E-Commerce Regulations 2002
In 2002 EU issued that all member states must implement these regulations. These must be taken in to account by any business trading online and are very important to identify and to be made aware of.
The whole purpose of the legislation is to make sure the free movement of 'information society services' across Europe and to inspire greater use of e-commerce by breaking down barriers.
Key features of the legislation:
In 2002 EU issued that all member states must implement these regulations. These must be taken in to account by any business trading online and are very important to identify and to be made aware of.
The whole purpose of the legislation is to make sure the free movement of 'information society services' across Europe and to inspire greater use of e-commerce by breaking down barriers.
Key features of the legislation:
- Online selling and advertising is subject to UK law if established in the UK.
- Established outside of UK you have the freedom to choose which applicable law to abide by.
- Recipients of online services must be provided with full details of the trader and how to process the transaction from start to finish.
- Online services providers are exempt from liability for the content they convey or store in specified circumstances.
- Changes to the powers of enforcement authorities, such as Trading Standards Departments and the Office of Fair Trading.
- Consumer Protection Distance Selling Regulations.
- Gives extra protection to consumers who shops by phone, mail order, via the internet or digital TV. These include: Rights to receive clear information about goods and services before deciding to buy and protection from credit card fraud.
- A description of the goods or service
- The price of the goods or service
- Delivery and any cancellation rights
- Information about the seller
The precautions that businesses need to take and the types of attacks that are involved on the internet include:
Tricking shoppers into revealing information about them by posing as a
system administrator or customer service representative is known as social
engineering. Social engineers use observation and a consumer’s restricted awareness
of computer systems to their benefit by retrieving information that would allow
them to access private accounts.
Password cracking can entail diverse types of vulnerabilities and
decrypting techniques; but, the most popular form of password cracking is a
brute force attempt. Brute force password attacks are used to crack an
individual’s username and password for a specific website by scanning thousands
of common terms, words, activities, and names until a combination of them is
granted access to a server. Brute force cracking takes advantage of systems
that do not require strong passwords, thus users will often use common names
and activities making it simple for a password cracker to gain access to a
system.
Trojan software is regarded as to be the most damaging in terms of
E-Commerce security due to its proficiency to secretly connect and transmit
confidential information. These programs are widened for the exact purpose of
communicating without the possibility of detection. Trojans can be used to
filter data from many different clients, servers, and database systems.
Server bugs are often found and patched in a timely fashion that does
not allow an attacker to utilise the threat against an E-Commerce web site.
Web Development Best
Practices
There are specific practices that web developers and E-Commerce
administrators can utilise on their sites to minimise security threats and
improve customer satisfaction. Customer passwords should never be stored
directly on the web server in either plain text or encrypted form.
Security Methods
Web developers and security professionals must implement and utilise
effective security techniques and policies. Technology management must follow
the three R’s of security – recognise, resist, and recover. Sound security
practices include the use of firewalls, threat detection, encryptions,
authentication methods, software updates, and penetration testing.
Firewalls
A firewall’s primary use is to filter out communications that may be
threatening to a system. It limits traffic to a system and only allows pre-determined
activity to pass through its filter. Firewalls can also be configured so that
connections are only authenticated if they are from a specific source machine.
Database Encryption Techniques
The majority of security implementations target the outside defences of
a system. They attempt to isolate the server and not allow incoming
transmissions. This is effective against outside intruders; however, often
times administrators forget the many attacks originate from inside of an
enterprise or E-Commerce department. The database is where the majority of
important enterprise files reside, thus it is imperative that they be kept
safe.
Secure encryption techniques must be put into place that also protect
the security keys and allow access only to specific individuals. Thus, it is
important to also consider things such as access management, event logging, and
auditing.
It is imperative that E-Commerce firms create a risk-aware culture that
instructs workers of security threats and best security practices. It does not
matter how secure a system is if the individuals who are using it are not
educated and understand what to do in security situations.
Effective Password Policies
Accounts should be locked out after a certain number of consecutive
wrong username and password combinations. This ensures that users utilising a
brute force attack will not be able to consecutively attempt login
combinations. Minimum password lengths and maximum occurrences of a specific
character are two of many ways to increase E-Commerce security and to provide a
safer internet experience for everyone.
Government support programmes that are available locally/nationally in terms of funding and training.
The Welsh Assembly can provide information and access to support services from public, private and third sector suppliers.
The Welsh Assembly offers:
Government support programmes that are available locally/nationally in terms of funding and training.
The Welsh Assembly can provide information and access to support services from public, private and third sector suppliers.
The Welsh Assembly offers:
- Access to information and expertise
- General business advise
- Information on how to tender for government contracts
- Access to equality and HR information
- Access to environmental management and waste information
- Access to international trade support
- Workshops on a wide range of subjects including setting up a new business, accessing finance, trading abroad and recruiting staff
No comments:
Post a Comment