Lesson 7 E-Commerce Security and Fraud Protection

Download as pdf or txt
Download as pdf or txt
You are on page 1of 26

LESSON 7: E-COMMERCE SECURITY ISSUES AND FRAUD PROTECTION

Learning Objectives

By the end of this chapter the learner shall be able to;

i. Explain the challenges of stopping E-commerce crimes

ii. Explain the terms confidentiality, integrity and availability

iii. Explain the security tools; both hardware and software

iv. Explain the different types of threats and Attacks; both Technical and Non-technical

v. Explain how E-commerce communications can be secured

Information Security: Information security refers to a variety of activities and methods that protect
information systems, data, and procedures from any action designed to destroy, modify, or degrade the
systems and their operations. Protecting information and information systems from unauthorized access,
use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Basic E-commerce Security Issues and Landscape

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 1 of 26


 Exposure: The estimated cost, loss, or damage that can result if a threat exploits a vulnerability

 Fraud: Any business activity that uses deceitful practices or devices to deprive another of property
or other rights.

 Malware (malicious software): A generic term for malicious software.

 Phishing: A crime ware technique to steal the identity of a target company to get the identities of its
customers.

 Risk: The probability that a vulnerability will be known and used.

 Social engineering: A type of nontechnical attack that uses some ruse to trick users into revealing
information or performing an action that compromises a computer or network e.g. Using social
engineering to hack Facebook.

 Spam: The electronic equivalent of junk mail.

 Vulnerability: Weakness in software or other mechanism that threatens the confidentiality,


integrity, or availability of an asset; it can be directly used by a hacker to gain access to a system or
network.
 Zombies: Computers infected with malware that are under the control of a spammer, hacker, or
other criminal.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 2 of 26


The Criminals and Methods

Hacker: Someone who gains unauthorized access to a computer system.

Cracker: A malicious hacker, who may represent a serious problem for a corporation.

7.1 Why it’s Difficult to stop E-Commerce crimes

It is quite difficult to stop E-crimes for the following reasons;

 Strong EC security makes online shopping inconvenient and demanding on customers. The EC
industry does not want to enforce safeguards that would discourage online commerce.

 A second reason is the lack of cooperation from credit card issuers and foreign ISPs. There are
insufficient incentives for credit card issuers to share leads on criminal activity with each other or
law enforcement. It is much cheaper to block a stolen card and move on than to invest time and
money in a prosecution with an uncertain outcome.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 3 of 26


 The third reason pertains to customers. Online shoppers are to blame for not taking necessary
precautions to avoid becoming a victim. Some shoppers rely too heavily on fraud protection
provided by credit card issuers ignoring the bigger risk of identity theft. Phishing is rampant
because some people respond to it making it profitable.

 A fourth reason arises from IS design and security architecture issues. It is well known that
preventing vulnerability during the EC design and pre-implementation stage is far less expensive
than mitigating problems later. The IS staff needs to plan security from the design stage because
simple mistakes, such as not Ensuring that all traffic into and out of network pass through a
firewall, are often to blamed for letting in hackers.

7.2 Confidentiality, Integrity, and Availability

The success and security of EC depends on the confidentiality integrity and availability of information
and the business Web site.

 Confidentiality is the assurance of data privacy and accuracy the data or transmitted message is
encrypted so that it is readable only by the person for whom it is intended. Depending on the
strength of the encryption method, intruders or eavesdroppers might not be able to break the
encryption to read the data or text. The confidentiality function prevents unauthorized disclosure
of information to unauthorized individuals, entities, or processes.
 Integrity is the assurance that data is accurate or that a message has not been altered. It means that
stored data has not been modified without authorization; a message that was sent is the same
message that was received. The integrity function detects and prevents the unauthorized creation,
modification, or deletion of data or messages.
 Availability is the assurance that access to data, the Web site, or other EC data service is timely
available, reliable, and restricted to authorized users.

Although the basic security concepts important to information on the Internet are confidentiality integrity
and availability concepts relating to the people (users) are authentication, authorization, and
nonrepudiation.

Confidentiality, integrity availability authentication, authorization, and nonrepudiation are all assurance
processes.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 4 of 26


All the Confidentiality, integrity availability functions depend on Authentication, Authorization and
Nonrepudiation;

 Authentication is a process to verify (assure) the real identity of an entity which could be an
individual, computer, computer program, or EC Web site. For transmissions, authentication
verifies that the sender of the message is who the person or organization claims to be.

 Authorization is the process of determining what the authenticated entity is allowed to access and
what operations it is allowed to perform. Authorization of an entity occurs after authentication.
 Nonrepudiation is closely associated with authentication is, which is assurance that online
customers or trading partners cannot falsely deny (repudiate) their purchase, transaction, and so
on. For EC and other electronic transactions, including cash machines or ATMs, all parties in a
transaction must be confident that the transaction is secure; the parties are who they say they are.

7.3 Threats and Attacks

Generally there are two typed of attacks nontechnical and technical although most attacks involve a
combination of the two types;

 Nontechnical attacks are those in which a perpetrator uses some form of deception or persuasion to
trick people into revealing information or performing actions that can compromise the security of a
network.
 Technical attacks are attacks perpetrated using software and systems knowledge or expertise. The
time-to-exploitation of today’s most sophisticated spyware and worms has shrunk from months to
days. Time-to-exploitation is the elapsed time between when a vulnerability is discovered and the time
it is exploited.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 5 of 26


There are several technical attacks that could be used as follows;

 Denial of service (DOS) attack: Is an attack on a website in which an attacker uses specialized
software to send a flood of data packets to the target computer with the aim of overloading its
resources.
 Server and Web Page Hijacking: Web servers and Web pages can be hijacked and configured to
control or redirect unsuspecting users to scam or phishing sites. This technique uses server redirects.
This exploit allows any Web master (including criminals) to have his or her own virtual pages rank
for pages belonging to another Web master. It involves creating a rogue copy of a popular website that
shows contents similar to the original to a Web crawler; once there, an unsuspecting user is redirected
to malicious websites. When effectively employed, this technique will allow the offending Web master
(the hijacker‖) to displace the pages of the target or victim Web site in the Search Engine Results Pages
(SERPS).This causes search engine traffic to the target Web site to vanish or redirects traffic to any
other page of choice.
 Botnets: This is a huge number of hijacked internet computers that have been setup to forward traffic,
including spam and viruses, to other computers on the internet.
 Malicious Code: Viruses, Worms, and Trojan Horses: Sometimes referred to as malware (for
malicious software), malicious code is classified by how it propagates (spreads). A virus is a piece of

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 6 of 26


software code that inserts itself into a host, including the operating systems; running its host program
activates the virus. A virus has two components. First, it has a propagation mechanism by which it
spreads. Second, it has a payload that refers to what the virus does once it is executed. Sometimes a
particular event triggers the virus’s execution. A worm is a software program that runs independently,
consuming the resources of its host in order to maintain itself, that is capable of propagating a complete
working version of itself onto another machine. A Trojan horse is a program that appears to have a
useful function but that contains a hidden function that presents a security risk. A banking Trojan is
a Trojan that comes to life when computer owners visit one of a number of online banking or e-
commerce sites. A macro virus (macro worm) is executed when the application object that contains
the macro is opened or a particular procedure is executed.
 Malvertising: The use of online advertising to spread malware.
 Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and
credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment
processors or IT administrators are commonly used to lure the unsuspecting public.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 7 of 26


Nontechnical Attack Methods

SOCIAL PHISHING: This uses Sophisticated Phishing Methods. They include:

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 8 of 26


 Identity theft and identify fraud: Identity theft is Fraud that involves stealing an identity of a
person and then the use of that identity by someone pretending to be someone else in order to steal
money or get other benefits.

 Spam and spyware attacks

• E-mail spam: A subset of spam that involves nearly identical messages sent to numerous
recipients by e-mail.

• Spyware: Software that gathers user information over an Internet connection without the
user’s knowledge.

 Data breach: A security incident in which sensitive, protected, or confidential data is copied,
transmitted, viewed, stolen, or used by an individual unauthorized to do so.

 Search engine spam: Pages created deliberately to trick the search engine into offering
inappropriate, redundant, or poor-quality search results.

 Spam site: Page that uses techniques that deliberately subvert a search engine’s algorithms to
artificially inflate the page’s rankings.

 Splog: Short for spam blog, a site created solely for marketing purposes.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 9 of 26


7.4 Securing E-Commerce Communications

Most organizations rely on multiple technologies to secure their networks. These technologies can be
divided into two major groups: those designed to secure communications across the network and those
designed to protect the servers and clients on the network.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 10 of 26


The Information Assurance Model and Defense Strategy

Three security concepts important to information on the Internet: confidentiality, integrity, and
availability

• Confidentiality: Assurance of data privacy and accuracy; keeping private or sensitive information
from being disclosed to unauthorized individuals, entities, or processes.

• Integrity: Assurance that stored data has not been modified without authorization; a message that was
sent is the same message as that which was received.

• Availability: Assurance that access to data, the website, or other EC data service is timely, available,
reliable, and restricted to authorized users.

• Penetration test (pen test): A method of evaluating the security of a computer system or a network
by simulating an attack from a malicious source, (e.g., a cracker).

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 11 of 26


• EC security programs: All the policies, procedures, documents, standards, hardware, software,
training, and personnel that work together to protect information, the ability to conduct business,
and other assets

• Authentication: A process to verify (assure) the real identity of an entity which could be an
individual, computer, computer program, or EC Web site. For transmissions, authentication
verifies that the sender of the message is who the person or organization claims to be.

• Authorization: The process of determining what the authenticated entity is allowed to access and
what operations it is allowed to perform. Authorization of an entity occurs after authentication.

• Nonrepudiation: Is closely associated with authentication. It is assurance that online customers


or trading partners cannot falsely deny (repudiate) their purchase, transaction, and so on. For EC
and other electronic transactions, including cash machines or ATMs, all parties in a transaction
must be confident that the transaction is secure; the parties are who they say they are.

• Computer security incident management: The monitoring and detection of security events on a
computer or computer network, and the execution of proper responses to those events. The primary
purpose of incident management is the development of a well understood and predictable response
to damaging events and computer intrusions.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 12 of 26


THE DEFENSE SIDE OF EC SYSTEMS

a) Defending access to computing systems, data flow, and EC transactions.


b) Defending EC networks.
c) General, administrative, and application controls.
d) Protection against social engineering and fraud.
e) Disaster preparation, business continuity, and risk management.
f) Implementing enterprise wide security programs.

Some technologies are considered below;

1. Access Control Network security

Access control are mechanism that determines who can legitimately use a network resource

 Authorization and Authentication

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 13 of 26


 Biometric control: An automated method for verifying the identity of a person based on physical or
behavioral characteristics.
 Biometric systems: Authentication systems that identify a person by measurement of a biological
characteristic using Fingerprint scanners, iris scanners, facial recognition systems, and voice
recognition all are examples of biometric systems that recognize a person by some biological
characteristic or trait.
2. Encryption and the one-key (symmetric) system
 Encryption: The process of scrambling (encrypting) a message in such a way that it is difficult,
expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it. The
encryption algorithm is the set of procedures or mathematical functions to encrypt or decrypt a
message.
o Plaintext: An unencrypted message in human-readable form.
o Cipher text: A plaintext message after it has been encrypted into a machine-readable form.
• Public Key Infrastructure (PKI): A scheme for securing e-payments using public key encryption
and various technical components infrastructure, and practices needed to enable the use of public
key encryption, digital signatures, and digital certificates with a network application. PKI also is
the foundation of a number of network applications, including SCM, VPNs, secure e-mail, and
intranet applications.
 Public (asymmetric) key encryption: Method of encryption that uses a pair of
matched keys—a public key to encrypt a message and a private key to decrypt it,
or vice versa.
 Private key: Encryption code that is known only to its owner
 Symmetric (Private) and Public Key Encryption: PKI is based on encryption. An encryption
system that uses the same key to encrypt and decrypt the message.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 14 of 26


 Digital signatures or digital certificate: this is the equivalent of a personal signature that cannot
be forged. They are based on public keys for authenticating the identity of the sender of a message
or document. They also ensure that the original content of an electronic message or document is
unchanged.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 15 of 26


 Digital envelope: The combination of the encrypted original message and the digital signature,
using the recipient’s public key.
 Secure Socket Layer (SSL): This is a protocol that utilizes standard certificates for authentication
and data encryption to ensure privacy or confidentiality.
3. Securing e-commerce networks: Several technologies exist that ensure that an organization’s
network boundaries are secure from attacks such as;
 Firewalls: they are barriers between a trusted network or PC and the untrustworthy
internet. It’s a single point between two or more networks where all traffic must pass (choke
point); the device authenticates, controls and logs all traffic.
 Personal firewall: A network node designed to protect an individual user’s desktop
system from the public network by monitoring all the traffic that passes through the
computer’s network interface card.

 Virtual private network (VPN): A network that uses the public Internet to carry
information but remains at private by using encryption to scramble the communications,
authentication to ensure that information has not been tampered with, and access control
to verify the identity of anyone using the network.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 16 of 26


 Intrusion detection systems (IDSs): A special category of software that can monitor
activity across a network or on a host computer, watch for suspicious activity, and take
automated action based on what it sees.
 Dealing with DoS Attacks: Cloud computing prevents DoS attacks.

 Honeypot: Production system (e.g., firewalls, routers, Web servers, database servers) that
looks like it does real work, but which acts as a decoy and is watched to study how network
intrusions occur.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 17 of 26


4. General controls

Controls established to protect the system regardless of the specific application; for example, protecting
hardware and controlling access to the data center are independent of the specific application.

 Physical Controls

 Administrative Controls

5. Application controls and intelligence agents

Controls that are intended to protect specific applications.

 Intelligent agents: Software applications that have some degree of reactivity, autonomy, and
adaptability—as is needed in unpredictable attack situations; an agent is able to adapt itself based on
changes occurring in its environment.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 18 of 26


Chapter Review Questions

1. Explain the reasons why E-crimes are difficult to stop.

2. What sorts of precautions should online shoppers use to secure their transactions?.

3. What are digital signatures and how can they be used to secure E-commerce transactions?

4. What E-crimes do you think are the most common in Kenya?

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 19 of 26


SECURITY IN E-COMMERCE TRANSACTIONS

Security in e-commerce transactions is of paramount importance due to several critical reasons


that impact both businesses and consumers. Here are key aspects that highlight the significance
of security in e-commerce transactions:

1. Protection of Sensitive Information:


o E-commerce transactions involve the exchange of sensitive information such as credit
card details, personal identifiers (like name, and address), and login credentials.
Security measures are essential to prevent unauthorized access and ensure this
information is not compromised.
2. Trust and Customer Confidence:
o Security breaches can severely damage customer trust and confidence in an e-
commerce business. Customers are hesitant to shop from websites that are perceived
as insecure, leading to loss of sales and reputation damage.
3. Prevention of Fraud and Identity Theft:
o Secure e-commerce systems employ measures like encryption, secure payment
gateways, and fraud detection tools to mitigate risks associated with fraud and
identity theft. These measures protect both customers and businesses from financial
losses.
4. Compliance with Regulations:
o E-commerce businesses must comply with various regulations and standards related
to data protection and payment security (e.g., GDPR, PCI-DSS). Failure to adhere to
these regulations can result in legal consequences, fines, and reputational damage.
5. Business Continuity and Operational Integrity:
o A security breach can disrupt e-commerce operations, leading to downtime, loss of
revenue, and operational inefficiencies. Robust security measures ensure business
continuity and maintain the integrity of transactions.
6. Mitigation of Financial Risks:
o Secure e-commerce transactions reduce the risk of financial liabilities for businesses,
such as chargebacks resulting from fraudulent activities. Implementing secure
payment methods and fraud prevention tools helps mitigate these risks.
7. Competitive Advantage:
o Businesses that prioritize and demonstrate strong security measures gain a
competitive advantage. Customers are more likely to choose platforms that prioritize
their security and privacy concerns over those that do not.
8. Long-term Customer Relationships:
o Building and maintaining long-term customer relationships require a foundation of
trust. Secure e-commerce transactions foster loyalty and encourage repeat purchases,
contributing to business growth and sustainability.

In summary, security in e-commerce transactions is crucial for protecting sensitive information,


maintaining customer trust, complying with regulations, preventing fraud, ensuring business

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 20 of 26


continuity, mitigating financial risks, gaining competitive advantage, and fostering long-term
customer relationships. E-commerce businesses must continuously invest in robust security
measures to safeguard their operations and enhance overall trustworthiness in the digital
marketplace.

SECURITY MEASURES TO MINIMIZE E-COMMERCE TRANSACTION RISKS


Ensuring the security of e-commerce transactions is critical to protect both consumers and
businesses from various risks, including fraud, data breaches, and identity theft. Here are the
key security requirements that help assure success and minimize e-commerce transaction
risks:
1. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Encryption

SSL/TLS Protocols: These protocols encrypt data transmitted between the user's browser and
the e-commerce server, ensuring that sensitive information such as credit card details and
personal data are protected from interception.

HTTPS: Websites should use HTTPS instead of HTTP. The 'S' stands for secure, indicating
that SSL/TLS encryption is in place. This can be verified by the presence of a padlock icon in the
browser’s address bar.
2. Payment Card Industry Data Security Standard (PCI DSS) Compliance
Standards for Payment Security

PCI DSS Compliance: Businesses that handle credit card information must comply with PCI
DSS, a set of security standards designed to ensure that all companies that accept, process, store,
or transmit credit card information maintain a secure environment.

Secure Storage: PCI DSS mandates secure storage of payment information, including
encryption, masking, and secure deletion of cardholder data.
3. Multi-Factor Authentication (MFA)
Additional Verification

MFA Implementation: MFA adds an extra layer of security by requiring users to provide two
or more verification factors to authenticate their identity. This could include something they
know (password), something they have (smartphone), or something they are (biometric
verification).

Preventing Unauthorized Access: MFA helps prevent unauthorized access even if the user’s
password is compromised.

4. Secure Payment Gateways

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 21 of 26


Trusted Payment Processors

Payment Gateways: Use reputable payment gateways (e.g., PayPal, Stripe, Square) that
provide secure and encrypted transaction processing.

Tokenization: Some payment gateways use tokenization, which replaces sensitive payment
information with a unique identifier or token that cannot be used outside of the specific
transaction context.
5. Data Encryption
Protecting Sensitive Data

Encryption at Rest: Encrypt sensitive data stored on servers to protect it from unauthorized
access or theft.

End-to-End Encryption: Ensure that data is encrypted during transmission and storage to
prevent unauthorized access at any stage.
6. Secure Authentication and Authorization
User Access Control

Strong Password Policies: Enforce strong password requirements, such as complexity,


length, and periodic changes.

Role-Based Access Control (RBAC): Implement RBAC to ensure that users only have access
to the resources and information necessary for their role.
7. Regular Security Audits and Vulnerability Assessments
Proactive Security Management

Security Audits: Conduct regular security audits to identify and address vulnerabilities in the
e-commerce platform.

Penetration Testing: Perform penetration testing to simulate attacks and evaluate the security
of the system.
8. Secure Coding Practices
Developing Secure Applications

Input Validation: Implement input validation to prevent injection attacks, such as SQL
injection and cross-site scripting (XSS).

Code Review: Regularly review and update code to fix security vulnerabilities and follow
best practices for secure coding.
9. Firewalls and Intrusion Detection Systems

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 22 of 26


Network Security

Firewalls: Use firewalls to protect the e-commerce infrastructure from unauthorized access
and malicious traffic.

Intrusion Detection/Prevention Systems (IDS/IPS): Deploy IDS/IPS to monitor network


traffic for suspicious activity and automatically respond to potential threats.
10. Data Backup and Recovery
Business Continuity

Regular Backups: Perform regular backups of critical data to ensure it can be restored in case
of data loss or a security incident.

Disaster Recovery Plan: Develop and test a disaster recovery plan to ensure the business can
quickly resume operations after a security breach.
11. Privacy Policies and User Education
Building Trust and Awareness

Clear Privacy Policies: Provide clear and comprehensive privacy policies that inform users
how their data is collected, used, and protected.

User Education: Educate customers about safe online practices, such as recognizing phishing
attempts, creating strong passwords, and safeguarding their personal information.
12. Monitoring and Logging
Activity Tracking

Continuous Monitoring: Continuously monitor the e-commerce environment for unusual


activity or potential security breaches.

Logging: Maintain detailed logs of transactions and access to sensitive data to help detect and
investigate security incidents.
13. Anti-Malware and Anti-Fraud Measures
Protecting Against Threats

Anti-Malware Software: Install and regularly update anti-malware software to protect against
viruses, spyware, and other malicious software.

Fraud Detection Systems: Implement systems that use machine learning and analytics to
detect and prevent fraudulent transactions in real time.

By adhering to these security requirements, e-commerce businesses can significantly reduce the
risks associated with online transactions, protect sensitive data, and build trust with their

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 23 of 26


customers. These measures create a secure environment that fosters successful and safe e-
commerce activities.
LESSON 7.1 ONLINE SHOPPING SECURITY

Online shopping has become an integral part of modern consumer behavior, but it also
presents various security risks. To safeguard their transactions, online shoppers should take
several precautions. Here are some key measures to enhance security:
1. Use Secure Websites
HTTPS Protocol
 Look for HTTPS: Ensure that the website uses HTTPS instead of HTTP. The 'S' stands
for secure and indicates that the site uses encryption to protect data.
 Check the Padlock Icon: Verify the presence of a padlock icon in the address bar, which
signifies a secure connection.

2. Use Strong and Unique Passwords


Password Management

 Complex Passwords: Use strong passwords that combine letters, numbers, and special
characters.
 Unique Passwords: Avoid using the same password across multiple sites. Each account
should have a unique password.
 Password Managers: Utilize password managers to securely store and manage
passwords.

3. Enable Two-Factor Authentication (2FA)


Additional Security Layer

 2FA: Enable two-factor authentication on online shopping accounts. This adds an extra
layer of security by requiring a second form of verification, such as a code sent to your
phone.
 Authentication Apps: Use authentication apps like Google Authenticator or Authy for
generating verification codes.

4. Be Cautious with Personal Information


Limit Sharing
 Minimal Information: Only provide the necessary personal information required for the
transaction.
 Avoid Oversharing: Be wary of sites that ask for excessive personal information, such as
Social Security numbers or bank details.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 24 of 26


5. Use Secure Payment Methods
Trusted Payment Gateways

 Credit Cards: Prefer credit cards over debit cards, as they offer better fraud protection.
 Secure Payment Services: Use reputable payment services like PayPal, Apple Pay, or
Google Wallet, which provide an additional layer of security.
 Virtual Credit Cards: Consider using virtual credit cards, which generate a temporary
card number for each transaction.

6. Monitor Financial Statements


Regular Checks
 Review Statements: Regularly review bank and credit card statements for
unauthorized transactions.
 Set Alerts: Set up account alerts to receive notifications of any suspicious activity or
large transactions.

7. Beware of Phishing Scams


Recognize Phishing Attempts

 Suspicious Emails: Be cautious of emails or messages that request personal information


or contain suspicious links.
 Verify Authenticity: Always verify the sender’s authenticity before clicking on links or
providing information. Hover over links to see the actual URL.
 Don’t Click on Pop-Up Windows: Avoid entering personal information in pop-up
windows while shopping online.
8. Shop from Reputable Websites
Trustworthy Retailers
 Reputation: Shop from well-known and reputable e-commerce sites.
 Check Reviews: Look at customer reviews and ratings to gauge the reliability of the
website.
 Official Apps: When shopping on mobile devices, use official retailer apps rather than
browsing websites.
9. Secure Your Devices
Device Security
 Antivirus Software: Install and regularly update antivirus and anti-malware software.
 Firewall: Enable the firewall on your computer or network to block unauthorized
access.
 Software Updates: Keep your operating system, browser, and apps updated to protect
against security vulnerabilities.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 25 of 26


10. Use Secure Networks
Avoid Public Wi-Fi
 Public Networks: Avoid conducting financial transactions over public Wi-Fi networks,
which can be easily compromised.
 VPN: Use a Virtual Private Network (VPN) to encrypt your internet connection and
protect your data when using public or unsecured networks.
11. Understand and Use Return and Privacy Policies
Read Policies
 Return Policies: Familiarize yourself with the retailer's return and refund policies
before making a purchase.
 Privacy Policies: Understand how your personal information will be used and
protected by reading the site’s privacy policy.
12. Log Out After Transactions
Secure Logout
 Log Out: Always log out of your account after completing your purchase, especially on
shared or public devices.
 Clear Browser History: Clear your browser history, cookies, and cache regularly to
remove any stored information.

LESSON 7 E-COMMERCE SECURITY AND FRAUD PROTECTION Page 26 of 26

You might also like