Customer impersonation Essay

Customer is not the entity that firm can claim to be. This is called as node impersonation. Due to characteristic of cyberspace, impersonation can be the single risk for the e-tailer. In simple word, Customer and merchant cannot meet by face to face. on that pointfore, customer can use fake or others ID to purchase product. There be two reasons for fake customer to use other identity. The reasons are theft and malice. The objective behind theft is to buy the goods or service without the postulate of paying. Also the bill go forth be forwarded to whom ID is misused or abuse.In other words, the theft will use others details to purchase goods or service. The tendency of malice is difference from the theft. Instead of acquiring goods of services without paying, also they have other motives such as intrinsic satisfaction to the hacker, to hurt corporation clams and customer relations of competitor or former employer. Denial of service attacks Denial service attacks occur in a typi cal connection. When the user sends a message asking the server to authenticate it, the server returns the credential approval to the user.The user acknowledges this approval, and is allowed onto the server. In a denial of service attack, the user sends several documentation requests to the server. All requests have false return addresses, so the server cannot find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, onwards closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins againtying up the service indefinitely. Furthermore Denial-of-service attacks can essentially dis fitted your computer or your network.Depending on the nature of your enterprise, this can effectively disable your organisation. Also some denial of service attacks can be penalise with limited resources against a large, sophisticated site. This type of attack is sometimes cal led an asymmetric attack. For font, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks. Risk Associated with Business Transaction data interception Data interception is the serious risk related to e-business entity.Data can be intercepted during transmission from one point to another point. The following three risk has arisen in relation with data interception. Massage Origin authentication This authentication is to make sure that the massage get is really from the party claimed to be the sender. This is important to prevent whatever customer impersonation take place. In this case this, travel. com. au has to make sure the massage sender is the legitimate user. This important in hostel to protect consumer from theft, also protect travel. com. au itself from any harmful activity caused by hacker.For example if in the case the goods or services has been purchased by the theft, then one possibility is that me rchants need to written bump off that certain products. In order to support this, non-repudiation is use in electronic commerce as provision of proof of origin. Authentication techniques such as digital signatures, and other tools are available to prevent any impersonation. Proof of delivery Proof of delivery is to make sure whether the think massage has been received by recipient form the sender. If the massage were not received, the communication would be useless.For example if purchase request or product development request are intercepted, a companys customer relations and profitability can be damaged. Moreoer misunderstanding amongst travel. com. au and customer would occur, because customer business leader think their massage or order is not responded. In fact the massage or order never reach travel. com. au, because the massage or order is intercepted. Massage Integrity & Unauthorised viewing of massage. It is important to be able to know if the massage sent is exactly s ame as the massage received.For example, for example if an order was tampered with, incorrect orders could be placed on the message sent to travel. coms site, the incorrect goods may then be processed to be delivered to the intended recipient. 6. 0 Security System and Mechanism of Travel. com. au The risks, which are discussed in section 5. 0, are the main cause that makes customer to hesitate to shop over Online. To reduce risk level, travel. com. au employ up-to-the-minute security system in order to protect customer data and its business.The system includes Business insurance As stated on Travel. com.au site, it has tried its best to protect customers raw information. Moreover, travel. com. au also guarantee that they would not share the sensitive information with others. Although, from time to time, travel. com. au may provide statistical information about sales, trading patterns and information on navigation techniques to reputable third parties, this will not include any dir ect personal information, identifying you as our customer. This privacy policy is clearly stated on the its Web site. Its security policy, such as encryption technique it has adopted, is listed as well.As it is mentioned earlier, the operator has to follow the policy as stated. Travel. com. au has followed its policy and it is the one key influence to motivate the customer move into its Web site. See appendix for its entire business policy stated on Website. SSL (security socket layer) This is the one that can define data transmission. Information entered into SSL secured forms is encrypted by the customers browser. Then sent direct to secure server via SSL. Travel. com. aus secure server then forwards the encrypted details to a private folder and/or via e-mail.Moreover, all information sent via secured forms is safer from eavesdropping, tampering or message forgery. When customer connect to a travel. coms secure mesh server, customer ask that server to authenticate it. This authe ntication is quite a complex process involving public keys, private keys and a digital certificate. (http//www3. travel. com. au/everest/index. cgi) Westpac secure payments This additional features is used to assured customer that travel. com. au is processing customers credit card details securely over the profits use Westpac-accredited Internet payment security system.Using this kind of system show us that it considers the security of customer credit card details to be of flowering importance. In addition, customer does not use Westpac credit card in order to go for this secure service. Westpac secure payment provides the secure link between the online store and the bank. When customer enter credit card details online, the information is scrambled (or encrypted) and passed directly to Westpac, so that only the bank can read information. eve the trevel. com. au does not actually see customer credit card details.Customer Login Account These features only can be utilised by the member of travel.om. au. Customer must firstly register and activate a personal account to become a member. However, non-member can conduct any purchases as well. The adjustment process will provide the customer with an username for login purposes and a password for the account. Moreover, Information you provide is stored on its secure servers and is protected by its security mechanism. Safe bargain SafeTrade is one of Australian largest Insurance Company. It will protect customer from fraudulent as a result of credit card purchasing on the Internet and also will guarantee the delivery of product.These tools can assure customer that if anything goes wrong, Safe Trade will cover the loss up to AUD $2,000. Although it had employed latest technology, the risk is still existing. As it is mentioned before, there is no e-business entity that is 100% secured. Therefore, constant security management is needed. The security management and some other methods, which it can utilise to enhan ce security level, will be discussed next section. 7. 0 Recommendation & Conclusion To increase security level of travel. com. au, there are few ways. That includes form up risk management system.Utilise latest security mechanism Use third-party assurance services (Web Site Seal Option) The Risk Management paradigm The paradigm is a continuous process that recognises that risk management is an ongoing annual or biannual event. Each risk nominally goes through these functions sequentially, save the activity occurs continuously, concurrently and iteratively throughout the project life cycle. (Greenstein, et. al, 2000) Figure 1, Risk Management Paradigm (Source http//www. sei. cmu. edu) There are six functions related to risk management paradigm.Those areIdentify search for and locate risks before they become problems. Analyse Transform risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and priorities risks Plans Translate ris k information into decisions and mitigating actions (both present and future) and implement those actions. Monitor Monitor risk indicators and mitigation actions Control Correct for deviations from the risk mitigation plans. Communicate Provide information and feedback internal and outside(a) to the project on the risk activities, current risks, and emerging risks