|
Recognizing the possibility of fraud caused by asymmetric information, online auction sites have begun to offer various services that are aimed to encourage trustworthiness and reduce fraudulent transactions in the online auction market. One of the methods used to prevent e-auction frauds is by using the feedback systems. Generally, auction participants can use feedback systems to publicly rate their satisfaction towards their trading partners. Specifically, the feedback system is a measure of a user's reputation in an auction community. The auctioneers encourage all users to check their trading partners' rating before transactions and leave feedback about their trading partners after their transactions. In fact, the system tries to use one's reputation as avoidance of cheating behaviors. For instance, if one develops a bad reputation, other auction participants may not transact with the person anymore. Therefore, it is an incentive for the participants in a transaction to be trustworthy because acquiring a bad reputation can have damaging.Besides, purchasing an insurance or guarantee is another way to prevent e-auction frauds. Normally auctioneers will offer free or low-cost insurance to protect buyers if they are proven to be victims of fraud. An item is covered by the insurance when the buyer sends money to the seller but does not receive the item, or the item received is significantly different from the item described in the auction. Undoubtedly, this method can promote trust in the online auction business to some extent. Also, e-auction frauds can be prevented by providing escrow service. Escrow service such as escrow.com acts as a trusted third party in a transaction, providing secure methods to transfer items and payments to both parties. Firstly, the escrow collects payment for the merchandise from the buyer. When the payment clears, the seller is notified to ship the item. Secondly, the buyer notifies the escrow when the merchandise is received and is satisfactory. Finally, the escrow will then release the payment to the seller. Escrow services are particularly useful for large sales, which need a guarantee of a safe and pleasant transaction.
Corporate Blogging become popular in these recent years. This indicates that a new style of communication will be mastered soon. Now, with entrepreneurs developing lots of creative new uses for business blogs, the technology appears to become the next big thing in business communication.
One of the example is the department blog, a common style or kind of blogging, which is very popular and ultimately essential for large organizations. Cases in point are Microsoft, Sun, blogs in any particular space. Google’s extensive array of product blogs across their different product offerings probably is another great example. Firstly, unlike corporate websites, blog are cheap to launch and easy to maintain, thanks to powerful, easy-to-use tools. Unlike spam, or junk e-mail, blogs are not intrusive that users must click to them. Indeed, blogs provide a fast, informal way to share information like project updates, research or test results, product-release news, industry headlines inside and outside the company. Besides, corporate blogging provides a clear mind map or editorial guidelines of overall marketing or communication strategy to its employees and third parties with organization communication plan and media mix. Corporate blogging encourages employee participation in contribution of expertise, free discussion of issues or topics and deal with it, collective intelligence, be a direct communication between various layers of an organization and shares their views with others employees, teams or spokespersons publicly.
Furthermore, it can be used to announce new products and services, explain and clarify policies of the company and to react on public criticism on certain issues. Business blog can interact with a target market on a personal level by building a level of credibility and asking for their feedback on products and services.
However, blogs are also deceptively tricky to manage. If the company do it wrongly than it could embarrass company, bore or make unfriendly customers or prospects, contribute to information overload, and potentially even wind up on the wrong end of a lawsuit.
In conclusion, corporate blogging is widely used nowdays and published by an organization to achieve its organizational goals through internal, external and CEO Blogs. Thus , it has become a new marketing communication tool for companies.
References: 1. http://money.cnn.com/2006/02/28/news/companies/pluggedin_fortune/index.htm 2. http://www.thenewpr.com/wiki/pmwiki.php/Resources/CEOBlogsList
As internet technologies rapidly matured and found increasingly important in public’s daily life. The question to implement electronic government (E-government) by most of the countries is increasing due to its potential and positive impacts carrying towards the developed countries. Nevertheless, the complexity surrounding this implementation of E-government is similar in every corner of the world. As the challenging arising from the implementation of E-government are broad, Malaysia is now focusing on MSC (Multimedia Super Corridor) which is a huge technology park that is considered crucial for Malaysia to achieve a knowledge based economy. The driving forces for the implementation of E-government in Malaysia are related to the strategic importance and focus on reinventing the government machinery and achieving the ultimate vision 2020; developing multimedia industries and attracting foreign investments, especially expertise and technologies. The overall progress of the execution of e-government in this country matches the label of the “Silver Medalists” category which indicates that the policies to implement e-government are in place although there are highly visible governments Websites, many of them are in the test phase. Besides there are clear policies and strategic projects of e-government for the G2C, G2B, and G2G dimensions. However, many of these projects are still on the very surface or experimentation and implemented in phases which mostly in the urban areas and certain states such as Kuala Lumpur, Selangor and others. Thus, there is still much room for improvement in terms of the overall achievement of e-government in Malaysia where in the case that, G2C dimensions, the actual usage of the services by the citizens is minimal. The most important factor that drives the implementation of e-government services to another greater height is the satisfaction of customer. “give the people what they want” is the phrase that drives the adoption of online government services. As government executives focus on tailoring online services to meet the needs of specific customer segments, just as businesses do, e-government programs will be more successful and deliver greater returns on the investments.
Domain Name The first point of entry to access any public website is the domain name. Business's are born and die because of domain names. Needless to say they are crucial. MayBank has not registered its company name as a domain name, maybank.com is registered by "Beauty, Success & Truth International" in Hong Kong until 2010! Any large company must have its own domain name these days, without it you confuse your customers and allow possible security risks from "Phishing", the art of stealing another company's private data by impersonating that company. Instead of paying a premium price for their domain name, they registered MayBank2u.com and in doing so started a fashionable wave of Malaysian websites all using the "2u" suffix. It was a bad move to be honest and it has had a bad influence on the IT industry in Malaysia, who trusted and followed the whole "2u" idea. First Impressions & Usability
When I first loaded the website into my browser I was disappointed and confused. I had premeditated some actions I wanted to perform on the website:
1. Find out if there are any bank branches abroad.
2. Send an Email to MayBank For the first task, I tried navigating the site for ten minutes without being able to find any information on overseas branches. So the site has failed the first test, if there are no overseas branches it could say so, or at least offer a search facility so users can search for such information. Ironically I know there is a branch in London - why information about it is not easily accessible on the website is anyone's guess. My second mission, to email MayBank2u. Sounds simple enough (stop laughing at the back!). From the home page I found the "CONTACT US" link after a couple of seconds. One click took me to the contact page. Next I find the the "Email Us" link. I click it and discover I am being nudged down the same page to "Use our Online Feedback Form to e-mail to the following MayBank departments and subsidiaries:" yet another link! One more click and suddenly - pop! Two new windows explode onto my screen, one is blocked by my pop-up blocker. I force that one open and find it's a message for people who have lost their credit cards. Not good. If you don't know how to enable the blocked window then you won't be able to access that information. The other window that opened is finally the "Online Feedback Form". It took three clicks and two pop-up windows before I could even get to the page to email MayBank. DocType Declaration (DTD)
This website has no DTD. Web browsers will not know how to parse the web pages and will normally default to processing as HTML4 Transitional DTD. Markup Language
HTML4 is depreciated. The latest XHTML standards should be observed in order to guarantee future web browser compatibility. HTML4 is also a bulkier and slower markup type, because the code:content ratio far higher than for example XHTML. Meta Tags
This website has Meta tags for SEO, but there are too many entries for keywords which will damage SEO in most cases. Meta tags are not dynamic, and are repeated on every page - they have no relevancy to the actual content, which defeats the purpose of keywords and description Meta tags. JavaScript Usage
This website heavily relies on JavaScript for even basic functionality such as the inclusion of CSS files. If JavaScript is disabled or not supported, visitors to this website will not be able to use even the most basic features. Looking at the source code, Maybank2u seems intent on using JavaScript to perform tasks on the client side instead of performing tasks on the server side. 99% of the JavaScript used could be removed and processed server side, saving bandwidth and improving loading times of the web pages. The amount of JavaScript in the web pages seems to be more than 3 times the amount of content in the pages. Is MayBank secretly trying to publish a JavaScript book!? MayBank2u uses JavaScript pop-ups. These are annoying to users of the website and make pages inaccessible to users who do not use JavaScript. Pop-ups are also often blocked by web browsers. Once MayBank2u pop-ups are generated, their window size and options are often disabled so users can't re-size or use the windows / tabs as they would like. Proper Use Of CSS
The Maybank website does not make proper use of CSS. Most style is not separated from content, but totally confused with it. Colors and sizes are mostly all determined in depreciated HTML4 tags. Website Layout Layout is determined by improper use of HTML tables. Tables should not be used for design layout but should be used for tabulated data. Div tags should be used in conjunction with CSS instead. Website Text & Context
There is not much text and content in the website, which kind of puzzles me about the point of the website. I thought Maybank would want to save money by using the Internet to post information instead of using telephone and face to face solutions. Reading through the website makes visitors just want to give up and go down to their local MayBank branch (- smoking at the ears). Website Images
Images are often have distorted dimensions, either because of incorrect HTML or because the images were poorly created in a graphics program. Images appear at too low quality / resolution in most cases. There are so many flashing animated .gif images blinking around, you can dig out and turn up your old 90's techno cassette tapes and start dancing like the millennium is just 6 years away. Website Navigation
No surprise here, too much of the navigation is confused or inaccessible. The structure of the site is almost impossible to determine. Menu items are cryptically named, such as the "TELL ME MORE" menu at the top of the page. Tell me more what? I keep asking myself that, but I still don't feel like clicking that link. Perhaps they should just label all their links with "CLICK ME" instead. There is no structure to this website, its missing the "web" part and is just a "site". Any ideas why MayBank is using JavaScript drop-down boxes as menus? I'm also confused, but it could be because they don't want people to access the links contained inside. MayBank2u goes to great lengths to make the website as inaccessible as possible. I am not surprised to discover that even plain and simple HTML links are replaced by JavaScript events and yet more infuriating pop up windows. Browser Compatibility This site is best viewed with IE 6.0 and Netscape 7+ in 800 × 600 screen resolution. Any website that states it is best viewed in a specific browser is just drawing attention to the fact that it fails to function or display properly in all web browsers. Web sites should appear and function correctly in any browser on any operating system on any device. 800x600 Resolution was the most common screen display resolution in the 1990's. Now its is 1024x768, but the point here is that websites must display well on any resolution screen. You can't tell your users to find an 800x600 monitor and PC running Internet Explorer, just because a so called "web developer" used a system with that specification to make the website. The Verdict I cant find any single aspect of the website to award even one point. At the time of writing I found another Maybank website - maybank2e.net and it is even worse than their main website. In conclusion, they need an urgent and complete overhaul from top to bottom. With the front-end in such a mess I can imagine the back-end is just as bad. For such a large company, and online banking portal this website is a dismal failure.
Reference: http://www.hygen.net/main/index.php?q=node/10
The Maybank Group is the largest banking group in Malaysia, with over 260 branches of Maybank and well over 400 branches within the Group. They are dedicated to progress, innovation and excellence, which is why they are the leading financial services group. The Maybank Group has been leading the Malaysian banking industry for over three and a half decades. During this time, the group's achievements have risen to parallel Malaysia's ascent to international recognition and acclaim.
Maybank2u.com is a one-stop financial portal that promises a new, fast, convenient and safe banking environment. It attends to all customer banking needs, along with providing online services for insurance, stock trading, bill payment and e-procurement. In essence, customer can now do banking from anywhere and at anytime.
Besides, Maybank2u.com. is user friendly as all internet users can access to it. Customer can use the Online Financial services once they have one of the following: 1. Maybank ATM Card/Credit Card linked to your account 2. Maybank Credit Card with ATM facility 3. Maybank Account or Credit Card with Internet Banking facility
Also, if you are not a Maybank account holder, u can register as Maybank2u.com PayBills user. Business customers can also enjoy the online services applying for an Internet Banking facility at any of the branch.
In short, Maybank has a satisfactory outlook prospect that it has a potential room to improve as is forecasting that its online stock trading at its Maybank2U Internet portal to be doubled from the current transaction volume in six months time.
Reference (Review): http://ecommerze.blogspot.com/search/label/e-Tailing
A stored-value card represents money on deposit with the issuer, and is similar to a debit card. One major difference between stored value cards and debit cards is that debit cards are usually issued in the name of individual account holders, while stored value cards are usually anonymous.
The term stored value card does not necessarily mean the funds data is physically stored on the card. In many cases the data is maintained on computers affiliated with the card issuer. The value associated with the card can be accessed using
~ a magnetic stripe embedded in the card, on which the card number is encoded, ~ ratio-frequency identification (RFID), or ~ by entering a code number, printed on the card into a telephone or other numeric keypad.
The Touch ‘n Go smart card is used by Malaysian toll express way and highway operators as the sole electronic payment system (EPS). The credit card sized smartcard is mainly used for toll way fares. It is designed to ease the queue congestion at toll plazas and some drivers use together with SmartTAG (a non-stop electronic toll collection system). Besides, the card can be used as an integrated ticket in Kuala Lumpur public transport system. So far, there are 3 companies had implemented the card into their fare collection system which are Rapid KL, KTM Komuter, and KL Monorail. The Oyster card is a form of electronic ticketing used on:
~ Transport for London, and ~ some National Rail services within the Greater London area of the United Kingdom.
It is the same contactless smartcard as Touch ‘n Go card in Malaysia. The technology used for the oyster card is known as RFID, which is the same technology used in other electronic pass cards used all over the world, like Japan’s Suica fare cards.
The Octopus card is a rechargeable contactless stored value smartcard used to transfer electronic payments in online or offline systems in Hong Kong. It is launched in September 1997, and has since grown into a widely used payment system for virtually all public transport in Hong Kong. It is also used for payment at convenience stores, supermarkets, fast food restaurants, on-street parking meters, car parks, and other point-of-sale applications such as service stations and vending machines. It has been internationally recognized, winning the Chairman’s Award or the World Information Technology and Services Alliance’s 2006 Global IT Excellence Award for being the world’s leading complex automatic fare collection and contactless smartcard payment system, and for its innovative use of technologies.
In 2007 there were over 2.3 million bankruptcies, the majority caused by unmanageable credit card debt. Is this credit card holders did not realize when banks approved their credit card and established their credit limit? This is an alarming signal that should get everyone's attention. Below are some causes and prevention of credit card debts.
Causes 1) Less income but more expenses It so happens that the main breadwinner of the family loses the job but monthly expenses are not cut down in line with the reduction in income. This obviously leads to a rise in debt as the family is forced to use their credit cards for groceries, utilities, and expenses.
2) Poor money management Poor money management is one of the reasons why there is an accumulated of debts. Not having a monthly spending plan and not keeping track of the monthly bills will make us unaware of where the money is going. Sometimes we might overspend without realizing it. Also, we might purchase useless items that charging on the credit card, thus have to pay interest on these purchases every month. 3) Medical expenses Nowadays, the medical expenses are increasing every year. This is because almost every doctor accepts credit cards payments as it is so convenient. Patients are used to make credit card payment when they need treatment although they do not have enough savings in the bank account.
4) Gambling Most people hope to win the lottery but the chances of that happening are 0%. They spend tomorrow's saved money today just because they expect a promotion in the job or are expecting an inheritance income without need to work hard. They may use the credit card to make gambling payments and this will eventually burden their life as they have accumulated too many debts.
Prevention 1) Stop adding the credit card debts To eliminate credit card debt stop adding to the problem. If there is thousands of money in debt and continue spending more on the credit cards than this make thing obviously to get worse. We must stop using credit card to borrow from tomorrow for what we want today.
2) Set up a budget This can be a difficult exercise for many of us since easy access to credit cards allows us temporarily to hide the truth that we spend more than we make. Budgeting helps to highlight how much wasteful and unnecessary spending we engage in that can be curtailed without undue pain. Nondiscretionary items such as mortgage or rent, utilities, food and insurance take up the bulk of most household budgets but it's important to allow ourselves to have some savings if possible.
3) Use cash rather than credit cards when possible There is a reason that casinos give chips to spend instead or requiring cash: People do not attach the same value to noncash substitutes and will spend and bet more freely. It's the same with credit cards, and retailers know it. People spend more when using a credit card versus cash for purchases. So, next time you buy pair of new shoes or the latest CD, just try to pay by cash.
4) Get a better rate on your existing credit card If you have thousands in personal debt it can really help the monthly cash flow if you are able to transfer those balances onto a low interest credit card. Your credit rating will generally determine whether you can be eligible for the lowest rate offers but it could definitely be worth the effort. The low introductory "teaser" rate will last for only six to 12 months, but a smart consumer will use that time to aggressively paying down the debt, not running up more debt.
References:
1. http://www.fastweb.com/fastweb/resources/articles/index/102925 2. http://www.bankrate.com/brm/news/debt/debt_manage_2004/top-10-causes.asp
The president and CEO of the Federal Reserve Bank of Cleveland, says,” money in the 21st century are proved to be different form the money of the current century as our money is from the previous century. Just like fiat money replace specie backed paper currencies, electronically initiated debits and credits will become the dominant payment modes, creating the potential for private money to compete with government-issued currencies." In the era, new developments in electronic currency are emerging. Therefore new catchphrases such as smartcards, online banking and electronic currency are being used to discuss money. However, what are these new forms of money? Who will use them? And how do they work?
What is Electronic Currency?
Cash is known in various forms as a tool of exchange and of storing value Although the coins and banknotes that are now abundant in their basic form have existed for thousands of years, the first bank note of the Swiss Federal State, surprisingly did not appear until 1907.
Today, nearly all of the deposit currencies in the world's banking systems are handled electronically through a series of inter-bank computer networks. Although banks have been able to move currency electronically for decades, only recently has the average consumer had the capability to use electronic transfers in any meaningful way.
Electronic currency is essentially a system that allows a person to pay for goods or services by transmitting a number from one computer to another. . Thus, electronic currency is the digital representation of money, or more accurately, the digital representation of currency.
Further Reading: Has the time for electronic currency come?
Mobile Payments (M-Payments) Introduction
M-payments are payments made using mobile handsets and other devices, either to directly purchase or to authorise payment for goods and services. Such devices are playing an increasing end evolving role in the wider development of electronic payment systems around Asia Pacific, which includes Malaysia. Mobile network operators (MNOs) have played an important role in pushing the technology necessary for m-payments. In many cases, however, the early efforts to launch m-payment services were met by suspicion from financial institutions, including banks and card companies. Just a few years later, these stakeholders are now collaborating to trial a range of services including: ~ m-banking ~ m-wallet solutions that store credit or debit card information on a SIM chip ~ pay-as-you go or 'contactless card' technologies ~ text messaging systems that can facilitate or enable payments. MNOs are approaching m-payments strategically, in their bid to retain customers and develop wider sources of revenue from lines of business which can be strongly complementary. Fixed-mobile convergence is one manifestation of this, as it gives telecom operators an opportunity to unify their payments platforms on an internet protocol basis and offer discounts or loyalty points on m-payments as part of bundled service. M-Payments As A Channel The speed with which mobile technologies are being adopted shows no sign of relenting. The number of people using mobile phones overtook the number of fixed line phones. Even people without bank accounts often own mobile phones and have incorporated them into their way of life. Along with the spread of mobile networks globally, there have been major advances in technology, especially in the 'secure element' aspect of SIM cards. This has made financial institutions in particular feel more comfortable about the potential for adoption of m-payment systems. While banks are starting to explore opportunities in m-banking, other sectors are also embracing these new technologies. For example: ~ Transportation companies are offering 'touch and pay' access to ticket barriers where a stored-value card is either attached to the handset, or embedded in the SIM ~ Retailers are offering loyalty cards, using similar means of payment, as they seek to reduce the amount of cash they have to handle and carry ~ Credit card companies see mobile handsets as a means to widen their catchment of commercial transactions ~ Advertisers are building web-links into posters in trains and buses and on buildings which can be activated by 3G+ phones from short distance leading to more website visits and more purchases by mobile phone ~ Vending machine operators sell soft drinks and other consumables by enabling payment by phone ~ Content providers, including music and information sites, auction sites and rapidly growing Web 2.0 community sites such as MySpace and YouTube, become globally accessible to paying customers. These initiatives show that there is not only one comprehensive e-payments marketplace, but rather an increasingly diverse range of ecosystems. Payment platform companies such as PayPal can potentially link the vendors with these different ecosystems - but they can also operate quite independent of each other. Business Models And The M-Payments Value Chain There are five types of mobile payments, each driven by different incentives and revenue-earning opportunities. These are business-to-consumer (B2C), business-to-business (B2B), consumer-to-consumer (C2C), person-to-person (P2P) and remittance. These can be further categorised as commercial transactions (B2C, B2B and C2C) and private transactions between individuals (P2P, remittance). Emerging Business ModelsMalaysia's m-payment market has developed more quickly, but less organically than the Thai market. Emerging services have received government support, but uptake in the market has been limited. Existing services are focused predominantly on bill payment and m-banking, growing slowly into m-wallet services, remittance and top-up/transfer offerings. Maxis and Maybank in Malaysia both provide a simple m-banking service for subscribers (bill payment, balance enquiries, fund transfers), which can also be used to top-up Maxis accounts, download Maxis content and pay for products such as pizzas and movie tickets. Maxis also began international remittance services, but only with Globe subsribers in the Philappines. Maxis customers are changed less than half of what the banks charge for sending money overseas.
Another Maxis competitor, Digi, is providing many of the same services - except that its remittance business is focused on Indonesia and it banking partner is Citi's Global Transaction Services.
An interesting twist on the payment gateway model has been provided by Mobile Money International (MMI), a samll Malaysian company, that focuses on enabling m-transfer functions (limited m-banking or m-wallet services). This is in contrast to the early Korean PG provider focus upon content and downloads - perhaps reflecting the more conservative, less digitally aware make-up of the Malaysian market. MMI's transaction fee is in contrast to the existing bank rate (depending on the merchant size). By 2007, MMI had some 12,000 partner merchants. The largest partner merchant is Tenaga Nasional Berhad (TNB), Malaysia's main energy provider, however, the vast majority of the merchants are small. There are two possibilities for future development. The first is in the growth of P2P and remittace usage nationally. The second is in the development of content, or value-added, downloads - both of which could dramatically drive these markets.Industries Perspectives On M-Payments In recent years, companies from a wide range of sectors have adopted and participated in different tupes of m-payments. The transport industry, for example, is the champion of contactless or'tound-and-pay' solutions, whereas the retail industry has driven m-wallet applications. Each of these types of m-payment have different value chains. The industries most directly involved in the uptake of m-payments are telecommunications, banking, retail, transpostation, media and entertainment. Different mobile payments business type are being adopted by each industry: ~ Telecommunication: content downloads, top-up and m-wallets. ~ Banking: Mobile banking. ~ Retail: M-wallets, touch-and-pay, remittance and auction. ~ Transportation: Touch-and-pay and m-wallets. ~ Media and entertainment: Content downloads, payment gateways and m-wallets. * Touch-and-pay = 'Touch-and-Go' (Touch 'n Go) transport smartcards, used for expressway tolls and public transport, are provided by Touch 'n Go Sdn Bhd (formerly known as Rangkaian Segar Sdn Bhd).
Reference:
In the developed countries with all the high technological equipments and facilities, a number of reports showing that there is a dramatic increase in identity theft. For example, McAfee had shown a report of significant increase in computer security breaches leading to the loss or potential loss of sensitive personal data. Research suggests that the numbers of key loggers, which are codes that put onto the computer without user’s knowledge and consent and tracks, records your keystrokes has increased two and a half times in just over two years. This means ALL keystrokes which are including your personal data, financial details and passwords. Identity theft is not benign and exerts a powerful and economically significant burden amongst businesses and individuals throughout the world. In Gartner’s study, there is about 15 million Americans were the victims of fraud that origin from identity theft which indicates there is an increase of more than 50 percent from what they estimated in year 2003. The figures actually came from 2 different sources, thus there are two different statistical and methodologies. At the same time, the research found out that identity theft victims are losing more money and getting less of it back. Besides, hackers nowadays are exploiting internet auctions, non-regulated money transmittal systems and other type of scams. However, there are some organizations being established in order to prevent the theft rate statistic risen and to stop all these threats and attacks incident widely spread. Reference (Review): http://ecommerze.blogspot.com/search/label/Internet%20Security
For more information: --> Fraud Watch International
Article Source: 1. http://EzineArticles.com/?expert=Eric_Hartwell\ 2. http://ezinearticles.com/?Increase-in-Identity-Theft-Reports&id=
Many people deliberately limit the transactions they do online because they don’t fully trust the e-commerce process. These people simply fear for the security of personal and financial information transmitted over the Web. Gaining the trust of online customers is vital for the success of e-commerce. Based on recent online business statistics, some companies have earned that trust by having 3rd party certification programs. VeriSign is one of the widely used 3rd party certification programs in Malaysia. VeriSign can help your company establish or improve customer trust by securing a company’s Web site for business. VeriSign offers one of the strongest securities in the industry by protecting information exchange between Web servers and clients, from server to server, and even among other networking devices such as server load balancers or SSL (Secure Sockets Layer) accelerators. VeriSign solutions can provide complete cross-network security by protecting servers facing both the Internet and private intranets. Installing VeriSign SSL Certificates makes e-commerce transactions with the Web site safer and submitting sensitive information over the Internet easier. Browsers have built-in security mechanisms to prevent users from unconsciously submitting their personal information over insecure channels. If a user tries to submit information to an unsecured site (a site without an SSL Certificate), the browser will by default show a warning, which can lead the user to question the trustworthiness of this e-commerce site. Recently, VeriSign is offering a series of quick-start efforts, called Go Secure, that combine packaged software, consulting services, and detailed how-to directions. In other words, it is very simple to get and use the certificate after having Go Secure.
Internet is a public network connecting millions of computers throughout the world. We need to fill in some personal information in order to register as a member of the website. The information is including name, date of birth, gender, address, telephone, e-mail address and so on. “Personal Financial Information” means any record containing a customer of a financial institution, whether in paper, electronic, or another form, that is handled on behalf of the institution. If online purchase, the company will record customer information such as names, addresses, phone numbers, bank and credit card account numbers and so on. Is it secure to protect customer been embezzled by other party? There is always a question in our mind whether the system is reliable? Here are a few approaches on how to safeguard our personal and financial data: Avoid using password that are easy for someone to guess, such as the date of birth. A strong password with a combination of letters, numbers and symbols will provide more security. Never write down the information and carry it in the wallet. Always remember to logout properly after using the financial data services. Remember to close the browser window after using the public computer such as in a public library, school computer lab or Internet cafe to prevent other users from reading your personal information and mail. Pay attention when using an ATM and keep your eyes peeled for anyone who seems a little too interested in your transactions. Use your free hand to shield the keypad when entering your PIN. Whenever you are out for shopping or eating, watch how the clerks handle your card. Then take the receipt with you and never throw it away in a public place. Avast,Symantec, Norton and AVG antivirus are popular software use by computer users. Its clean computer and protect personal information, financial data. Use as many tools as you can to guard your computer information from the nefarious. Failing to protect your computer is just as bad as leaving your door unlocked and invite the burglars to come in. This system can help to which limits actions that can be performed by an authenticated person or group. It determines who can use the network resource and what resource can be used. Only keep the ones you actually use and destroy any that you no longer use by shredding them. For example the mail-order and online purchases. It's all too easy for a dishonest party to use your credit card information. Also, it is advisable to keep the card to a low credit limit so that other party would not be able to rack up many bills. You can protect yourself against potential fraud or identity theft by eliminate your own paper trail. A basic desktop shredder will work for a few sheets at a time, but for large quantities you may want to contact a commercial shredder who will also handle household needs. Hopefully the above few ways can help to safeguarding our personal and financial data. Reference: Retrieved from http://www.congressionalfcu.org/aboutus/securitycenter/Visa%20-%20Safeguard%20Your%20Personal%20Information.pdf
What is phishing? A growing Internet scam that has caught many people has been given the name "phishing". 'Phishing' is a term used to describe efforts to illegally gain access to banking or personal details. This usually involves an email that is made to look like it has been sent from a trusted source such as a government agency, bank or other company. The email is designed to trick users into revealing their personal or financial information like passwords, account usernames and others. Where does the term 'phishing' come from?The term 'phishing' is a play on the word 'fishing'. In this context, unwary users are baited into providing personal details. Example of phishing The most common example of phishing that most of the internet users facing now are an email claiming there is a problem processing a particular transaction or an issue with a computer system. You will then be asked to provide certain personal details so that the 'problem' can be fixed. Another form of email will be asking you to validate, or update your personal or financial details. You might be asked to reply by email or to click on a hyperlink and update your details over the Internet. Once you follow the hyperlink you are sent to a fake web page which usually designed to look like the legitimate web page. Any details entered on this false web page would be sent to the perpetrators and then most likely misused. Recently, banks have been a favorite target of "phishing". There is an example of a scam e-mail.
Issue in phishing In 2003 many people received emails supposedly from eBay claiming that the user’s account was about to be suspended unless they clicked on the provided link and updated their credit card information. The scammers use mass-mailing methods and many of the recipients did not even have an eBay account. However, all it takes is 1 or 2 per cent responses for the con to result in a nice haul. Steps to minimize the risk of phishing Step 1: Do not click on any hyperlinks contained in emails asking you to confirm or update your details or to provide any personal or financial information. If you need to go to a web page to complete a transaction or supply information, ensure that it is a legal or correct internet address directly into your browser. Step 2: Be cautious and do not reply to, or follow any hyperlinks in an email if you have any concerns about the validity of it. Step 3: Contact organization that claimed to have sent a suspicious or unusual email. They should be able to confirm if it is real or not. Step 4: Always check the internet address of a hyperlink. The longer the internet address, the easier it is to cover up the fact that it is not legitimate. Step 5: You enter personal or financial details on a web page, make sure the web site is using encryption. Look for the small closed padlock icon in Internet Explorer's status bar
Cyber attacks or vulnerabilities fall under several general categories: I. Accidental actions II. Malicious attacks i. Computer viruses ii. Denial of service attacks iii. Distributed denial of service attacks III. Online fraud i. Identity theft ii. Data theft I. ACCIDENTAL ACTIONS Accidental actions contribute to a large number of computer security risks. This category encompasses problems arising from basic lack of knowledge about online security concepts and includes issues such as poor password choices, accidental or erroneous business transactions, accidental disclosure, and erroneous or outdated software. Related problems occur as a result of misconfigured security products and information leakage resulting from insecure information transfers. Education and prudence should be considered key defenses in limiting the frequency and extent of such events, since this form of cyber vulnerability is largely self-inflicted and avoidable. II. MALICIOUS ATTACKS Attacks that specifically aim to do harm are known as premeditated or malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to on line fraud and identity theft (see below). Malicious code, on the other hand, is at the root of so-called "crackings" and "hackings" - notable examples of which include computer viruses, data theft, and Denial of Service (DOS) attacks. i. Computer Viruses The most common form of malicious code is a computer virus -- a program or a fragment of code that replicates by attaching copies of itself to other programs. There are four main classes of viruses: 1. The first class consists of file infectors, which imbed themselves into ordinary executable files and attach to other system executables when the file is run. 2. The second category is system or boot-record infectors, which infect the first sector on a driver from which the operating system is booted-up. These viruses are not as prevalent now that floppy disks are less frequently used. 3. The third group of viruses is called macro viruses, which infect data files that include scripting "macros". 4. Finally, viruses that use more than one attack method are called multi-part viruses. The "Melissa" virus/worm of 1999, which caused about $80 million in damages worldwide, was malicious code imbedded in a Word® document that, when opened, would send itself out as an attachment to the first fifty people in an electronic mail client address book. The May 2000 "I LOVE YOU" virus was even simpler -- a small piece of code attached to electronic mail. Double-clicking on the executable caused it to send an e-mail to everyone in an address book, subsequently damaging victims' machines. Fast-spreading viruses like "I LOVE YOU" cause e-mail servers to overload and businesses to shut down email correspondence. For example, in one day, the "I LOVE YOU" virus caused over $100 million in United States damages and over $1 billion in worldwide losses. ii. Denial of Service Attacks Denial of service attacks, another form of malicious code, are carefully crafted and executed. Denial of Service Attacks is not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000. Understanding the technical components of a DDOS attack is important, since these attacks precisely reveal the vulnerabilities inherent to the Internet. A DDOS attack functions by overwhelming a server with a deluge of messages that appear to be normal. The DDOS attacker strategically builds an army of key players including: 1. One client machine for coordinating the attack. 2. Three to four host machines, which are battlefields under the attacker's direct control. 3. Potentially hundreds of broadcasters, which are the legions that run the code to generate the flood of packets that attack a target system (consisting of at least one machine). Broadcasters are recruited by port scanning software that determines the machines on which the attacker can gain root privileges. On these machines, the attacker can embed hidden programs that wait for instructions from the Host machines. The attacker sends a list of the Internet Protocol (IP) addresses of the target machines via strong encryption. With all components ready, the attacker then instructs each machine to simultaneously send data packets against the given IP addresses using false source addresses, in a process known as "spoofing." Since the attack contains too much information to be processed and originates from too many different machines with fraudulent IP addresses, the target servers can survive the attack only by disconnecting from the Internet or by denying service indiscriminately to all clients sending incoming data. Hence, the Distributed Denial of Service attack is so-named in order to describe the resulting consequences of a multi-machine attack. Not surprisingly, for any business on line, a DDOS attack severely restricts its ability to maintain the availability of its commercial service. III. ONLINE FRAUD Online fraud is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials; offers of easy money, such as work-at-home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges; and charity facades, where donations are solicited for phony causes. i. Identity Theft Identity theft is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed in traditional settings for many years. For example, in traditional settings, thieves open credit card accounts with a victim's name, address and social security number, or bank accounts using false identification. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take this information (such as credit card numbers) and do with it what they will. This is one of the reasons for which it is critical that consumers and organizations avail themselves of appropriate computer security tools, which serve to prevent many such interceptions.
Identity theft can also be undertaken on a large scale, as in the case of a company or even a city. For example, in January 2001, the entire municipality of Largo, Florida lost e-mail service for over a week when an unknown company based in Spain compromised its identity. The company hacked into the city's e-mail relay system to steal the Largo.com identity. Soon enough, e-mail spam seemingly from Largo.com addresses flooded the net, and many Internet Service Providers blacklisted all incoming and outgoing electronic messages from the city.
ii. Data Theft Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data. Examples of data theft abound. In 1996, a 16-year-old British youth and an accomplice stole order messages that commanders sent to pilots in air battle operations from the Air Force's Rome Laboratory in New York. The two also used the Air Force's own computers to obtain information from NATO headquarters and South Korea's Atomic Research Institute. In April 2001, two employees of Cisco Systems were indicted for obtaining unauthorized access to Cisco stock. These two men, who worked in the company's accounting division, broke into the computer system that handled stock distribution and were able to transfer stock shares to their private portfolios. The total value of their shares over two separate transfer attempts was nearly $6.3 million, according to the US Department of Justice. These are but a few examples. Anyone, young or old, whether inside or outside a company, can disrupt proper national and business activities by compromising systems in such a manner.
|
|
|
|