Customer impersonation Essay

Customer is not the entity that firm rat claim to be. This is called as client impersonation. Due to characteristic of cyberspace, impersonation croupe be the virtuoso risk for the e-tailer. In simple word, Customer and merchandiser preemptnot meet by face to face. Therefore, guest finish use fashion or opposites ID to potent product. There ar two reasons for fake node to use other identity. The reasons be larceny and malice. The objective behind theft is to buy the goods or aid without the need of paying. Also the bill pull up s maintains be forwarded to whom ID is misused or abuse.In other words, the theft result use others details to purchase goods or service. The intention of malice is passing from the theft. Instead of acquiring goods of services without paying, also they have other motives a lot(prenominal) as intrinsic satis detailion to the hacker, to hurt corporation profits and customer relations of competitor or former employer. self-renunciation of s ervice attacks Denial service attacks occur in a typical connection. When the user sends a message pick uping the legion to authenticate it, the server returns the credential approving to the user.The user acknowledges this approval, and is allowed onto the server. In a abnegation of service attack, the user sends several(prenominal) authentication requests to the server. All requests have false return addresses, so the server cannot find the user when it tries to send the authentication approval. The server waits, sometimes more(prenominal) than a minute, before closing the connection. When it does close the connection, the attacker sends a sassy batch of forged requests, and the wreak begins againtying up the service indefinitely. Furthermore Denial-of-service attacks can es displaceially disable your computer or your network.Depending on the nature of your enterprise, this can effectively disable your organisation. Also some denial of service attacks can be executed with limited resources against a large, cultivate site. This type of attack is sometimes called an asymmetric attack. For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks. Risk Associated with Business accomplishment Data interception Data interception is the serious risk related to e-business entity.Data can be intercepted during transmission from one point to another point. The catching threesome risk has arisen in relation with data interception. Massage Origin authentication This authentication is to make sure that the massage received is really from the party claimed to be the transmitter. This is important to prevent any customer impersonation take place. In this case this, travel. com. au has to make sure the massage sender is the legitimate user. This important in order to cling to consumer from theft, also shelter travel. com. au itself from any harmful activity managed by hacker.For exa mple if in the case the goods or services has been purchased by the theft, then one opening is that merchants need to written off that certain products. In order to upkeep this, non-repudiation is use in electronic commerce as provision of evidence of origin. Authentication techniques such(prenominal) as digital signatures, and other tools are available to prevent any impersonation. Proof of lurch Proof of delivery is to make sure whether the intended massage has been received by receiving system form the sender. If the massage were not received, the communication would be useless.For example if purchase request or product discipline request are intercepted, a companys customer relations and profitability can be damaged. Moreover misunderstanding between travel. com. au and customer would occur, because customer major power think their massage or order is not responded. In fact the massage or order never reach travel. com. au, because the massage or order is intercepted. Massa ge Integrity & Unauthorised viewing of massage. It is important to be able to know if the massage sent is exactly same as the massage received.For example, for example if an order was tampered with, incorrect orders could be placed on the message sent to travel. coms site, the incorrect goods may then be processed to be delivered to the intended recipient. 6. 0 Security System and apparatus of Travel. com. au The risks, which are discussed in section 5. 0, are the main cause that makes customer to hesitate to shop over Online. To reduce risk level, travel. com. au employ latest security system in order to protect customer data and its business.The system includes Business Policy As give tongue to on Travel. com.au site, it has tried its best to protect customers clear data. Moreover, travel. com. au also guarantee that they would not share the sensitive information with others. Although, from time to time, travel. com. au may provide statistical information astir(predicate) sal es, trading patterns and information on navigation techniques to reputable third parties, this go away not include any direct personal information, identifying you as our customer. This privacy policy is clearly stated on the its Web site. Its security policy, such as encryption technique it has adopted, is listed as well.As it is mentioned earlier, the operator has to follow the policy as stated. Travel. com. au has followed its policy and it is the one key square off to motivate the customer move into its Web site. See appendix for its complete business policy stated on Website. SSL (security socket layer) This is the one that can posit data transmission. Information entered into SSL secured forms is encrypted by the customers browser. Then sent direct to secure server via SSL. Travel. com. aus secure server then forwards the encrypted details to a private folder and/or via e-mail.Moreover, all information sent via secured forms is safer from eavesdropping, tampering or messa ge forgery. When customer connect to a travel. coms secure web server, customer ask that server to authenticate it. This authentication is quite a complex process involving public keys, private keys and a digital certificate. (http//www3. travel. com. au/everest/index. cgi) Westpac secure payments This excess features is used to assured customer that travel. com. au is processing customers credit bill poster details securely over the profit utilise Westpac-accredited Internet payment security system.Using this kind of system express us that it considers the security of customer credit display board details to be of prime importance. In addition, customer does not use Westpac credit card in order to utilise this secure service. Westpac secure payment provides the secure link between the online store and the money box. When customer enter credit card details online, the information is scrambled (or encrypted) and passed directly to Westpac, so that only the bank can read informat ion. Even the trevel. com. au does not actually uplift customer credit card details.Customer Login Account These features only can be utilised by the member of travel.om. au. Customer must first of all register and activate a personal account to become a member. However, non-member can conduct any purchases as well. The registration process lead provide the customer with an username for login purposes and a password for the account. Moreover, Information you provide is stored on its secure servers and is protected by its security mechanism. Safe Trade SafeTrade is one of Australian largest Insurance Company. It will protect customer from fraudulent as a result of credit card purchasing on the Internet and also will guarantee the delivery of product.These tools can assure customer that if anything goes wrong, Safe Trade will cover the loss up to AUD $2,000. Although it had sedulous latest technology, the risk is still existing. As it is mentioned before, at that place is no e-bu siness entity that is one hundred% secured. Therefore, constant security management is needed. The security management and some other methods, which it can utilise to enhance security level, will be discussed neighboring section. 7. 0 Recommendation & Conclusion To increase security level of travel. com. au, there are few ways. That includes Build up risk management system.lend oneself latest security mechanism Use third-party assurance services (Web place Seal Option) The Risk Management figure of speech The paradigm is a consecutive process that recognises that risk management is an ongoing annual or periodical event. Each risk nominally goes through these functions sequentially, but the activity occurs continuously, concurrently and iteratively throughout the project life cycle. (Greenstein, et. al, 2000) Figure 1, Risk Management Paradigm (Source http//www. sei. cmu. edu) There are six functions related to risk management paradigm.Those areIdentify search for and locate risks before they become problems. Analyse translate risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and priorities risks Plans Translate risk information into decisions and mitigating actions (both present and future) and implement those actions. Monitor Monitor risk indicators and mitigation actions constraint Correct for deviations from the risk mitigation plans. Communicate Provide information and feedback cozy and external to the project on the risk activities, current risks, and emerging risks