StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Assurance and Secure Online Payments - Coursework Example

Cite this document
Summary
The "Information Assurance and Secure Online Payments" paper discusses some of the significant security techniques (XSS, SSL, MasterCard SecureCode, Verified by Visa, TrustWave). They are required to be implemented by any company having an e-commerce enabled website…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.7% of users find it useful
Information Assurance and Secure Online Payments
Read Text Preview

Extract of sample "Information Assurance and Secure Online Payments"

Secure E-Payment Secure e-Payment One of the vital and critical features of the e-commerce enabled websites is to make sure thatthe customers are confident and satisfied while making financial transactions over the website. The different forms of the online payments made by the customers have already been discussed earlier in the paper. One of the methods/forms for online payment is the bank account based systems including the credit cards, debit cards, mobile payments, etc. There are diverse security features and functions that need to be implemented by the website’s owner to ensure safe financial transactions keeping in view the e-payment method adopted by the website owner. The customer would not hesitate to provide / enter personal as well as financial (Credit Card, PayPal, etc.) information on any website which has a strict privacy policy and which implements Secure Sockets Layer (SSL), verified by Visa, MasterCard SecureCode, CPI Security Auditor and Trustwave trusted commerce services with respect to the payment methods the website offers. The privacy policy of the website should ensure data confidentiality by stating that the customer’s information will never be disclosed intentionally to the un-trusted third parties. However, if the website/company requires using the personal information (name, address, country, email) of the customers to improve the services, market research, and statistical purposes, the company should specify explicitly in the privacy policy. It is pertinent to mention here that irrespective of which method/form of payment is being used by the customer, the e-commerce enabled website has to follow the steps given below to complete the financial transaction. Moreover, the following points also provide guidelines for the company to implement the security features so that the customers make the financial transactions safely and securely. i. A customer places an order on the e-commerce enabled website by providing the credit card or financial information. The hackers usually use the Cross-Site Scripting (XSS) which is a common hack for web applications, particularly found in web browsers to hack sensitive or financial information. By utilizing the XSS, a hacker sends a malicious code (JavaScript) through the browser or web application in the form of a browser side script to the other end user. The code enables the hacker to access the sensitive information contained in the web browser in the particular website; moreover, the malicious code accesses the cookies and session token. There are certain rules and guidance for avoiding the XSS including: do not allow inserting un-trusted data except in the allowed locations; avoid inserting special characters like , #, @, etc.; it is always recommended to severely authenticate before putting in the un-trusted data into HTML, i.e. cascading style sheets etc. ii. When the customer has finished the registration done by entering all the required financial information, the web browser of the customer encrypts all the sensitive information to the company’s web server. In order to provide secure financial transaction to the customers, the company needs to implement the secure sockets layer (SSL), which encrypts the input data in the browser and send the encrypted data to the server for further processing. It ensures that the information is protected to some extent against unauthorized access (Onyszko, 2004). iii. The web server of the company forwards the transactions information to the payment gateway (server) by using encrypted connection so that the sensitive information cannot have unauthorized access. Moreover, the payment gateway forwards the information to the bank of the Grainger so that payment can be processed. The same technique of SSL can be used for encryption of the sensitive data to avoid unauthorized access. iv. If the customer has chosen the credit card payment method, the company offers payment through diverse credit cards including the MasterCard, Visa and American Express. If the credit card is American Express, then the card association has rights to approve or decline the payment after authorizing the credit card information. But if the credit card is either Visa or MasterCard, the information needs to be sent to the card issuing bank (customer bank). In order to proceed securely at this step, the company needs to implement various security features. For example, if the company accepts the above given credit cards, then the company needs to implement certain cervices; for instance, the verified by Visa service is utilized to avoid, detect and resolve deception by asking the customer to input extra password while making online transaction (Visa, n.d). In order to validate the MasterCard (credit card), the company requires implementing the MasterCard SecureCode that compels the customers to enter the private code of the credit card for avoiding unauthorized access to the financial information (MasterCard, n.d). v. In case of Visa/MasterCard, the customer bank validates the information (along with the four digit number) and replies either approved or denied (along with reasons of refusal) to the payment gateway processor. The payment gateway forwards the results or response of the processor to the web server of the company so that it can be displayed on the website and conveyed accordingly to the customer. Usually, this whole process takes three seconds. In order to complete the financial transaction safely, the company has to implement the Trustwave seal – the website security shield; it provides the highest level of encryption and layered protection to the data against security breaches and frauds (Trustwave, n.d). vi. If the order completed successfully and the credit card information has been validated by the customer’s bank, then the e-commerce enabled website re-initiates the above given whole process to charge the price of the order. But this time, the company’s website also provides all information of the order (item name, number, etc.) to the customer’s bank. The customer’s bank makes a settlement with the company’s bank in terms of money. Conclusion The protection of the digital information, especially over the Internet, is still an immature area. Therefore, it can be stated that there are huge numbers of threats to data, and the vulnerability of data / information is becoming a hindrance and barriers particularly to the e-commerce. Moreover, there are diverse forms of data threats based on the data storage medium, and threats to data could be from the internal resources of an organization as well as external ones. Some of the security threats to e-commerce websites include: the data interception, unauthorized access to stored data, the integrity of data / information, and accidental loss of data. The data interception refers to the data over the Internet which always travels or routed through the Internet Service Providers (ISPs); therefore, unauthorized data accessing from the ISP should be prevented by implementing data encryption techniques. It is sure, if the data gathering and storing process is malfunctioning, the established data will be incorrect as well; this process is known to be as Garbage in Garbage out (GIGO). Data integrity refers to the validity and accuracy of the information; data could be incomplete, erroneous or/and outdated, which would only result in incorrect information that could harm any company. The data integrity is crucial for e-commerce websites that can only be achieved by implementing high quality database along with validation rules. Moreover, there are certain steps to make e-commerce transaction, and implementing security features at each step is highly important. It is pertinent to mention here that each step of financial transaction over the Internet involves diverse security techniques. Some of the significant security techniques (XSS, SSL, MasterCard SecureCode, verified by Visa, TrustWave, etc.) have been discussed in this paper. They are required to be implemented by any company having e-commerce enabled website; moreover, the company needs to follow the information security best practices. References Onyszko, T. (2004). Secure Socket Layer. Retrieved from: http://www.windowsecurity.com/articles/secure_socket_layer.html Visa. (n.d). Verified by Visa. Retrieved from: https://usa.visa.com/personal/security/vbv/index.jsp MasterCard. (n.d). MasterCard SecureCode. Retrieved from: http://www.mastercard.us/securecode.html Trustwave. (n.d). Web Site Seal, Why should you display a Trustwave Seal? Retrieved from: https://ssl.trustwave.com/support/siteseal.php Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information Assurance and Secure Online Payments Coursework Example | Topics and Well Written Essays - 1250 words - 1, n.d.)
Information Assurance and Secure Online Payments Coursework Example | Topics and Well Written Essays - 1250 words - 1. https://studentshare.org/information-technology/1792305-information-assurance-and-security-secure-online-payments
(Information Assurance and Secure Online Payments Coursework Example | Topics and Well Written Essays - 1250 Words - 1)
Information Assurance and Secure Online Payments Coursework Example | Topics and Well Written Essays - 1250 Words - 1. https://studentshare.org/information-technology/1792305-information-assurance-and-security-secure-online-payments.
“Information Assurance and Secure Online Payments Coursework Example | Topics and Well Written Essays - 1250 Words - 1”. https://studentshare.org/information-technology/1792305-information-assurance-and-security-secure-online-payments.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Assurance and Secure Online Payments

Challenges and Security Issues

Chapter 8: How secure is the Cloud Question 1 With respect to the security problem of tracking unauthorized activity, this can be controlled using a cloud vendor.... Laudon (2011) agrees that they fail to secure their infrastructure.... Most firms cannot afford secure systems for them to store and back... On the other hand, management failed to conduct a thorough research on MacAfee's quality assurance procedures.... According to Laudon (2011), this is a public company whose mandatory requirement by law is to disclose how it manages information....
7 Pages (1750 words) Research Paper

History of the Use of Credit Cards

Use of credit cards is very convenient and secure which is the main selling point of the cards.... hellip; Plastic cards were introduced in the second half of the twentieth century and could have stored value to allow the customers to make payments.... Addressing the challenges associated with the credit card use can make them very sustainable, convenient and safe Use of plastic cards for payments is one of the best innovations in the payment industry, having many benefits appreciated by individuals but also has some risks History First Generation Unlike what most people would expect, the use of cards goes back to the 19th century....
14 Pages (3500 words) Essay

Amazon's Data Assurance Policies

nbsp; In a successful credit card transaction for an existing customer the following information assurance policies are embedded within Amazon's order processing system to safeguard customers, Amazon and the card issuer against the risk of identity theft: Amazon's information assurance policies ensure that it does not collect any data from customers that is not required either to facilitate online transactions or to improve the quality of their experience whilst on the site....
3 Pages (750 words) Assignment

Data Model and Data Flow Diagram

PresRX is a new online pharmacy that wants to provide prescription and non-prescription drugs to Canadian consumers.... When a customer goes online, he is shown the drugs PresRX sells.... The personal information includes the email, gender and date of birth in addition to the usual personal information needed for online shopping.... At this time, he will be asked for personal information as well as login information for future purposes....
6 Pages (1500 words) Essay

Evaluation of the Effectiveness of Online Therapies

Thousands of licensed professional in mental health as well as freelancers offer the online therapy to individuals through online chat rooms and email.... hellip; online therapy has many benefits, for house-bound patients, for example, who are not able to visit the office of psychotherapist for face-to-face conversation.... Most of the professional associates have already launched the online therapy programs which are available for remote individuals....
4 Pages (1000 words) Essay

The Electronic Frontier Foundation

online privacy has indeed become a hotly debatable subject with organizations such as Electronic Frontier Foundation (EFF) coming up to defend civil liberties… Whereas internet provides unmatched benefits, a lot of caution need to be taken when using internet in order to stay within safe limits. First step towards protecting online privacy begins with using secure internet connections.... This ensures that only online Privacy Proliferation of information technology in the modern society has carried with itself a wide array of privacy issues....
1 Pages (250 words) Assignment

Credit Card Theft, Fraud and the Banks That Are Liable

Credit card fraud as the result of phishing emails and payments fraud appears to have become more rampant as more financial institutes are publishing actual data on what the fraud is costing them1.... Sullivan noted just one breach at Heartland Payment Systems compromised 130 million records of payments cards and felt that this situation was facilitated because of security vulnerabilities that are part of the credit card usage system3.... Sullivan explains “The process for approving card payments depends to a large extent on information....
6 Pages (1500 words) Essay

EBay.com Guiding Questions

We also have to keep the consumers aware of the strategies that we can take to decipher the contracting, fraud and other violation issues existing in this vast combinational network of online eBay's marketplace.... We also have to keep the consumers aware of the strategies that we can take to decipher the contracting, fraud and other violation issues existing in this vast combinational network of online eBay's marketplace.... Bay's online marketing should supplement self-regulation in implementing policies to empower the marketplace network members....
1 Pages (250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us