How to safeguard our personal and financial data

Internet is a global system of interconnected computer network consists of millions of private and public networks of local to global scope. Nowadays, most of us will rely on computer to store our personal data and use online financial service to perform financial transactions such as online banking, transfer money. We should have adequate safeguard to protect the confidential data from being stolen.

a

a

a

a

Here are a few approaches on how to safeguard our personal data

a

a

Password protect

a

Choose your password wisely. While you want to choose something you'll remember, you don't want it to be something that a clever thief could figure out just by learning your birth date or your child's name. A combination of uppercase and lowercase letters, numbers, and symbols will offer you more security. And remember do not reveal any personal information or passwords to anyone.

a

a

Keep credit cards to a minimum

a

Use a credit card with a small limit for online purchase. It's all too easy for a dishonest sales clerk to use your credit card information. If the card you use for these purchases has a low credit limit, at least felon won't be able to rack up many bills before hitting a wall.

a

a

a

Install antispyware and antivirus software a

a

Protect your computer's security by using anti-virus software, spyware, firewalls to guard your computer information from the nefarious.

a

a

a

a

Avoid using public computer for accessing financial information a

a

Avoid logging on to check your bank balance using a public computer or coffee shop that offers wireless access. After using any of the Financial Data Center or member services, it is a must to log out before leaving the Financial Data Center. If you are using public computer , must remember to close the browser window. That is to prevent other users from reading your personal information and mail.

a a

a

Guard your Social Security number

a

Make sure that anyone asking for your Social Security number really needs it. Often businesses that ask for a Social Security number can use an alternative customer identification number if you ask. Make sure not to print your Social Security number on checks or in other highly visible places.Store your card in a safe place and avoid giving the number to others.

a

a

a

a

Avoid click on pop-up

A

You are not encourage to click on pop-up ads or download any information from unknown sites. Never open an attachment or click on a link sent to you by an unknown party. Attachments can contain viruses and links can lead unsuspecting users to dummy sites where they are asked to input financial information. a a

a

a

a

Avoid giving personal information to anyone who anyone who solicits you over the phone , mail or unknown 3rd parties.

a a a a

a a a a a a a

Review credit report frequently to check whether the amount is accurate.

a

a a

a a a a

a

a

Update your browser. Updating your browser on a regular basis can help plug up security holes. a a a a a

a

a

a

a

http://www.fool.com/personal-finance/general/2006/09/23/safeguard-your-financial-life.aspx

The Application of 3rd Party Certification Programme in Malaysia

Third parties are also called as certificate authorities (CAs), who issue digital certificate to provide verification that your website does indeed represent your company. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate. The certificate may includes the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner.

a

MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development. The company is aimed to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.

a

Besides, there is another company which is VeriSign, Inc.. This company provides a critical layer of intelligence and security that enables key transactions, protects data and safely delivers information across myriad protocols and devices. Moreover, VeriSign is the leading Secure Sockets Layer (SSL) CA which also enabling the security of e-commerce, communications, and interactions for Web sites, intranets, and extranets. It provides security solutions to protect an organization’s consumers, brand, Web site, and network.

a

How does this certification program helps?

a

This 3rd party certification program helps to ensure that consumer’s information are safely travelled over the Internet and reaches the intended recipients. Now a day, there are a lot of threats spreading around the internet, this program could help in enable a fair deal between seller and buyer over the internet.

a

Furthermore, this program would enhance customer confidentiality over online shopping as it could provide e-mail protection and validation, secure online shopping carts and others services in avoiding damages from malicious software.

a

a

a

In other words, the application of 3rd party certification programme in Malaysia has a high possibility to increase the profit of any organisation that using E-commerce in way of enhancing customer trust and confidents towards the deal.

a

a

a

a

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html

http://www.msctrustgate.com/about_us.htm

http://www.verisign.co.uk/verisign-inc/index.html

Example of Phishing and its Prevention

What is phishing?

a

Phishing is a fraudulent attempt usually made through email to steal your personal information. The best way to protect your self from phishing is to learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information such as credit card number, account number or password.

a

a

a

a

a

a

a

a

Examples of phishing

Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.

a

a

Examples: Phishing email / Phishing website

Approaches to Prevent Phishing Attacks There are several ways to prevent phishing attacks:

1) Educate users to understand how phishing attacks work and be alert when phishing-alike e-mails are received.

2) Use legal methods to punish phishing attackers.

3) The Web master of a legal Web site periodically scans the root DNS for suspicious sites (e.g. http://www.1cbc.com.cn/ vs. http://www.icbc.com.cn/).

4) Enhance the security of the web sites: The business Web sites such as the Web sites of banks can take new methods to guarantee the security of users’ personal information. Method to enhance the security is to use hardware devices. Before shopping in the net, users need to insert their credit card into the card reader, and input their PIN code, then the card reader will produce a onetime security password, users can perform transactions only after the right password is input

5) Block the phishing e-mails by various spam filters: Phishers generally use e-mails as ‘bait’ to allure potential victims.

6) Install online anti-phishing software in user’s computers. The anti-phishing tools can be divided into two categories: blacklist/white list based and rule-based.

• Category I: When a user visits a Web site, the anti-phishing tool searches the address of that site in a blacklist stored in the database. If the visited site is on the list, the anti-phishing tool then warns the users.

• Category II: this category of tools uses certain rules in their software, and checks the security of a Web site according to the rules.

a

a

http://www.antiphishing.org/

http://www.phishtank.com/what_is_phishing.php

http://www.researchportal.be/project/anticipatory-learning-for-reliable-phishing-prevention--%28KUL_3E071126%29/

A Review on a Post on *Internet Security* from My E-Commerce Blog -* The IMPACT*-

aaaaaaThe user of internet is increasing in every single day, internet now a day is acting an important role to everyone. Internet is useful because it could help people in learning, communicate, exchange information and so on. However, there is also an increasing number in hacking and computer viruses & theft. Some Anti Virus Software is no longer useful as they maybe outdated or some new computer viruses cannot be recognizing by those Anti Virus Software. Indeed, it is really harmful to every internet user as the threat keep on circulating in their computer.

a

aaaaaaIn recent year, Malaysia is ready to make an impact in the battles against cyber-terrorism and this mission is carried out by a non-profit organisation which is known as International Multinational Partnership Against Cyber Terrorism (IMPACT). This idea was brought out by our Prime Minister Datuk Seri Abdullah Ahmad Badawi at the World Congress on IT in Austin, US, 2007. The Government has approved RM43mil in setting up the IMPACT. Some leading names in the IT industry such as Symantec Corporation (United States), Trend Micro (Japan), F-Secure (Finland) and KaperskyLab (Russia) have agreed to be key partners and serve on IMPACT's international advisory board. In Malaysia, there are two local IT companies cooperate in running and coordinating IMPACT, they are Ascendsys Sdn Bhd (security service company) & GITN Sdn Bhd (government IT network company).

aaaaaaIMPACT serve as a pioneer platform to allow governments of the world to exchange notes & ideas, as well as to facilitate the sharing of skills and best practices, with the ultimate objective of combating these constantly evolving threats. It is good to have an organisation to help to against internet security problem as e-business become more and more common to us. If internet security cannot be improve or even become more and more bad, they will be a great harm to all internet users. However, in my opinion, governments should move faster and harder towards their goals as we (internet user) wish to have more secured in using internet.

The Chairman of IMPACT -- Mohd Noor Amin

a

a

Source : My Ecommerze a

http://thestar.com.my/news/story.asp?file=/2007/11/4/nation/19337453&sec=nation

The threat of online security: How safe is our data?

The internet is one of the wonders of the world. But it has a dark side, just like a beautiful city that has bad neighborhoods. Online security threats are one of the biggest challenges on the Internet today. Online Security Threats come from the fact that Windows basically records everything you do; most importantly it records the web sites you visit, whether intentionally or not, and keeps copies of all the images and pictures you have viewed, including those on web pages. It is no longer unusual for others to investigate exactly what you have being doing on your computers. Therefore, we need to know what threats are out there before we can be wary of it.

a

a

Threat to your privacy

The internet makes it easy for online criminals to attack your privacy: a

a

Accidental Actions

Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software.

a

a

Hacking

Hacking is the act of illegally gaining access to your computer/sites for the sole purpose of destroying, disrupting or carrying out illegal activities on your system. A "hacker" is the person who illegally gains access. Hackers generally look for personal information, such as passwords or credit cards numbers. They may also be trying to use your Internet connection to transit their own material—or they may just be searching at random to see what they can find. However, there are many technologies out there you can use to prevent and detect hacking. A firewall, a program designed to prevent unauthorized Internet users from accessing your system, is the best way to protect your computer from intrusions.

a

a

a

a

a

a

Wi-Fi eavesdropping

If you use a wireless, or Wi-Fi, network you’ll know that it lets you connect to your broadband internet connection using a radio link with a range of several hundred feet. However, this flexibility has a downside. A more sinister risk is that people can, with the right equipment, spy on you and gain access to your computer over the wireless link.

a

a

Spyware

Spyware doesn’t try to replicate itself like a virus. Instead, it relies on people downloading it mistakenly, often alongside other programs such as peer-to-peer music sharing programs. It causes a range of problems, including:

a

º Annoying pop-up adverts.

º Taking over your web browser.

º Scanning your computer for private information like credit card numbers.

º Slowing down your computer and internet connection.

º Downloading viruses.

º Being very difficult to remove.

a

a

Threats to your wealth

Fraud

Fraud is a growing problem online. Conmen are the dot.com entrepreneurs of crime. Common tricks include:

a

#Phishing Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. If you suspect phishing, do not reply to the e-mail or respond by clicking on a link within the e-mail message.

a

a

a

Identity theft

Online identity theft comes in many forms and involves the use – by someone else – of your computer and/or the information on it. Some identity thieves use an array of techniques known as social engineering to try to manipulate you into performing certain actions or divulging confidential information. Or, they may access sensitive information without you even being aware of their presence. With this information they can, for example:

a

º Empty your bank account.

º Max out your credit cards buying stuff for themselves.

º Buy cars on tick, in your name.

º Impersonate you online, for example using your identity in online auctions or e-commerce site.

a

a

Malicious Attacks

Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to on line fraud and identity theft. Notable examples of which include computer viruses and Denial of Service (DOS) attacks.

a

# Computer virus

Viruses are small, malicious computer programs that try to infect computers, spreading from one machine to the next. There are four main classes of viruses:

File infectors- imbed themselves into ordinary executable files and attach to other system executables when the file is run.

System or boot-record infectors- infect the first sector on a driver from which the operating system is booted-up.

Macro viruses- infect data files that include scripting "macros."

Multi-part viruses- viruses that use more than one attack method.

a

Look for these clues to determine if your computer is infected with malware:

º A sudden increase in pop-up ads,

º A browser that takes you to sites other than those you type into the address box (also called hijacked browser),

º Sudden or repeated changes in your computer’s home page,

º New toolbars or icons,

º Keys that suddenly don’t work,

º Sluggish or slow performance when opening programs or saving files.

a

a

Denial of Service Attacks

It is another form of malicious code, are carefully crafted and executed. It is an attack on website in which an attacker uses specialise software to send a flood of data packets to the target computer with the aim of overloading its resources. it may cause a network to shut down masking it impossible for user to access the sites. Denial of Service Attacks is not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is known as Distributed Denial of Service Attacks (DDOS) becoming increasingly common. The DDOS attacker strategically builds an army of key players including:

a

º one client machine for coordinating the attack;

º three to four host machines, which are battlefields under the attacker's direct control; and

º potentially hundreds of broadcasters, which are the legions that run the code to generate the flood of packets that aaattack a target system

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html http://www.getsafeonline.org/nqcontent.cfm?a_id=1168 http://www.raymondjames.com/privacy_security/online_threats.htm http://www.bsagovernment.com/downloads/MajorOnlineThreats.pdf

Revenue model for Google, Amazon.com and eBay

Google’s Revenue Model aims at increasing the visibility and traffic of its small business partners, streamlining their marketing costs, qualifying their leads and helping track returns on investment. Google mainly generates revenue by charging advertising fees and affiliate fees. Google’s revenue stream revolves around its pay per click program (PPC), AdWords and AdSense. Google owns a stunning array of popular search services that buffers it against lost market share in the flagship search engine. It is continually innovating and improving its revenue programs.

a

AdWords

AdWords is Google’s main source of revenue which is a pay-per-click (PPC) advertising program, and site-targeted advertising for both text and banner ads. It allow the advertisers to present advertisements to people at the instant the people are looking for information related to what the advertiser has to offer. AdWords ads appear on the right side (and sometimes at the top) of Google search pages. Advertisers pay for their ad only when a Google user clicks on it. a

AdSense

Google earns most of its revenue by allowing other website owners to advertise on their search result pages or by placing these same text ads on other sites based on relevance. The goal of an AdSense page is to get visitors to scoot off the page by clicking an ad. When a visitor clicks one, the AdSense publisher shares the cost-per-click ad revenue with Google.

a

PPC

Google.com is using the Pay-Per-Click model. It is an online advertising payment model in which payment is based on qualifying click-through.

a

a

Amazon.com is one of the world's largest e-Commerce retailers, or etailers for short, of consumer goods. With sales several times that of its competitors, the company has achieved its status as the industry leader by adopting the concept of selling goods via the Internet's World Wide Web. The company presently enjoys significant brand, scale and capital advantages over its rivals. Amazon has many products such as books, music, video & DVDs, auctions, toys & games, consumer electronics, e-Cards, and zShop. Amazon will be able to consistently offer lower prices in relation to the traditional retailers. Amazon generates revenue model by sales, transaction fees and affiliate fees. Amazon.com will charge transaction fees on the sales and also affiliate fees on those who advertise in the Amazon website.

a

a

eBay is an online auction and shopping website in which people and businesses buy and sell goods and services worldwide. The vast majority of eBay’s revenue is for the listing and commission on completed sales. Thus, eBay generates revenue model by sales and transaction fees. For PayPal purchases an additional commission fee is charged. Margin on each transaction is phenomenal since once the infrastructure is built, incremental costs on each transactions are tiny – all eBay is doing is transmitting bits and bytes between buyers and sellers. Advertising and other non-transaction net revenues represent a relatively small proportion of total net revenues.

a As a conclusion, most of the revenues for eBay and Amazon.com are from sales and transaction fees. On the other hand, Google is earning from advertising the most. However, Amazon.com and Google also charges affiliate fees on those advertisers.

a

a

Google

http://media.wiley.com/product_data/excerpt/35/07645714/0764571435-1.pdf

a

Amazon.com

http://faculty.washington.edu/sandeep/d/amazonebay.pdf

http://www.rhsmith.umd.edu/faculty/jbailey/ents630/amazon.pdf

a

eBay

http://faculty.washington.edu/sandeep/d/amazonebay.pdf

http://en.wikipedia.org/wiki/EBay