Security and privacy of electronic banking by


Privacy and Security Issues



Yüklə 159,16 Kb.
Pdf görüntüsü
səhifə6/13
tarix16.12.2023
ölçüsü159,16 Kb.
#183670
1   2   3   4   5   6   7   8   9   ...   13
security

Privacy and Security Issues 
Privacy can be understood as a legal concept and as the right to be let alone (S. Warren, et al 
1890). Privacy can also mean “the claim of individuals, groups, or institutions to determine for 
themselves when, how, and to what extent information about them is communicated to others” 
(A.F.Westin, 1967). From a privacy standpoint, trust can be viewed as the customer’s 
expectation that an online business will treat the customer’s information fairly (V. Shankar et al, 
2002).
There are four basic categories of privacy: information privacy, bodily privacy, communications 
privacy, and territorial privacy (S. Davies, 1996). Internet privacy is mostly information privacy. 
Information privacy means the ability of the individual to control information about one’s self. 
Invasions of privacy occur when individuals cannot maintain a substantial degree of control over 
their personal information and its use.
People react differently to privacy problems. One reason for these differences might be a cultural 
viewpoint. For example, researchers have pointed out that consumers in Germany react 
differently to marketing practices than people in the USA might consider the norm (T.Singh et 
al, 2003). It is also important to understand their views regarding privacy in general, their 
personal expertise in Internet technologies, and how they view the role of the government and 
the role of companies in protecting consumer privacy. An individual’s perceptions of such 
external conditions will also vary with personal characteristics and past experiences (N. K. 
Malhotra et al, 2004). Therefore, consumers often have different opinions about what is fair and 
what is not fair in collecting and using personal information.
According to C.M.K.Cheung et al (2006) different threats in e-commerce, like data transaction 
attacks and misuse of financial and personal information, generate security threats. Thus, 
security is protection against such threats (F. Belanger et al 2002).
Information security consists of three main parts: confidentiality, integrity, and availability. CIA 
as an abbreviation is a widely used benchmark for evaluation of information system security also 
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012 
ISSN (Online): 1694-0814 
www.IJCSI.org
438
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.


in the e-commerce environment (Parker et al, 2004). All three parts of security may be affected 
by purely technical issues, natural phenomena, or accidental or deliberate human causes.
Confidentiality 
refers to limitations of information access and disclosure to authorized users and 
preventing access by or disclosure to unauthorized users. In other words, confidentiality is an 
assurance that information is shared only among authorized persons or organizations. 
Authentication methods, like user IDs and passwords that identify users can help to reach the 
goal of confidentiality. Other control methods support confidentiality, such as limiting each 
identified user's access to the data system's resources. Additionally, critical to confidentiality 
(also to integrity and availability) are protection against malware, spyware, spam and other 
attacks.
Confidentiality is related to the broader concept of information privacy: limiting access to 
individuals' personal information. The concept of 
integrity 
relates to the trustworthiness of 
information resources. It is used to ensure that information is sufficiently accurate for its 
purposes. The information should be authentic and complete. For example, forwarding copies of 
sensitive e-mail threatens both the confidentiality and integrity of the information. 
Availability 
refers to the availability of information resources. The system is responsible for delivering, 
processing, and storing information that is accessible when needed, by those who need it. An 
information system that is not available when you need it is at least as bad as no system at all. It 
may be much worse if the system is the only way to take care of a certain matter. 
As the society and its economic patterns have evolved from the heavy-industrial era to that of 
information, in terms of providing new products and services to satisfy people's needs, 
organizational strategies have changed too. In effect, corporations have altered their 
organizational and managerial structures, as well as work patterns, in order to leverage 
technology to its greatest advantage such as e-banking services. Economic and technology 
phenomena such as downsizing, outsourcing, distributed architecture, client/server and e-
banking, all include the goal of making organizations leaner and more efficient. However, 
information systems (IS) are deeply exposed to security threats as organizations push their 
technological resources to the limit in order to meet organizational needs (Dhillon, 2001; Dhillon 
and Torkzadeh, 2006). 
According to Dr. David Chaum, CEO of DigiCash said that “security is simply the protection of 
interests. People want to protect their own money and bank their own exposure. The role of 
government is to maintain the integrity of and confidence in the whole system. With electronic 
cash, just as with paper cash today, it will be the responsibility of government to protect against 
system risk. This is serious role that cannot be left to the micro-economic interests of commercial 
organizations”. The security of information may be one of the biggest concerns to the Internet 
users. For electronic banking users who most likely connect to the Internet via dial-up modem, is 
faced with a smaller risk of someone breaking into their computers. Only organizations such as 
banks with dedicated internet connections face the risk of someone from the internet gaining 
unauthorized access to their computer or network. However, the e-banking system users still face 
the security risks with unauthorized access into their banking accounts. Moreover, the e-banking 
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012 
ISSN (Online): 1694-0814 
www.IJCSI.org
439
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.


system users also are concerned about non-repudiability which requires a reliable identification 
of both the sender and the receiver of on-line transactions. Non-secure electronic transaction can 
be altered to change the apparent sender. Therefore, it is extremely important to build in non-
repudiability which means that the identity of both the sender and the receiver can be attested to 
by a trusted third party who holds the identity certificates.
There are a multitude of possible scenarios where sensitive data can be stolen or misplaced when 
processing an online transaction. The methods used to steal and compromise sensitive data is 
dynamic and ever changing. Their purpose is to target applications and architectures that are 
widely used, such as instant messaging, email, standardized shopping carts, redundant coding 
schemes, database programs, and security techniques and encryption. Security concerns should 
be discussed during the design stages of systems development to ensure it is addressed properly 
(Chorafas, 2004). One reason for the multitude of security concerns faced by users is that the 
internet was not developed with security in mind, thus many of the techniques security 
professionals are putting into place are reactionary and hackers are using these same methods. 
Traditional E-commerce security can be broken down into a three-tier model where the client, 
server, and database are described separately (Shwan, 2006). To gather an understanding for the 
threats against E-Commerce applications, we must also explore security concerns that threaten 
all systems. 

Yüklə 159,16 Kb.

Dostları ilə paylaş:
1   2   3   4   5   6   7   8   9   ...   13




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin