Thursday, 5 May 2016

EMBARCING CYBER SECURITY

CYBER SECURITY

Computer security, also known as cyber security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. 
Cyber-safety is a common term used to describe a set of practices, measures and/or actions you can take to protect personal information and your computer from attacks. 
  
PAST, PRESENT OF CYBER SECURITY
  • Cyber security is a young and immature field
  • The attackers are more innovative than defenders
  • Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales
  • Attack back is illegal or classified
FUTURE OF CYBER SECURITY
  • Cyber security will become a scientific discipline
  • Cyber security will be application and technology eccentric
  • Cyber security will never be “solved” but will be “managed”
  • Attack back will be a integral part of cyber security
 
http://www.techtodaystuff.com/wp-content/uploads/2016/01/protection-cybersecurity-2.jpg?8250cd


Types of computer-related crimes.
  • Identity Theft
  • Transmitting child pornography
  • Theft of intellectual property 
  • Cyber-stalking 
  • Unlawful coping and distribution of computer programs 
  • Unauthorized access to computer (s)
  • Computer sabotage 
  • Computer forgery 
  • Bank card fraud
  • Credit card fraud etc

E-Commerce Security

E-commerce revenue is constantly increasing, but the number of fraud cases, as well as the percentage of fraud in online transactions, is increasing faster still. What types of fraud exist and more importantly how can we protect ourselves against them?
 data breach hacker
Card-based paymentsInternet payment fraud is constantly increasing, and is, apparently, unstoppable. The number of fraud cases has increased by 19 percent compared to 2013. Fraud is not exclusive to credit card payments, however. Criminals are becoming more sophisticated in their use of malware to command online banking logins via phones, tablets and computers, using the stolen bank account details to make fraudulent payments.

Identity Theft -  In traditional identity theft, the criminals’ goal is to carry out transactions using a different identity. Instead of having to come up with a completely new identity to do this, they simply take over an existing one. This is easier to do—and usually much faster. In order to commit identity theft or appropriate someone’s identity, fraudsters target personal information, such as names, addresses and email addresses, as well as credit card or account information. This enables them, for example, to order items online under a false name and pay using someone else’s credit card information or by debiting another person’s account.

Friendly Fraud - using this method, customers order goods or services and pay for them – preferably using a “pull” payment method like a credit card or direct debit. Then, however, they deliberately initiate a chargeback, claiming that their credit card or account details were stolen. They are reimbursed—but they keep the goods or services. This fraud method is particularly prevalent with services, such as those in the gambling or adult milieus. Friendly fraud also tends to be combined with re-shipping. This is where criminals who use stolen payment data to pay for their purchases don’t want to have them sent to their home addresses. Instead, they use middlemen whose details are used to make the purchases and who then forward the goods.

 
 Clean Fraud -  The basic principle of clean fraud is that a stolen credit card is used to make a purchase, but the transaction is then manipulated in such a way that fraud detection functions are circumvented. Much more know-how is required here than with friendly fraud, where the only goal is to cancel the payment once a purchase has been made. In clean fraud, criminals use sound analyses of the fraud detection systems deployed, plus a great deal of knowledge about the rightful owners of their stolen credit cards. A great deal of correct information is then entered during the payment process so that the fraud detection solution is fooled. Before clean fraud is committed, card testing is often carried out. This involves making cheap test purchases online to check that the stolen credit card data works.

Affiliate Fraud - There are two variations of affiliate fraud, both of which have the same aim: to glean more money from an affiliate program by manipulating traffic or signup statistics. This can be done either using a fully automated process or by getting real people to log into merchants’ sites using fake accounts. This type of fraud is payment-method-neutral, but extremely widely distributed.

Triangulation Fraud - During triangulation fraud, the fraud is carried out via three points. The first is a fake online storefront, which offers high-demand goods at extremely low prices. In most cases, additional bait is added, like the information that the goods will only be shipped immediately if the goods are paid for using a credit card. The falsified shop collects address and credit card data – this is its only purpose. The second corner of the fraud triangle involves using other stolen credit card data and the name collected to order goods at a real store and ship them to the original customer. The third point in the fraud triangle involves using the stolen credit card data to make additional purchases. The order data and credit card numbers are now almost impossible to connect, so the fraud usually remains undiscovered for a longer period of time, resulting in greater damages.

Merchant Fraud - It’s very simple: goods are offered at cheap prices, but are never shipped. The payments are, of course, kept. This method of fraud also exists in wholesale. It is not specific to any particular payment method, but this is, of course, where no-chargeback payment methods (most of the push payment types) come into their own.

Taking into account the weak security due to the lack of two-factor authentication amongst almost all online services, the problem is only going to get worse until there is a more rigorous standard adopted. This security standard for e-Commerce vendors would remediate the online risks of doing business with vendors of every size, and be mediated by the government, the credit card companies, or both.

10 tips for preventing breaches and hacks and keeping customer data safe for E-Commerce platforms 

1. Educate employees on cyber security
2. Make sure your hosting company is a trusted provider for hosting services 
3. Use a secure ecommerce platform.
4. Deploy SSL encryption.
5. Make sure your ecommerce site is PCI DSS compliant.
6. Utilize Web Application Firewalls (WAFs).
7. Have employees regularly change their passwords
8. Use multi-factor authentication. 
9. Keep up-to-date on security patches, especially for open source platforms
10. Make sure to back up your site regularly.