Upload
sudeshna07
View
239
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Cyber fraud a threat to E commerce
Citation preview
Cyber Fraud A Threat To Ecommerce
Sudeshna Akanksha PandaRoll No. 985009, LL.M, IV
SemesterKIIT Law School
Objective Of The Study
To establish the extent of internet fraud and its operational impact on ecommerce.
The effectiveness of current fraud prevention systems.
Finally to identify common features in the way internet fraudsters operate.
Hypothesis
The effect of cyber fraud on e
commerce: examining various aspects involved.
Chapterization 1. Introduction 2. Ecommerce and its relation to cyber fraud.
3. Various aspects of ecommerce. 4. Technical issues involved. 5. Legal issues: substantive and procedural. 6. Conclusion and suggestions
Issues Involved
The major issues tackled with in this paper are as follows:
1. How ecommerce is affected by cyber fraud. 2. Adequacy of regulations in the national and
international level. 3. Technical measures. 4. Mechanisms and laws to check cyber fraud
Introduction
•Two Major Developments During the Past Decade:1. Widespread Computerization2. Growing Networking and Internetworking•Need for Automated Tools for Protecting Files and Other Information.•Network and Inter-network Security refer to measures needed to protect data during its transmission from one computer to another in a network or from one network to another in an internetwork.
Continued…Network security is complex. Some reasons are:•Requirements for security services are:
Confidentiality Authentication Integrity
•Key Management is difficult.•Creation, Distribution, and Protection of Key information calls for the need for secure services, the same services that they are trying to provide.
Features Of Ecommerce
Technology enabled
Ubiquity
Interactivity
Information delivery
Digital content
Inter-disciplinary in nature
Types Of EcommerceB2B (Business-to-Business)
C2C (Consumer-to-Consumer)
B2G (Business-to-Government)
G2B (Government-to-Business)
G2C (Government-to-ConsumerB2C (Business-to-Consumer)
Ecommerce Advantages
•Being able to conduct business 24 x 7 x 365.
•Expansion in market size.
•Availability of current information.
•Better customer service.
•Reduction in costs.
•Marketing efforts gets boosted
Ecommerce PracticesVs.Traditional Business Practices
Financial accounting : From manual to computerized
Information system: From paper based to digital
Advertising : Offline to online
Corporate purchasing : Manual to E-procurement
Ecommerce Infrastructure Includes
A network of Networks.
Hardware and Software.
Building E-Commerce enabled website.
Client-Server Computing.
Hosting site on Web Server.
Finding provider for electronic funds transfer
Electronic Payment System
Credit card
Debit card
E-cheques
E-wallets
Meaning of Cyber Fraud
Crime committed using a computer and the internet to steal a person's identity or illegal imports or malicious programs.
Cybercrime is nothing but where the computer is used as an object or subject of crime.
Online activities are just as vulnerable to crime and can compromise personal safety just as effectively as common everyday crimes.
Lawmakers, law enforcement, and individuals need to know how to protect themselves and the persons for which they are responsible.
Categorization of Cyber Crime
We can categorize Cyber crime in two ways : The Computer as a Target :- using a
computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc.
The computer as a weapon :- using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography. Cyber Crime regulated by Cyber Laws or Internet Laws.
Types of Cyber Crime
Hacking Software Piracy Denial Of Service Attack Virus Dissemination Computer Vandalism Cyber terrorism
Types of Cyber AttacksTypes of Cyber attacks, by percentage(source- FBI,2007)
Financial fraud: 11% Sabotage of data/networks: 17% Theft of proprietary information: 20% System penetration from the outside: 25% Denial of service: 27% Unauthorized access by insiders: 71% Employee abuse of internet privileges 79% Viruses: 85%
Types of Cyber Attacks
Manipulate data integrity 6.8% Installed a sniffer 6.6% Stole password files 5.6% Proving/scanning systems 14.6% Trojan logons 5.8% IP spoofing 4.8% Introduced virus 10.6% Denied use of services 6.3%
Types of Cyber Attacks
Downloaded data 8.1% Compromised trade secrets 9.8% Stole/diverted money 0.3% Compromised e-mail/documents 12.6%
Publicized intrusion 0.5% Harassed personnel 4.5% Other 3.0%
Challenges to Security:
•Internet was never designed with security in mind.•Many companies fail to take adequate measures to protect their internal systems from attacks.•Security precautions are expensive {firewalls, secure web servers, encryption mechanisms}.•Security is difficult to achieve.
Security Threats
•Unauthorized access•Loss of message confidentiality or integrity•User Identification•Access Control•Players:
User community Network Administration Introducers/Hackers
•The bigger the system, the safer it is
MVS mainframe users (5%) UNIX users (25%) Desktop users (50%)
The Main Security Risks
•E-commerce offer great deal of opportunities for business. But the whole field of e-commerce is subject to risks as outlined:•Data being stolen
Electronic mail can be intercepted and read
Customer’s credit card numbers may be read
•Login/password and other access information stolen•Operating system shutdown•File system corruption•User login information can be captured
Other Security Issues
Customers risks :Stolen credentials or passwordDishonest merchant Merchants risk :Forged or copied instrumentsInsufficient funds in customers account
E-commerce security
Authorization , Access Control:protect intranet from hoarders: Firewalls Confidentiality , Data Integrity:message must not be altered or tampered with : Encryption Authentication:both parties prove identity before starting
transaction: Digital Certificates Non-repudiation:proof that the document originated by you and
you only: Digital signature
Advantages of cyber security
The cyber security will defend us from critical attacks.
Internet security process all the incoming and outgoing data on our computer.
Cyber security will defend from hacks and virus.
Safeguards Against Cyber Fraud
Held orders In-house database Shared database/Chain calls Telephone database Issuing Bank Call the customer
Conclusion
Implementation of existing laws in a stricter manner.
Changes in the:1. Information Technology Act, 2000, Amendment 2008 should be strictly adhered to.
2. Indian Penal Code, 1908 should be in amended, stricter punishment should be imposed on violators.
3. The newly added sections of the Indian Evidence Act should be considered while giving judgments on cyber fraud
Suggestions The police officers, judges lawyers and
the persons associated with legal profession should be sensitized on the matter.
The general public, companies and corporate houses should be made aware of the damages cyber fraud can cause
Advertisements in all forms of media is an effective tool for creating awareness.
High fines should be imposed which should be deterrent in nature.