I want to the the ebay Web site at: http://www.ebay.com/. I tried to buy the Wii game console in it. If I confirm to buy that item, I need to PayPal account to process the payment.
PayPal is a payments gateway (or a payment middle man):
- Make secure purchases without revealing credit card number or financial information of the customer
- Pay quickly
- Shop using PayPal on eBay or thousands of merchants worldwide
I trust that site (ebay) with my business, as the payment are through the famous 3rd person and my financial information would not be exposed to the merchants.
2. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
Trust of Internet shopping does not simply between the internet merchant and the customer, also between the consumer and the computer system through which transactions are executed. The quality of the product cannot be changed by the customer before making a purchase, or monitor the safety and security of sending personal sensitive information such as credit card numbers through the Internet to someone whose behaviors and motives may not easy to predict. The effectiveness of 3rd party trust-certification bodies such as TRUSTe or Verisign and public key encryption infrastructure for ensuring transactional security are significant success factors for Internet shopping (Lee & Turba, 2001).
Secuity of e-commerce can create trust, a security site should be (Josang & Tran, 2000):
- Authentication - provide proof of identity and prevent an attacker from masking as a real user.
- Non-repudiation - provide proof of expedition or receipt
- Confidentiality - ensure that only legitimate users can read message
- Integrity - ensure that illegitimate modification, deletion, creation or replay of digital messages.
- Availability - ensure that an application is not break up by illegitimate actions
Trust for e-commerce has four main components (Patton & Josang, 2002):
- Affecting trust before the site is accessed: brand reputation, previous off-line experiences with the merchant, differences between individuals in their general propensity to trust
- Interface properties: graphic design and layout, content organization and usability
- Informational content: information the merchant provides about products and services, privacy policies and privacy practices
- Relationship management: post-purchase communication and customer service
3. Visit the Verisign web site - what solutions does it offer for e-commerce?
I visit the Verisign at: http://www.verisign.com/. Verisign provides the Consumer Products and Retail Solutions for e-commerce. The VeriSign Identity Protection (VIP) provides authentication and transparent fraud detection from a trusted provider protects online transactions without slowing transactions.
4. Visit the TRUSTe web site. Describe what services and solutions are offered.
I visit the TRUSTe web site at: http://www.truste.com/. TRUSTe helps Web sites to build customer confidence to work, play and shop online. TRUSTe provides service to proof Web site strict privacy principles, and who strive to treat customer information with the utmost respect. If the Web sites meet their requirements, they will have a TRUSTe Web Privacy Seal.
5. Get the latest PGP software from http://web.mit.edu/network/pgp.html; install it on two machines and encrypt a message on one machine and decrypt it on the other. Report your findings.
The PGP software was no longer distributed by MIT:
The PGP software can be download at:
http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html
or
http://www.pcworld.com/downloads/file/fid,3178;order,1;page,1;c,All%20Downloads/description.html
The PGP encrypts files with recipient's public key or sender's private key. When recipient receive the encrypted file, the recipient can decrypts the file with his own private key or sender's public key. The recipient can use the PGP software to check the integrity of the encrypted file to ensure that the file have not be altered by other.
PGP is Pretty Good Privacy provides cryptographic privacy and authentication. PGP are commonly used for signing, encrypting and decrypting files for email. PGP encryption uses the Public Key Infrastructure (PKI).
Encrypts files output to test.pgp:
Verifies file integrity and decrypts the test.pgp file, then unzip the files into the Test folder:
6. The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
Legitimate users validation:
- by user name or login ID, and password. Commonly use in most systems
- by personal card and password. Example: use of automated teller machine (ATM) card by bank
- Fingerprint recognize system. Example: use in door lock, computer system login.
- Iris recognize system. Example: use in door lock
- Josang, A. and Tran, N (2000), Trust management for e-commerce, Virtual Banking 2000.
- Lee, M.K.O and Turba, E. (2001), A trust model for consumer internet shopping, International Journal of Electronic Commerce, 75-91(6).
- Patton, M. A. and Josang, A. (2002), Technologies for trust in electronic commerce, Kluwer Academic Publisher, Electronic Commerce Research 4, 9-21.
No comments:
Post a Comment