include web-based platforms, content, search engines and database management, integration and security. When the dot. com bubble bursts in the late 90’s, e-business practitioners became more cautious and vigilant regarding their business practices. Competition on cyberspace also tightened with more businesses joining the bandwagon.
For many e-businesses are modeled after the ‘click and mortar’ structure, success is dependent on integration of online and offline activities to make e-businesses work. Recently, most e-businesses also had increased the security level of transactions online. Infrastructures were established so payments made online would be secure. Privacy has become a prominent issue in e-business. With the introduction of “smartcards, authentication devices and real-time fraud detection using sophisticated bank systems, security levels at online transactions increased.
Alternative online payment like SSL and Paypal offered secure payment systems” (Bwired). Despite those advances in security protocols in e-commerce, the problem of security is still an ongoing concern for most e-business enterprises. The absence of clear delineations and governing policies concerning the use of the Internet and the conduct of its users has also brought several issues to the forefront. For example, Maignan and Lukas’ study respondents used the words “anarchy” and “chaos” to describe the structure within cyberspace.
Other respondents though considered the Internet as a place for “communities” (366). Presently, while there may be no consolidated laws that regulates or punishes perpetrators that commit computer fraud, The Wiretap Act prohibits any individual from obtaining information illegally. If stored information is accessed, the Computer Fraud and Abuse Act and the Stored Communications Act are consulted (Hofstadt 14). The Federal Bureau of Investigation (FBI) has at its disposal countermeasures against cyber crime such as Carnivore.
The intention was to protect the interests of the American public against unlawful use of cyberspace to perpetrate crimes. The main targets of the Carnivore are “terrorism, information warfare, child pornography, fraud (including white collar), and virus writing and distribution” (Durham n. p. ). The Carnivore is capable of filtering e-mails from suspected criminals and tracing the origins of these messages. It operates on two modes, the “pen” and “full”. The “pen” mode will only capture the addresses of the messages while the “full” mode can access the entire contents of the e-mails (Etzioni 59).
Security threats are still difficult issues to address especially when the web is constantly subjected to attacks and hacking and perpetrators grew bolder. Compromised security and system integrity is something that every organization dependent on information technology wishes to avoid. Compromised security would be too costly and perhaps cause the collapse of businesses and institutions. With incomplete laws or the absence of regulations to prevent the onslaught of technology-driven improprieties would weaken any type of security measures.
The cost of procuring hardware to initiate a virtual existence may be expensive. The software tools are constantly evolving. There might be technical shortcomings when it comes to the required bandwidths and reliability of the system. There may be some compatibility problems with the infrastructure and the various institutions’ present IT structure. It would become more difficult to integrate the two systems. Resolving Security Issues in E-commerce Bob Worner in Choosing the Right Security Infrastructure for E-business Success reiterated the importance of security in E-business.
It is not enough that e-businesses put their focuses on employee and customer satisfaction. Critical to the success of companies engaged in e-commerce is a solid strategy for information security. The author suggested that security management must include limits to information access and use, criteria for evaluating security infrastructure choices underscoring the importance of choosing the right type of security protocol will spell the difference between the success or demise of an e-business enterprise.
David Thompson in The Social Engineering of Security provided a balanced view of the factors to consider businesses decide to create a virtual entity. E-business security management requires serious contemplation and e-business enterprises must look beyond the surface. Security strategies must be consistent and organizations must be able to strike a balance in mitigating the risks. The managers are the lead actors that should be able to understand the implications of going virtual.
Hence, e-business security strategies and solutions must emanate from prudent and careful selection of security tools, as well as being aware of the risks involved in establishing an e-business. Leon in Ten Tips to Combat Cybercrime, recognizing the lack of a unified front against computer fraud proposed strategies where individuals or companies can protect themselves against illicit intrusions. He advised that one should be suspicious of emails from unknown sources. Always open a new window and avoid accessing websites through direct URL links. Always use encryption and digitally signed emails when sending messages.
Almost all the residents of cyberspace agree on at least one thing: “For security reasons, or simply for privacy, encryption of certain transmissions over electronic networks is sometimes necessary” (Davis). Do not allow permanent cookies in the web browsers. Disable scripts in web browsers. Understand the vulnerability of the systems and institute preventive measures against intrusions such as putting up a firewall or installing countermeasures against hackers. Ruhnka and Bagby in Forensic Implications of Metadata in Electronic Files described the importance of metadata in forensics.
Metadata is referred to the electronic equivalent of DNA because it could reveal information on the “origins, context, authenticity and distribution of electronic evidence” (68). Metadata fall under two categories: one is application metadata and the other is systems metadata. The application metadata is created by software applications that usually are embedded on every file created every time a software application is used. The systems metadata resides in “the system registry of the computer system or server used to access and store that file” (69).
Metadata in litigation procedures could assist in discovering “human and system actions in information systems; can be used to investigate and verify fraud. abuse, mistakes, or system failures; and can help to establish elements such as causation, timing, and the extent of knowledge or mens rea (guilty knowledge)” (70). Fortifying the e-business against unauthorized breach is imperative. Just as information technology is a mediating tool to perpetrate fraudulent acts, it is also the best tool to secure the organization against such attacks. Fighting fire with fire is the most logical direction to take.
Network intrusion detection system (NIDS) is essential for any information system that requires vigilance against unauthorized incursions. They essentially run on the periphery of a local area network (LAN) primarily positioned to “detect log Internet-based attacks against a local network, such as attempts at buffer overruns, cross-site scripting, and denial-of-service” (Schuff, Choe & Pai 138). Unlike firewalls which shut off external access to suspected intrusions, NIDS monitors “attacks on externally-exposed ports used for running network services” (138).
The entire network of the organization requires that additional security features be implemented aside from the standard features offered in a typical OS platform. The implementation costs should also be minimal. When implementing Internet links and access to both internal and external users, the system must be protected from unauthorized intrusions. Overall, the implementation of a secure network infrastructure favors the business or production environment. It will deter possible malicious intrusions that are likely to affect the organization’s productivity.
While it is true that having a good network infrastructure makes a company function better, the presence of a network, wired system also exposes the e-commerce company to information security nightmares. Another solution that could secure e-commerce portals in cyberspace is to deploy honeypots to detect and trace unauthorized users. The biggest threat to system integrity comes from remotely controllable backdoors. Not only do they permit industrial espionage at the most sophisticated level, it also devastates the target victim’s entire system.
These malwares are commonly referred to as botnets (Wicherski 1). Botnets posed serious threat to the internet for two main reasons: the sum of resources available by a single botnet is so immense that they can cause severe damages…and the control of so many resources is the sending and delivering huge amounts of spam” (1). Applying the principles of hunting, honeypots were created to serve as bait to potential intruders and hackers. Security specialist put up systems that appeared to be vulnerable to attacks.
However, these systems are useless because they contain no data or information, administration controls, and computers to destroy. These dummy systems are referred to as honeypots. Honeypots are exposed to unwanted intrusion and they essentially lure hackers and intruders and deceive them into thinking they got into the system successfully. The security specialist can now monitor the movements of the would-be hacker while effectively keeping valuable system information safe. Honeypots can now “collect data for research or legal action, and alert administrators of attacks in progress” (Raikow).
This also sets a precedent for successful apprehension and prosecution of the perpetrator (Martin 1). Conclusion The foregoing discussion supported the view that companies engaged in e-commerce should not relax its vigilance on security concerns. The issue of security remains a threat. The reliability of security systems is constantly challenged, as newer and more sophisticated intrusive systems are developed. One should be concerned that security measures employed might not be able to keep up with the speed malicious hackers can compromise the security of network systems.
Businesses and organizations dependent on information systems to operate on a regular basis need to protect themselves from unauthorized intrusion. The use of information technology as a mediating tool for both solving the problem of intrusion and perpetuating illegal entry in network systems is a paradox that needs to be considered by organizations engaged in e-commerce. The law lacks teeth that could apprehend individuals with malicious intent and this increases the possibility of more individuals using information technology as a platform to commit inappropriate acts.
The lack of real understanding on the implications of new developments in information technology within a critical and analytical framework will always lead to incorrect assumptions. Information technology may have brought advances in today’s world but coupled with it are contentious issues that need to be resolved immediately. Security issues that came about merely signal the weaknesses of the integration of information technology into the business paradigm.Modern technologies have inevitably changed the social, economic, political, and professional aspects of lives across the globe. Such technologies have brought with them reliability and efficiency of communication and execution of electronic financial transactions, evident in E-commerce. According to statistics, electronic financial transactions over the internet have grown by over 70% during the past on decade compared to its prominence during the 1990s (Ena 2008, p. 14).
This has been attributed to the fact that small business are increasingly engaging in the competitive business advantage of online marketing for their products, a practice that was earlier dominated by big corporations. Nevertheless, electronic financial transactions over the internet are marked with numerous security threats. Security threats attributed to electronic financial transactions are not only a potential infringement to our right to privacy, but have been a source of economic loss for individuals and institutions.
Among these threats, internet fraud, identity theft, and network hacking are the most commonly identified threats to the reliability of internet-based financial transactions (Glaessner, Kellermann, & Mcnevin, 2002). However, the government, security software scientists, and financial institutions have engaged in concerted efforts in promoting security of online financial transactions.
In this essay, the author will identify and discuss the different kinds of security threats relevant to financial transactions over the internet, their nature, severity, and the actions that have been taken or can be taken to address the threats and their effectiveness. Case studies of actual security incidents will be given to support the analysis. The problem of security threats on internet-based electronic financial transactions has been identified as a major drawback to sustainable embracement of the competitive advantages brought by this unique technological advancement in the community.
Although the actual economic damages caused by internet crime is hard to assert, a consensus between law enforcement and IT scientists has it that over $500 millions are lost in the USA alone due to internet related crimes (Glaessner, Kellermann, & McNevin, 2009). There are numerous security threats to electronic financial transactions over the internet. Identity theft and fraud is a quite common form of security to internet-based funds transfer. Identity theft is the act of using the identity of another person to illegally gain financial advantages (Glaessner, Kellermann, & McNevin, 2009).
To achieve this, perpetuators engage in misrepresentation of information to lure their target victims to conduct a financial transaction or provide personable information such as credit card number and password. Numerous research findings have found that the process of acquiring another person’s details is realised through use of e-mail messages (mainly spam) or using fake websites to entice potential victims (Glaessner, Kellermann, & McNevin, 2009).
Such information is used in executing activities such as conducting unauthorised emptying of the victim’s account and opening and operating an account in the victims name and failing to settle its associated bills. This leads not only to loss of funds by the victim but also source of debt as financial institution seek account bill charge payments from the victim. According to statistical evidence from the Internet Crime Compliant Center, of the internet crime cases reported in 2008, an estimated 13 percent involved fraud and identity theft (Maclean 2009).
Further, the statistics have indicated that such a figure is quite low given that most incidences of internet crime activities go unreported. Still on fraud as a security threat to internet-based financial threats is the problem of non-delivery of goods and services. A quick browse into most websites in the internet, one finds many sites promising lucrative employment or business opportunities. However, most of these engage in dictating for payment of services that are non-existent.
FBI reports have it that over 27 percent of internet fraud activities involve payments for non-existent business and employment opportunities (Ena 2008, p. 18). Another form of electronic financial transactions over the internet is the confidentiality threat brought by malicious computer programs. In the recent past, the information technology has witnessed an increase in the number and complexity of malicious computer programs. The most common types of malicious programs are virus and worms, which serve to corrupt executable computer programs (Organization for Economic Co-operation and Development 2007).
Through this, the authorised suffer the costs of losing their confidential information saved in the machine or network. Moreover, distributed access denial programs are a major threat to the reliability of online financial transfer. This is because they compromise their ability of an authorised individual to access, transact, and/or monitor their electronic financial accounts. Nevertheless, Trojan horse, backdoors, and rootkits are the main threats to electronic financial transactions over the internet given their capability to gain access into personal accounts without detection by the user.
Trojan horse and backdoors computing are the most destructive malicious programs to the security on internet financial accounts and networks. Trojan horse computing for example gives the capability of ensuring continued operation of the system (they prevent attempts to shutdown the system) once it has been installed in the system (Glaessner, Kellermann, & McNevin, 2009). This gives the perpetuators of the crime adequate time to execute practices such as remotely accessing personal information as well as conducting unauthorised electronic financial transfers from their accounts.
On the other hand, backdoors computing serves the purpose of compromising the security of an attacked system to enhance easy unauthorised access in the future (Glaessner, Kellermann, & McNevin, 2002). To achieve this, this computing technique allows for the creation of bypass into the attacked networks to compromise its normal authentication requirements. This has been blamed for potential long-term security attacks to electronic financial transactions accounts over the internet.
Rootkits are found to protect malicious computer programs from being detected or deleted by the user upon installation into the system, thus allowing for ease corrupting of personal accounts as well as the network connections (Maclean 2009). Thus malicious computer programs are a real threat to internet-based financial transactions. In addition, confidentiality fraud has gained much important as a security threat to electronic financial transactions over the internet. The right to privacy is a fundamental individual right.
This is more crucial in financial transaction as it protects sustainable realisation of social and economic development among community members. On the contrary, it is estimated that an estimated 14 percent of internet based crime activities engage in privacy frauds. Such problems are instigated by hacking practices (Khosrowpour 2000, p. 76). Hacking as a threat to individual privacy involves actions that allow the remote access of confidential personal or institutional information. Thus, hacking threatens individual privacy as well as security of online financial transactions.
Following the appreciation of the competitive advantage brought by electronic financial transactions over the internet compared to other modes, much concerted efforts have been engaged by the key stakeholders in the field in promoting its security. First, the government as the custodian of the social and economic aspects of its citizens has enacted and enforced numerous laws governing electronic funds transfer. Such include the Electronic Funds Transfer Act of 1978. This act defines numerous rights, responsibilities, and liabilities for participants involved in electronic funds transfer (Ena 2008, p. 9).
According the law, the victims of erroneous electronic transactions should communicate with the financial institution not later than sixty day. On the other hand, the financial institutions are bound by the law to investigate and resolve such error within 45 days. In addition, customers should report loss of credit cards to their financial institutions to mitigate potential illegal transactions. To realise this, the Electronic Funds Transfer Act dictates that financial institution should provide its customers with reliable contact number for enhancing communication (Ena 2008, p. 19).
Another important law in mitigating security threats on online financial transactions is the Patriotic Act which provides for increased government surveillance on the internet. The purpose of law is to mitigate terrorism activities over the internet such as communication and transfer of fund online for funding terrorism activities. This law gives the law enforcement agents the legal authority to tap internet communication between suspected crime offenders. Such has the implication that these provisions can significantly aid in promoting the war on online transaction security threats.
On the other hand, commercial and constitutional laws are quite effective in prohibiting illegal electronic transaction. This is evident from the fact that fraud and identity theft activities remain a criminal act according to the commercial laws of America (Ena 2008, p. 19). Moreover, the right to privacy is sufficiently protected by the provisions of the first amendments to the civil rights bill of the American constitutions. Still, the American government has established the Internet Crime Compliant Center which is responsible for documenting incidences of internet crime activities.
This body is a partnership of the FBI and the National White Collar Crime Center. In addition, the organisation works closely with local and international law enforcement agencies in qualifying the dynamic patterns internet crime activities. The security software scientist community on the other side has engaged numerous resources in the designing and production of highly reliable security safeguard software for protecting the authenticity of online financial transaction. It is worthy noting that the process of innovation in the software development has been on the hike over the past one decade (Carey 2001, p. 45).
This can be evident from the numerous software outsourcing and direct investment by major software corporations across the globe. Through this, these companies enjoy the competitive advantage of tapping and taming the best brains in the IT field for promoting viable solutions to internet crime activities. Further, internet providers have employed qualified network administrators for preventing, identifying, and reporting incidences of internet related criminal activities. On the other side, financial institutions are marked with the responsibility of ensuring safety of financial transactions and storage for their customers.
This is the reason behind effective monitoring practices that have been put in place by these institutions in safeguarding confidential institutional and customer information. It is a common practice for financial institutions to engage in constant changing of their network authentication codes. This serves to complicate the process of internet crime perpetuators gaining unauthorised entry into their networks. Another precaution taken by these institutions is closely monitoring financial transaction and blocking as well as reporting suspicious activities to the relevant authorities for legal actions (Glaessner, Kellermann, & Mcnevin 2009).
To achieve this goal, most financial institutions engaged in electronic financial transaction over the internet contract IT professional company to manage their networks. This outsourcing practice brings with it the advantage of speciality, an element that ensures quality and reliable services in promoting online transactions’ security. Nevertheless, the war against electronic financial transactions over the internet security threats remains a major concern to the reliability of this modern funds transfer technology. This has been blamed to the lack of awareness among members of the general public (Khosrowpour 2000, p. 4).
True to the later, the process of qualifying the exact economic loss caused by insecurity on internet-based financial transactions is complicated by the fact that only a few cases of the incidences are reported to the relevant authority. Therefore, the war on internet security issues should ensure adequate awareness of the public on how to identify these crimes, prevent them, and/or were to report them. In addition, the global community should seek to establish a unifying law against internet crime as a way of increasing cooperation in the process through elimination of existing bureaucracies.
All in all, the problem of electronic financial transactions over the internet security threats remains a major challenge to the reliability of this technological advancement in the society. This is because of the ever changing tactical attacks and innovations employed by internet crime offenders to promote their criminal interests (Carey 2001, p. 102). Some of the mostly cited instruments for promoting insecurity in internet-based financial transaction are malicious computer programs such as Trojan horses, rootkits, and backdoors.
This is due to the fact that such programs are capable of hindering from the system user while still compromising the systems authentication provisions, thus allowing for remote access by unauthorised persons. Such call for the government, software scientists, and financial as well as all other stakeholders to invest more resources in the war against internet transactions insecurity. This should put into consideration the need for promoting public awareness on the nature of internet crimes and were to report them as well as viable prevention measures.During the past ten years, the intensiveness and variety of electronic financial transactions have increased dramatically. The last decade was characterised by the rapid spreading of financial transactions involving the use of online and/ or remote mechanisms. E-services and e-transactions have become an essential element of the postmodern technological reality. As the number of online financial services increases, so do the number and variety of security threats. Small and large companies are equally vulnerable to the risks of security breaches in various types of financial transactions.
These threats are becoming more and more complex and can take full advantage of the existing network and application vulnerabilities. The current state of technology provides numerous solutions to the existing and emerging security threats; however, the success of the proposed countermeasures will depend on how well businesses realise the seriousness of the major security threats and are prepared to invest additional resources in the development and implementation of the complex security strategies. Security threats and statistical information: The current state of literature
A wealth of literature was written about the most serious security threats and the financial losses which security breaches and various types of system vulnerabilities cause to large and small businesses. The period between 2006 and 2008 was marked with the slight decrease in the number of financial frauds and security breaches in financial operations: U. S. Federal Trade Commission asserts that frauds as a percentage of online revenue in the United States and Canada has decreased slightly over the past few years and stabilised at 1. 4 percent in 2008 (Paget 2009).
Meanwhile, the losses caused by security breaches and financial fraud display a marked increase – in 2008 alone, the American market lost over $4 billion due to security breaches and financial frauds (Paget 2009). This is a 20 percent increase compared with 2008 (Paget 2009). Given the new trends in technology-related financial services and businesses’ striving to reduce their transaction costs, the development of new methods of e-payment and the use of open architectures will create new technological challenges for professionals and new fraud opportunities for hackers (Glaessner, Kellermann & McNevin 2002).
The current state of literature provides the basic overview of the most serious security threats and proposes unique solutions businesses and individuals can take to address these threats. Financial transactions and security threats: what literature says The discussion of security threats in the context of e-financial transactions is one of the most popular topics in scholarly literature. Today, the rapid growth of wireless technology and the increasing role of wireless solutions in daily financial operations turn electronic security into the issue of the major public concern.
Numerous authors tried to identify the most important security threats and to categorise them according to their severity and define the risks they pose to the stability of the financial e-flows. For example, Glaessner, Kellerman and McNevin (2002) state that the most frequent problems in the financial transactions arena include (a) insider abuse, (b) identity theft, (c) fraud, and (d) hacking. Cate (2005) concentrates on the discussion of identity-based fraud and suggests that account fraud, true identity fraud and synthetic identity fraud are the three most frequent forms of security threats in online financial transactions.
In this context, Keller et al. (2005) seem the most objective and detailed in their observation of the existing security threats and financial transaction issues. According to Keller et al. (2005), the first generation of vulnerabilities started in the middle of the 1980s and took a form of boot viruses that affected computers and networks over the course of weeks; the next generation of viruses was spread by means of macros and e-mails. Denial-of-service attacks became prevalent in the middle of the 1990s and still present one of the basic problems in financial transactions domains (Keller et al. 2005).
New types of threats include worms that affect individual and multiple computers and networks, and can easily self-replicate to infect large number of users (Keller et al. 2005). Trojans are used extensively to steal passwords or create back doors on computers, compromising network security (Keller et al. 2005). Keller et al. (2005) believe that the rapid expansion of spyware and malware are of particular concern to IT specialists and business people – these programmes are downloaded into computers without users’ knowledge or consent, typically run in the background, track personal information and execute damaging commands.
Statistically, every PC contains approximately 27. 5 pieces of various malicious programmes (Keller et al. 2005). Fortunately, IT professionals actively work to develop effective countermeasures against the most sophisticated security threats. Financial transactions and security threats: Potential solutions Given that malware presents one of the most serious issues in the field of electronic financial transactions, numerous authors sought to offer their solutions to the problem.
Vlachos and Spinellis (2007) provide an overview of the so-called Proactive malware identification system, which is based on the computer hygiene principles and demonstrates relative effectiveness in combating the risks of malware in financial transactions. Vlachos and Spinellis (2007) call the proposed algorithm PROMIS and base it on a peer-to-peer architecture; the choice of the P2P architecture is justified by the fact that P2P networks often become a propagation vector for various types of malicious software.
The P2P architecture used by Vlachos and Spinellis (2007) contains two types of nodes, the member and the super nodes, and all nodes wishing to participate in the discussed P2P networks must authenticate themselves to the super nodes. PROMIS nodes generally fulfill the two basic types of operations – a Notifier daemon regularly checks the log files on the security applications, while a Handler daemon analyses the incoming rates from other peers of the group and computes a global malicious activity rate (Vlachos & Spinellis 2007).
The researchers use experimental design to prove that the performance of the P2P group improves proportionately to the number of P2P members. Extensive simulations suggest that PROMIS has a potential to protect the operating networks from known and unknown worm activity (Vlachos & Spinellis 2007). That during virus epidemics PROMIS exploits only specific vulnerabilities and leaves all other systems intact is considered as one of the basic system’s benefits (Vlachos & Spinellis 2007). However, Vlachos and Spinellis (2007) are not the only professionals in the field of financial security.
The fact is in that malware is often associated with denial-of-service attacks, which continue to plague the Internet. Malware substantially lower the bar for massive distributed denial-of-service attacks (Wang & Reiter 2008). Unfortunately, the current state of protection against DoS attacks is passive by nature and does not offer incentives to the owners of the Internet networks to protect their computers from the risks of malware (Wang & Reiter 2008). Wang and Reiter (2008) suggest that client puzzles be a potentially effective mechanism against DoS attacks in financial transactions.
Client puzzles imply that “a client solves a computational puzzle for requesting service before the server commits resources, thereby imposing a massive computational burden on adversaries bent on generating legitimate service requests to consume substantial server resources” (Wang & Reiter 2008). End-to-end puzzles imply that each client bidding for a financial service from the Internet server must present his solution to a puzzle; meanwhile, the server will allocate its limited resources to the bidders who solve the most difficult puzzles (Wang & Reiter 2008).
In this system, an adversary cannot seize the financial and informational resources of a victim without committing its own resources first (Wang & Reiter 2008). These systems are effective in mitigating DoS threats at all application layers and can be readily interoperable with various legacy systems (Wang & Reiter 2008). These, however, are unique technological solutions to the existing security threats. Other authors offer less sophisticated but no less effective ideas of how to deal with security threats in financial transactions.
According to Corzo et al. (2008), Automated Banking Certificates (ABC) can be readily used to timely identify unauthorised financial transactions. In the current system of electronic transactions, a financial transaction is considered authentic if it (a) is performed by an authorised entity; (b) has not been altered since the moment it was generated; and (c) is not a replay of another valid transaction (Corzo et al. 2008).
Unfortunately, current banking systems can identify non-valid and fraudulent transactions only by means of audit after the transaction took place; as a result, there is an urgent need to develop a mechanism which will trace and identify fraudulent transactions before and while they are taking place (Corzo et al. 2008). An ABC is a data structure which allows monitoring the relationships between various transactions within one workflow (Corzo et al. 2008).
A complete ABC allows tracing operations within workflows that go beyond the boundaries of one financial institution, as long as their tasks are related (Corzo et al. 008). The use of ABC’s in the current system of financial transactions proves that the task of identifying an unauthorised user is absolutely achievable. The use of network smart cards is another potential solution to the existing and emerging security threats. A network smart card “is a smart card that is an Internet node and is accessible from the Internet” (Lu & Ali 2006). The Smart Card stores user information and provides this information only to the trusted client or server, as soon as the user authorises the service or transaction (Lu & Ali 2006).
Smart cards are beneficial in the sense that they can create and maintain secure Internet connections with another Internet node, a web server or a web browser (Lu & Ali 2006). As long as the smart card sends selected user information directly to the service provider, this information does not go through the local computer and the threats of identity theft or similar security breaches becomes minimal (Lu & Ali 2006). Unfortunately, the effectiveness of these developments is yet to be discovered. Meanwhile, companies continue using more traditional solutions to their security issues.
The current research suggests that AdAware and Spybot are the most common tools used by businesses to deal with such threats (Keller 2005). Moreover, despite the availability of effective tools that cost little or nothing at all, many businesses recognise that they do not use any spyware at all (Keller 2005). As a result, businesses either lose significant material resources or fail to timely identify the emerging threats. The case is particularly difficult with the so-called insider threats, when security threats are being born from within the business entity.
For example, in 2008, the FBI alleged that a former Intel employee copied top secret documents that posed a threat to the future of the whole company and its business projects (Patel 2009). The cases when bank workers become the basic sources of the security threats and the initiators of the complex financial frauds are not rare. As a result, the success of financial transactions, their security, and the technical safety of consumers depends on how well companies realise the seriousness of the security threats and whether they are prepared to deal with them.
The current state of technology provides numerous solutions to the security issues in financial transactions, and businesses can secure themselves from the potential risks and failures by using the proposed technological Internet solutions at low or no cost. Conclusion The past years have been marked with the rapid increase in electronic financial transactions. The use of online and/ or remote mechanisms in financial operations has already become an essential element of the daily business routine.
Financial transactions are associated with numerous security threats, including identity fraud, insider abuse, and the use of malware and denial-of-service attacks to access and steal personal user information. The current state of literature provides numerous solutions and ideas, which businesses could use to address the existing and emerging security threats. Smart cards, automated banking certificates, and the use of client puzzles are just some out of many ways to address security threats in financial transactions.
Unfortunately, businesses often neglect the existing technological opportunities and do not deem it necessary to use effective protection from the real security threats. As a result, the effectiveness and safety of financial transactions largely depends on how well businesses realise the seriousness of the discussed threats and are prepared to invest additional material resources in the development of effective security strategies and solutions.In the developed and developing world, the use of the internet has increased in popularity. The use of the internet has become the preferred mode of communication and resources for various players like industries, corporations, telecommunications, and governments and in business. In business, the internet has facilitated financial transactions that have greatly changed the face of business making it fast and simple and in conformation to the global village the technology has created.
With the increased use of the internet, there has been a corresponding increase in cyber crime from criminals who are seeking either financial gains or other advantages for example military. The frequency of these attacks is very high and the levels of sophistication used are great . This makes it difficult for many organizations to determine new threats, their risk factors and ways of dealing with the menace (Cetron, et al, 2009). Many times it is difficult for the organizations to determine which attacks to deal with first and how to allocate resources to deal with them.
In the commercial sector, attacks on electronic financial transactions have resulted in great financial losses and corresponding reductions in user confidence. Electronic transactions consist of funds transfers, data interchange, trade confirmations and benefits transfers. Many crimes that occur have plagued the industry for years like theft, service denial, extortion demands or fraud. Technology has however; greatly magnified the ability of major crimes to be committed in a matter of seconds. Electronic security is an industry that is growing and becoming globalised.
This industry offers services in the categories of assessment, access and utilization. To demonstrate the severity of attacks on April, 2009, Chinese and Russian spies managed to infiltrate the United States of America electrical grid and inserted disruptive software into the system (Cetron, et al, 2009). An attack which occurred prior to this one on September 2008 would have caused the collapse of the global economy were it not for intervention. Unidentified hackers robbed the lucrative American financial market accounts a total of five hundred and fifty million dollars in a little less than two hours.
If the accounts would not have been closed by the Treasury Department they would have lost almost six trillion dollars. This would have caused the global economy to collapse in approximately twenty four hours. One security threat is phishing. Phishing involves the acquisition of sensitive information like passwords, credit card details, usernames and pin numbers. It makes its presentation as being a legal entity. The unsuspecting victims are lured by receiving communications which purport to be from a popular website or payment processors. It is usually done through instant messaging services or emails (Shu-Min & Shann-Bin, 2006).
These communications directs the users to enter their details at a fraudulent website which bears a great semblance to the authentic one. Phishing attacks were observed on two popular brands which provide payment services for banks globally in the United States of America in February 2010. The fraudsters created phishing sites in English and other languages, the most popular being French. These websites targeted customers by sending spam mails with the subject proving the card number and claiming that there was a risk of fraudulent transactions taking place. This attack was created using two types of phishing websites.
The first utilised Uniform Resource Locators which were created with domain names with many top level domain variants. The most popular domain which was utilised was . cz which represented the Czech Republic. Upon entering their sensitive information into a card holder page for the false verification, the page redirected to the real website. The second attack utilised Uniform Resource Locators with Internet Protocol domains which were hosted on servers based in the United States (Glaessner, 2002). The Uniform Resource Locators’ strings were very long, typically with more than seven hundred characters.
The pages asked for sensitive data but had an auto signed debit card or credit card number. This auto signing was done by placing stolen numbers of cards obtained from earlier attacks on the form. Upon receipt of information the page was redirected to a blank page. Cross site scripting is a form of phishing that occurs in programs or websites that allow user input. If the input data is not properly sanitized the program may then process thee input or execute the codes which the original program was not to do. This has been used to redirect users to fake websites.
Users are advised not to click on suspicious links in emails and to check the Uniform Resource Locator’s of the website to authenticate brands. It is also advised that one should type the brand domain name directly into the browser address instead of following links. The use of security software has also been recommended. Pharming involves redirecting the redirection of websites traffic and taking it to a false website. Pharming is done by either converting the hosts file on the victims’ computer or exploiting Domain Name Systems servers’ software (Basu, 2009).
These Domain Names Systems servers main task is to convert internet names to their real addresses. A compromised server therefore does not direct traffic to legitimate websites. Highly vulnerable sites of compromised are near internet leaves. If wrong entries on a computer’s host file are made it results in circumvention of name lookup using its own name to Internet Protocol mapping, this makes it a popular target for malware. Once it is rewritten a user can be redirected to a fake copy. The better targets for pharming are desktop computers as they receive poor administration in comparison to most other internet services.
Host file compromises can compromise the network router. Many routers specify Domain Name Systems to clients on the network and wrong information here spoils the entire local area network. A compromise in routers is very hard to detect. Pharming also occurs by infecting the victim’s computer with malware or a virus. This causes the redirection of a website to a fake one. An unsuspecting user may enter information site unaware. To avoid pharming, users are advised to search for details that prove that the website is authentic. Typing the sites address into the browser bar also offers some protection.
Use of an antivirus to reduce virus infiltration into the computers is also recommended. Vigilance is important in warding off attacks. Trojan horses are also a great threat to internet security. Trojan horses present themselves as valuable software which is available for downloading on the internet. This fools many people into downloading the virus in the presumption that it is another application. A Trojan horse is usually separated into parts which are the client and the server. The client is usually disguised as important software and is situated in some sharing networks like peer to peer or uncertified websites for downloads.
As soon as the client Trojan is executed in the computer, the attacker who is the person operating the server has great control over the computer and can destroy it depending on his purpose. The spread of the Trojan horse virus can occur through email attachments using various spamming techniques. Malware creators spread the virus through chat software like Skype and Yahoo Messenger. The virus may also infect other machines by distributing copies of itself to those in the address book of the infected computer. There are many types of Trojan horses.
Remote access Trojans give attackers complete control of he victim’s computer and access to any information stored in the files. Password Trojans copy all passwords and look for passwords as they are keyed into a computer and send them to a certain email address. Key loggers log the keystrokes used by victims and send the log information to the attacker and can be configured to online and offline modes of recording. Destructive Trojans cause destructions to files and deletes them completely from infected computers. They are able to delete all system files of a computer (Basu, 2009).
While there are other types of Trojans not mentioned here, it should be noted that a Trojan may work with a combination of some of the functionalities explained. To best avoid a Trojan hose virus attack, one should open email attachments or files received from strange senders. Installing and updating an antivirus program is also helpful. For secure electronic online transactions certain criteria have to be addressed and met. There must be secure access control which determines who has access to a system and be able to deny access to intruders. Proper authentication of users and message integrity must also be established.
Privacy of the parties involved must also be safeguarded and maintained (Shu-Min & Shann-Bin, 2006). Non-repudiation must be ensured where the sender cannot deny (falsely) sending a message. The use of online signatures has also been manipulated to commit fraud. Electronic signatures are a recognized electronic way of showing that a person has accepted the contents of a message sent electronically. These signatures are increasingly being used in electronic commerce and have evolved into digitized signatures which are encrypted and more secure than a simple electronic signature.
While they are themselves subject to fraud the purpose of their creation was to combat fraud (Hansen, 1995). Electronic signatures are based on legal principles which have to be understood by the institutions which wish to use it. The use of digital signatures is a code that authenticates the origins of a document. A well done electronic signature causes the signer to be uniquely identified. It also causes the document to be locked using encryption technology and is electronically stamped throughout the process with time and date. It also stores the document for access without fear of being lost or its existence denied.
The security of electronic financial transactions can also be enhanced by the use of digital certificates against phishing and pharming. To avoid manipulation of transactions in signature based online banking, utility of Class-3 electronic card readers should be explored. Virus scanners should be used to protect from Trojan horses. Care when downloading software should be exercised. With the mass adoption of technology, countries around the world are increasingly using technological based solutions to address their needs and carry out their functions.
The use of the internet has created a highly competitive market. While cyber crime has not infiltrated or integrated itself equally in many countries it is an industry that is growing very fast and deserves much global attention (Shu-Min & Shann-Bin, 2006). As earlier discussed, it has the potential of destroying whole markets and creating great havoc. Attempts to control cyber crime have not been concerted. Many challenges have arisen in trying to control this threat. Technology is a fast changing and cyber crime has achieved very high levels of sophistication.
Cyber criminals have designed malware which are virtually undetectable and are difficult to diagnose. It has proved challenging to design and keep up with these creations (Glaessner, 2002). Due to the high levels of vulnerability to cyber attacks there is an urgent need to formulate clear policies. These policies should include guidelines on how to cyber crime is to be dealt with. This should include coming up with laws that will outline prosecution of cyber criminals due to the potential of these criminals to create damage and go unpunished and detected.
Users of the internet and the various services it offers should also assume personal responsibility for their own safety (Cetron, et al, 2009). Studies have shown that the ‘human factor’ is largely the cause of the success of cyber crime rather than advancements in technology. In the United States, despite various public campaigns on internet security, people continue to be reckless with their personal information. This leaves them very vulnerable to attacks by cyber criminals. Predictions have been made that incidences of cyber crime will continue to increase. Users should therefore be very vigilant in monitoring their information.
Software to combat cyber crime is available and users should take the initiative to acquire this software to alert them of suspicious websites or claims. They should also regularly update their software like antivirus which is highly dynamic due to the creation of new viruses and malware that occurs at a very high rate (almost daily). In conclusion, electronic financial transactions have created great savings in terms of financial savings for both providers and users and reduced the wastage of time. The use of this technology has correspondingly exposed its users newer forms of crime and every effort must be made to combat cyber crime.
Internet Security Essay
The key techniques to the most affordable website security would be the casual features of the website for the purpose of safeguarding the website content and the transactions that are to be made for fulfilling the ecommerce objectives of the website. The following can be credited to the diverse ways to secure the website and customer information for the “Grandmas Treats” website: Web content security: It forms the greater part of the security as they are aimed at non-representation or illegal presentation of false content that a user is not expected to see.
The term cross site scripting (or XSS) is often used in conjunction with the web content and links that are to be secured for a website. Acunetix (2007) own product Acunetix Web Vulnerability Scanner is easily downloadable and comes free. Using that one could scan their website for any such flaws. Directory traversal attacks: The directory traversal attacks are quite common where the links are traversed to a very different path where the information flows to the hackers. It is due to the malfunction of the codes at the client and server sides.
The code efficiency and link path requires to be checked periodically so that one is able to redesign and test the system for any malfunction. SQL injection: It is another method where intruders are capable to draw information from one website using SQL languages to illegally fetch customer’s data for obtaining their financial information or to manipulate information for wrong use. The website must be checked periodically for such incidents and must also make sure that customer records are encrypted using 128 bit security layers at the database side.
The database security must be checked for getting sure that no such activity is evident. The customer’s financial information would be encrypted to hide it from easy access from hackers. E-commerce transactions security: The use of SSL 3. 0 makes sure that all vulnerabilities regarding the tapping of information so that ones purchases are safe in all respects. The use of this protocol makes sure that a secured channel is followed for communication between the client communicating clients.
The use of Transport Layer Security (TLS) is important and can be enabled for any website for securing the communication to the communicating clients. IETF (2007) explains that TLS composes of point to point authentication techniques and communications privacy over the internet strengthening the encryption. 1. Web server checks and database security checks: The periodic checks are done to put a check on performance of the website and database usage. All the relevant links and database security is checked for overall assurance.
2. Database backup: The database backup plans must be devised accordingly for keeping the records safe to protect against unforeseen disasters (Navathe, 2002). These simple tips would be helpful for the website to take care of the affordable needs for security and customer data protection so that one is able to safely carry out transactions over the internet.
Acunetix (2007). Web Site Security Center: Check & Implement Web Site Security. Retrieved 16, December 2007 from http://www.acunetix.com/websitesecurity/