Online Identity Theft As an E-Commerce Security Risk

Online Identity Theft 1

Running head: ONLINE IDENTITY THEFT AS AN E-COMMERCE RISK

Online Identity Theft as an E-Commerce Security Risk

Author name

Course

Teacher

Date

Table of Contents

Introduction......

Sensitive Information......

Potential Risks for E-Customers......

Potential Risks for E-Businesses......

Technologies to reduce the risk of Online Identity Theft......

Server Tools......

Client Tools......

Risk Mitigation......

REFERENCES......

Online Identity Theft as an E-Commerce Security Risk

Introduction

Identity theft is stealing ofpersonal information to illegally obtain credit or medical care or to hide from the law.Among other ways, identity theft can occur while processing an online e-commerce transaction.

Online Identity Theft may occur by spyware, insider access or hacking.

Spyware: Malicious software installed in the customer’s computers might send the thief their sensitive information.

Insider access: Employees of businesses may take customer’s sensitive information from business records and sell it, transact with it, or create new accounts under their name.

Hacking: Unauthorized access might expose customer’s sensitive information to identity theft.

Sensitive Information

Sensitive information a thief can use in order to steal customers’ identity includes personal and financial information such us:

1. Name
2. Address
3. Date of Birth
4. Diver’s License number
5. Social Security Number
6. Credit Card Number
7. Bank Account Number
8. Phone Number

Potential Risks for E-Customers

Identity theft expose E-customers when the thief illegitimately uses their sensitive information to gain access to their credit accounts, tap their bank accounts, file fraudulent tax returns, and access their insurance benefits.

With sensitive information, imposters can use the customer’s identity to getnew bank accounts, credit, cell phones and other services under their name.

The customer’s privacy is also compromised because their sensitive information is at risk of being sold to other companies.

Potential Risks for E-Businesses

Besides than representing an obvious risk for the customer, Online Identity Theft also represents a risk for the business. If customers are exposed to identity theft or misuse of data, the responsible business could be subjectto litigation, embarrassment and profit loss.

Failure to protect customers’ sensitive information can seriously damage a business reputation and lead to financial damages.

The consumer’s fear of identity theft is the greatest cause of order abandonment.

Online Identity Theft might be performed against businesses as well. Among other ways, using names that are close to the corporate identity, hijacking the website to steal clientinformation, using the web corporate logo and information to create phonycompany ID cards, business cards and stationary.

Technologies to reduce the risk of Online Identity Theft

Server Tools

Control Scan

Debix Instant Authorization

Client Tools

Anti Identity Theft Software

Anti-KeyloggingSoftware

History and Registry Cleaner or Wiper Software

Anti-Phishing Software

Security Suites

Firewall

Antivirus Software

Antispyware Software

Risk Mitigation

Ensure a strong user authentication.

Use encryption software when requesting credit card payments. Post the privacy policy, encryption levels, and other securityfeatures on the website.

Inform customers as to exactly what information the company will, andwill not ask for, on Web sites or via e-mail.

Provide customers with information on inquiring about or reportingsuspicious e-mails and Web sites.

Ensurethe company is listed as the registrant and responsible entity for the corporate Web site, rather than the Web designer.

Clearly advertisethe valid Web site addresses on all communication.

Register variations of the corporate Web site domain URLs to keepothers from using them.

Educate online consumers. Tips on the major forms of Online Identity Theft and how to combat them have been developed by public authorities, enforcement agencies, and the private sector.

The private sector also offers a number of technical tools to provide consumers with real-time protection against identity theft. For example, business has developed means to counter spam messages through authentication, filters, and listings. Also, antiphishing systems have been put in place allowing Internet users to report phishing sites and block them.

Increase password security. Require that customers and employees use a combination of upper andlower case letters, numbers and symbols. Change passwords regularly,at least every 90 days.

Check for suspicious activity online and offline. Almost all firewalls, encryptionprograms, and password schemes include audit functions that record activities on thenetwork. Check logging data and audit trails for unusual or suspicious activity, e.g.employees accessing data that is not relevant to daily business transactions.

Only collect the minimum amount of customer information needed.

Limit the use of customer information. Only use it for the purposes publicly stated to customers.

Limit access to customer information. Establish roles, grant access to them and requirepasswords. Only let the system administrator handle back-up and other tasks thattouch the company’s network. Block access to idle computers with automatic locks orscreensavers that require a password from an authorized user.

Encrypt databases. Stand-alone encryption packages can work with individualapplications, and good software is available commercially. Should an intruder breakthrough a firewall, network data has a better chance of staying safe if it is encrypted.

Encrypt company laptops and devices used from remote locations, such as wirelessdevices (e.g. Blackberries). Remember to upgrade encryption applications overtime. Check the merchant agreements with payment card issuersfor any encryption requirements. Avoid using communal computersand generic or group log-on identification numbers.

Physically secure customer information.

Computerterminals should be password-protected.

Train employees. Ensure staff understands privacy information policies and how toask customers for personal information. Post the following requirements as a checklistrecommending that everyone:

Log-on to computers using alphanumeric passwords, and change themregularly.

If there has been tampering with terminals or databases, informmanagement.

Only access databases when authorized.

Lock systems when not in use.

Monitor threats. Have the information security team or a key employee track potential

security threats and technology updates and report these to employees and managersas needed.

Restrict Network access. Only give access to networks to employees on a need-to-knowbasis.When an employee leaves, remove their network access immediately.

REFERENCES

Anne Saita (2005, June 27) Fewer conducting financial transactions online for fear of ID theft. Retrieved February 8, 2008, from

Andrew K. Burger (2008, February 05) The Cost of ID Theft, Part 1: Beyond Dollars and Cents. Retrieved February 8, 2008, from

Andrew K. Burger (2008, February 06) The Cost of ID Theft, Part 2: Fixing the System. Retrieved February 8, 2008, from

Jack Brooks (2007, June 04) Protect your Ecommerce Customers from Identity Theft. Retrieved February 8, 2008, from

Robert Fleming (2005) Identity Theft and Ecommerce. Retrieved February 8, 2008, from