Home > Information technology essays > Cyber security – online shopping/payment

Essay: Cyber security – online shopping/payment

by

Essay details and download:

  • Subject area(s): Information technology essays
  • Reading time: 10 minutes
  • Price: Free download
  • Published: 4 September 2022*
  • Last Modified: 18 September 2024
  • File format: Text
  • Words: 2,871 (approx)
  • Number of pages: 12 (approx)

Text preview of this essay:

This page of the essay has 2,871 words.

Introduction

Assignment discussion

This assignment-based report is in relation to cyber security in a particular social context. The social context I have chosen to write on is the well-known topic of online shopping/payment. A wide variety of literatures will be studied, analysed and reviewed in order to compile a decisive view on this context.

The areas that will be touched upon include: general cyber security issues, threat and attacks, countermeasures, risk analysis/management, and legislations. Moreover, this report will prove to be a useful guide for audiences looking for a safe and secure online shopping and payments guide; as this report will cover all relevant areas in needful detail.

Cyber security and its actors

Cyber security involves the use of technological advancements, processes and controlling measures that are put in place thoughtfully to protect and safeguard systems, data, information and networks from cyber-attacks. Basically, cyber security means to secure one’s self against cybercrime. An easy definition of cybercrime is that it is traditional crime now done through cyberspace, or traditional crimes but their way of doing has evolved due to the evolution of technology (Diplomacy, 2013). The need of cyber security has highly increased in the past decade both for organisations and individuals; and being aware of threats from unauthorised personnel and networks has become ever more important. According to Diplomacy, 2013; the actors that are actively involved and contribute to the nature of cyber security in our world today are: the business sector, the government sector, the users and the civil & regulations society. Many a times the approach to cyber security is widened to a global position and is dealt on at a country-to-country level, some countries (according to their respective societies and economies) support the business sectors and this approach is labelled as a non-governmental model. On the other hand, the civil society argues that the internet should be dealt with by the intergovernmental organisations for example the International Telecommunication Union (ITU).

Online shopping and its actors

The bodies that are involved in this report are: Online merchants, Bank and payment services, Internet Infrastructure services, Regulators, Technology. You will learn about these organisations and how effective they are on safe-guarding information online.

Background

As wide spread as the online shopping has become, the increasing fear of identity theft, fraud and many more other criminal activities are putting off consumers from buying goods and services from the internet.

It is very difficult to identify who you are really in contact online in the process of getting your goods or services comparing it with the face to face services that we normally get from the merchant. Because of this you need to ensure and look at the overall risk involved and asses it to your maximum ability or to your personal comfort.

Premise

Bearing in mind the risks to consumers for online shopping theft in the past, this report will argue that online shopping is proving its worth by the recent advancements in cyber security, data protection acts and education of this matter. A point that is usually disregarded is that the consumers need to educate themselves and be more aware and careful while shopping and transacting online.

Body

Online shopping and its main actors

The General Online Shopping & Payment. Online shopping is the method that people use to buy and /or sell, goods, services, over the internet or by using any public network that involved electronic. It would be of use to understand the fact that there is risk associated with almost each and everything that we do but that should not deny us or make us incapable of doing it, we should rather try to overcome the risks and, “sterilise”, them with solutions and/or prevention methods. According to Enisa, 2010, the environment of online shopping is constructed with several elements, but majorly these are: online sellers or merchants, payment services and banks, consumers and last but not the list the government (who are often referred to as the national regulators in this case).

To start with online merchants are further sub-categorised into various names, some of which are: manufacturers, retailers, online market places, consumer to consumer market place. As a keen reader would notice, that as the list of the online merchants keeps progressing the chain of action keeps becoming longer and longer, i.e. when a consumer buys goods from the manufacture on an internet platform, it is simpler for him/her to notify the source of the product (manufacturer) about any malfunctions or inadequacies of the product, which in more profound terms would say that it would be easier for the consumer to activate the warranty policy of the manufacturer. But as the chain lengthens it becomes more difficult, long and ambiguous for the consumer. At this point the consumer is already under a possible risk, though still unaware.

Secondly, banks and payment services are said to be in the transitioning or transacting seat of the entire online shopping process. When it comes to purchasing for goods and/or services through an online means, many a time a fraction of a consumer’s mind will always be sceptical about the payment and means of payment. There are various different ways of paying online. Some of which include, cash on delivery (if the payment is for a good to be delivered manually), credit or debit card payments, mail-based payments e.g. PayPal or MoneyBookers, mobile-phone based payment systems like Crandy or MPass, or others such as ClickAndBuy or Web.Cent. However, as we are all aware that all of these transactions (apart from cash in hand) will always be done through the banking services. It is of high importance that before using any payment service the consumer has researched well about the payment service that he/she is about to use otherwise they will have to be ready for any kind of outcome from the transaction, including theft or fraud.

(Enisa, 2010)

Above is a diagram depicting the cash on delivery procedure of payments, NB: it also accounts for the invoice or debit note instance.

Moving on, the customer himself is definitely an inevitable part of the online shopping process. During the entire process, one who is amidst the tornado is the customer only. Internet users and customers enjoy the convenience of online shopping but are afraid to be the prey of online fraudsters. 78% of the internet users in America agree (53%) and strongly agree (25%) with the deciding statement that online shopping is convenient for them, which now doesn’t leave them at internet users only, but they become online shoppers as well, Horrigan, 2008.

Last but not the least, are the national regulators (the government). Most of the times when considering and dealing with issues about online shopping a poor analyst will forget mentioning the role of the government. During keen and careful study on the role of governments on online shopping I have come to understand that most of the legislations and acts that the government puts in place are concerning the merchants and lesser ones for the consumers; having said that the banks and payment services are also regulated by the legislations, though on a different scope. Considering the online shopping environment of the UK, there are four major legislations that an online merchant must abide by in order to be able to trade online. These legislations are listed as follows: The Electronic Commerce (EC Directive) Regulations 2002, The Data Protection Act 1998, The Distance Selling Act 2000, ICO Cookie Law, (Online Retailing, 2018).

Types of fraud

What is online fraud, online fraud is a criminal activity that takes place while using electronic and internet services. There is many different type of online fraud. The most popular fraud online is: Phishing, Spyware, Advanced Fee Fraud, Overpayment scam, man in the browser attack, completion issues, Vulnerabilities in or related to installed software, fraudulent e-commerce sites, auction site fraud, spamming and identity theft (Enisa, 2010). There are a number of different types of frauds associated with online shopping, some of these will be discussed below in detail.

Phishing

According to (Enisa) this is one of the most effective way of obtaining individual data like (financial details). For example, you can receive a hoax email or message on one’s social media pretending to be an authorised authority (e.g. banks or bogus organisations) and the message may ask you to forward your details. These details could be personal details or banking details. Over the course of years, phishing has also evolved. In today’s world it is possible to make phishing links that do not even require the user to send or forward details, but the user is merely required to only click on the link and the details will automatically be forwarded to the phishing link administrator.

Spyware

This is a software virus that can be installed in to a computer without the knowledge of the user or the owner of the computer. This software can act as keystroke logger it will record all keys interred in to the affected computer. Usually the black hacks will send e-mails with links on it so you can click on it, so they will able to install spyware on to your pc. As demonstrated by the ENISA (European Network and Information Security Agency)

Overpayment Scam

Also, according to the ENISA (European Network and Information Security Agency) this is when you want to sell something online and then a criminal intentionally tricks you by overpaying you a sum of money using fake check. and then asked you to return the difference and the item that was purchase. Without you checking if the check received online is valid or not you send the information requested.

Trojan horse

According to the ENISA (European Network and Information Security Agency) is when an attacker attacks a computer server and use the information they get there to compromises customer or visitor.

Evidence and statistics

(Scamwatch, 2018)

Counter measures and solutions

The Action Fraud Police UK suggest that users should first of all protect themselves by educating themselves about phishing and other frauds. On the topic of phishing they imply that, understanding about the problem and spotting the signs; when an email is received, the user should check the spellings, image quality and/or the graphic design and assess if the organisation is genuine or bogus; authentic and genuine organisations have short website addresses and email addresses. The user should also try to protect himself by being aware of the problem; making sure that the spam filter is activated on emails; understanding the fact that real banks never email customers for passwords, so irmake sure to not send out or forward personal details.

According to the IPA there are basically five codes for prevention of spyware. These five measures are briefly discussed below:

  • The usage of anti-spyware software.
  • Being careful regarding suspicious and bogus emails and websites.
  • Backing up of files.
  • Keep the computer up to date.
  • Improving security on the computer.

In order to secure ones’ self against the overpayment scam, firstly, the user should only use methods of payment which he/she is familiar with and avoid the rest. The user should strictly avoid making payment arrangements with strangers or new merchants that ask for wire transfer, pre-loaded cards, international funds transfer, payment via money order, or electronic currency for example the Bitcoin. Once money sent this way is hardly recovered. (Scamwatch, 2018).

(Scamwatch, 2018)

Legislations and acts

When it comes to securing the cyberspace, it is important that all the active actors in the space are motivated to work in the same direction. And as the effect of the joint efforts, the motive will come into being. According to the Houses of Parliament, Parliamentary Office of Science & Technology, 2011, initially the Cyber Security Strategy (also known as CSS) was produced in UK by the previous government during their term of service in June 2009. The most important point that it stressed on was the all-inclusive approach to cyber security, with the co-operation of the drives of the cyberspace, the government, public, industry (merchants) and the international partners. Following these advances by the government; and working in the same direction in 2010 the National Security Strategy, the strategic defence and security review put aside and allocated a total of £650 million under the title of the new National Cyber Security Programme (NCSP). These funds were to be efficiently utilised over a period of four years.

When reading and dealing with the online shopping cyber attacks and security issues it is important to understand that the branch of online shopping security will be regarded under the tree of cyberspace and security. Looking at the cybercrime situation in the UK, the government acted wisely by setting up a number of laws and legislations. Some of which are mentioned below:

  • Data Protection Act 1998:

Under this act there are basically 8 underpinned guiding principles. 1. Lawful processing of personal data. 2. Personal data and information only obtained for lawful purposes. 3. Personal information should be accurate. 4. Personal information should be adequate and not excessive. 5. Personal data and information should and cannot be kept for longer than necessary and needful. 6. All data has to be processed in adherence to rights of data subjects, which implies in the act. 7. Needful measures and actions be taken against unauthorised handling of data and unauthorised personnel. 8. Personal data and information should not be sent and/or transferred to a third party organisation and/or individual; and also not be sent to a country outside the European Economic Area, unless the receiving country uses adequate data protection measures.

  • Privacy and Electronic Communications Regulations 2003
  • Regulations of Investigatory Powers Act (RIPA) 2000
  • Copyright, Designs and Patents Act 1988
  • Computer Misuse Act 1990
  • Human Rights Act 1998
  • Equality Act 2010

(Bristol University, 2018)

Conclusion

Difficulties faced in assignment

During the entire course of writing this report, I had to make sure I provide an adequate background of the tree of Cybercrime and Security, and the branch which is Online Shopping and Security. One of the challenges during this assignment was to not drift away from the topic, to remain on the topic and be as relevant as possible; as being off topic also takes the reader on a tangent which is not the intended motive of this report. The internet is a very wide and extensive platform of information, but information that is not well cited and most of it is commercial websites or sole commenters writing their personal-biased views and opinions on topics and subjects of their choice. Amidst this jargon of biased opinions, it is a true challenge to find and come across decent and genuine writers, and/or pieces of information that are based on true facts. However, as I kept on going deeper in research it kept becoming easier to find genuine pieces of work, and governmental sources that provide facts on subjects and not biased opinions. As the intention of this report was to provide a clear and non-biased view on the topic, so it was mandatory for the reported(writer) to study deeply and complete the job to the best of his ability.

Another difficulty arose when it came to the in-text citations and the referencing for the sources used. But this challenge was overcome with referencing guides and discussions about referencing and learning about referencing with fellow students.

Final statement

As per my final statement I would like to state that the cyber world in todays’ date is extremely extensive and so is the concept of online shopping. On one hand online shopping is a luxury to customers and has numerous advantages for users and customers, however on the other hand it does come with some statutory warnings and disclaimers; that the users need to be well educated and aware of. If the users are not well aware and do not actively try to be safe and secure then they will indefinitely become a prey of the unethical criminals in the cyberspace.

References

  1. What is cyber security? – IT Governance . 2018. What is cyber security? – IT Governance . [ONLINE] Available at: https://www.itgovernance.co.uk/what-is-cybersecurity. [Accessed 20 April 2018].
  2. E-commerce Legal Requirements : Online Retailing. 2018. E-commerce Legal Requirements : Online Retailing. [ONLINE] Available at: http://www.onlineretailing.co.uk/e-commerce-legal-requirements/. [Accessed 20 April 2018].
  3. Action Fraud. 2018. Phishing, vishing and smishing | Action Fraud. [ONLINE] Available at: https://actionfraud.police.uk/fraud-az-vishing. [Accessed 20 April 2018].
  4. Australian Competition and Consumer Commission. 2018. Scam statistics | Scamwatch. [ONLINE] Available at: https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=all&date=2018. [Accessed 20 April 2018].
  5. Diplomacy. 2013. Cyber security: issues, actors and challenges. [ONLINE] Available at: https://www.diplomacy.edu/sites/default/files/Cybersecurity_briefing_note_final.pdf. [Accessed 12 April 2018].
  6. Enisa. 2010. How to shop safely online. [ONLINE] Available at: https://www.enisa.europa.eu/publications/archive/how-to-shop-safely-online/at_download/fullReport. [Accessed 12 April 2018].
  7. Bristol University. 2017. Guide to legislation relevant to information security policy. [ONLINE] Available at: https://www.bristol.ac.uk/media-library/sites/infosec/documents/guide.pdf. [Accessed 12 April 2018].
  8. PEW Internet. 2008. Online Shopping. [ONLINE] Available at: http://www.pewinternet.org/files/old-media/Files/Reports/2008/PIP_Online%20Shopping.pdf.pdf. [Accessed 12 April 2018].
  9. Houses of Parliament. Parliamentary Office of Science & Technology. 2011. Cyber Security in the UK. [ONLINE] Available at: https://www.parliament.uk/documents/post/postpn389_cyber-security-in-the-uk.pdf. [Accessed 12 April 2018].
  10. IPA. 2007. Countermeasures against spyware. [ONLINE] Available at: https://www.ipa.go.jp/security/english/virus/antivirus/pdf/Spyware_measures_eng.pdf. [Accessed 12 April 2018].

2018-4-20-1524237816

About this essay:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, Cyber security – online shopping/payment. Available from:<https://www.essaysauce.com/information-technology-essays/cyber-security-online-shopping-payment/> [Accessed 19-11-24].

These Information technology essays have been submitted to us by students in order to help you with your studies.

* This essay may have been previously published on EssaySauce.com and/or Essay.uk.com at an earlier date than indicated.