Security and privacy of electronic banking by
Privacy and Security Issues
Yüklə 159,16 Kb. Pdf görüntüsü
|
|
Privacy and Security Issues
Privacy can be understood as a legal concept and as the right to be let alone (S. Warren, et al 1890). Privacy can also mean “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (A.F.Westin, 1967). From a privacy standpoint, trust can be viewed as the customer’s expectation that an online business will treat the customer’s information fairly (V. Shankar et al, 2002). There are four basic categories of privacy: information privacy, bodily privacy, communications privacy, and territorial privacy (S. Davies, 1996). Internet privacy is mostly information privacy. Information privacy means the ability of the individual to control information about one’s self. Invasions of privacy occur when individuals cannot maintain a substantial degree of control over their personal information and its use. People react differently to privacy problems. One reason for these differences might be a cultural viewpoint. For example, researchers have pointed out that consumers in Germany react differently to marketing practices than people in the USA might consider the norm (T.Singh et al, 2003). It is also important to understand their views regarding privacy in general, their personal expertise in Internet technologies, and how they view the role of the government and the role of companies in protecting consumer privacy. An individual’s perceptions of such external conditions will also vary with personal characteristics and past experiences (N. K. Malhotra et al, 2004). Therefore, consumers often have different opinions about what is fair and what is not fair in collecting and using personal information. According to C.M.K.Cheung et al (2006) different threats in e-commerce, like data transaction attacks and misuse of financial and personal information, generate security threats. Thus, security is protection against such threats (F. Belanger et al 2002). Information security consists of three main parts: confidentiality, integrity, and availability. CIA as an abbreviation is a widely used benchmark for evaluation of information system security also IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012 ISSN (Online): 1694-0814 www.IJCSI.org 438 Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved. in the e-commerce environment (Parker et al, 2004). All three parts of security may be affected by purely technical issues, natural phenomena, or accidental or deliberate human causes. Confidentiality refers to limitations of information access and disclosure to authorized users and preventing access by or disclosure to unauthorized users. In other words, confidentiality is an assurance that information is shared only among authorized persons or organizations. Authentication methods, like user IDs and passwords that identify users can help to reach the goal of confidentiality. Other control methods support confidentiality, such as limiting each identified user's access to the data system's resources. Additionally, critical to confidentiality (also to integrity and availability) are protection against malware, spyware, spam and other attacks. Confidentiality is related to the broader concept of information privacy: limiting access to individuals' personal information. The concept of integrity relates to the trustworthiness of information resources. It is used to ensure that information is sufficiently accurate for its purposes. The information should be authentic and complete. For example, forwarding copies of sensitive e-mail threatens both the confidentiality and integrity of the information. Availability refers to the availability of information resources. The system is responsible for delivering, processing, and storing information that is accessible when needed, by those who need it. An information system that is not available when you need it is at least as bad as no system at all. It may be much worse if the system is the only way to take care of a certain matter. As the society and its economic patterns have evolved from the heavy-industrial era to that of information, in terms of providing new products and services to satisfy people's needs, organizational strategies have changed too. In effect, corporations have altered their organizational and managerial structures, as well as work patterns, in order to leverage technology to its greatest advantage such as e-banking services. Economic and technology phenomena such as downsizing, outsourcing, distributed architecture, client/server and e- banking, all include the goal of making organizations leaner and more efficient. However, information systems (IS) are deeply exposed to security threats as organizations push their technological resources to the limit in order to meet organizational needs (Dhillon, 2001; Dhillon and Torkzadeh, 2006). According to Dr. David Chaum, CEO of DigiCash said that “security is simply the protection of interests. People want to protect their own money and bank their own exposure. The role of government is to maintain the integrity of and confidence in the whole system. With electronic cash, just as with paper cash today, it will be the responsibility of government to protect against system risk. This is serious role that cannot be left to the micro-economic interests of commercial organizations”. The security of information may be one of the biggest concerns to the Internet users. For electronic banking users who most likely connect to the Internet via dial-up modem, is faced with a smaller risk of someone breaking into their computers. Only organizations such as banks with dedicated internet connections face the risk of someone from the internet gaining unauthorized access to their computer or network. However, the e-banking system users still face the security risks with unauthorized access into their banking accounts. Moreover, the e-banking IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012 ISSN (Online): 1694-0814 www.IJCSI.org 439 Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved. system users also are concerned about non-repudiability which requires a reliable identification of both the sender and the receiver of on-line transactions. Non-secure electronic transaction can be altered to change the apparent sender. Therefore, it is extremely important to build in non- repudiability which means that the identity of both the sender and the receiver can be attested to by a trusted third party who holds the identity certificates. There are a multitude of possible scenarios where sensitive data can be stolen or misplaced when processing an online transaction. The methods used to steal and compromise sensitive data is dynamic and ever changing. Their purpose is to target applications and architectures that are widely used, such as instant messaging, email, standardized shopping carts, redundant coding schemes, database programs, and security techniques and encryption. Security concerns should be discussed during the design stages of systems development to ensure it is addressed properly (Chorafas, 2004). One reason for the multitude of security concerns faced by users is that the internet was not developed with security in mind, thus many of the techniques security professionals are putting into place are reactionary and hackers are using these same methods. Traditional E-commerce security can be broken down into a three-tier model where the client, server, and database are described separately (Shwan, 2006). To gather an understanding for the threats against E-Commerce applications, we must also explore security concerns that threaten all systems. Yüklə 159,16 Kb. Dostları ilə paylaş:
|