CRITICAL ANALYSIS AND CONTRAST OF THREE BUSINESS WEBSITES
According to (2001), Website security includes restricting access to the internal Web server and to mainframe, an intranet, the Internet, or the World Wide Web. Another area of security concern is transactions between the company’s website and suppliers or customers. Internal security requires access controls and firewalls. Communications and transaction security often require the use of encryption and digital signature technologies.
During 2005, the number of companies that are reporting website attacks has increased. A survey of Computer Security Institute and computer-intrusion squad of the San Francisco’s FBI, conducted last January, 2005, found that 95% of the respondents, that is compose of 700 computer-security practitioners of different US companies, government agencies, medical institutions and universities had experienced more than 10 web-site incidents in 2004, 5% during 2003 (, 2005). As years past by different sophisticated methods and tools are used for cyber crime (see appendix B for the evolution of tools that are used in cyber crimes).
Firewall is the most important software that is used by all of the website developer. , and (2000), define firewall as a network device that controls and monitors access to areas of a network. It can be a dedicated devise such as Cisco PIX Firewall or a software loaded onto an existing device. Its common use is to protect the network of an organization that is connected to the Internet, by monitoring and filtering network traffic at network entrance points. It is also used to give additional protection to the sensitive part inside an organizations intranet, such as finance and research departments, and to secure entrance points to the networks of customers or suppliers. Multiple firewall are required if there are multiple access points to a network ()
eBay is a website (see appendix C for Screen shot of ebay.com main page) that serves as a marketplace for the sale of goods and services for different individuals in the world. The company was founded in September 1995 by in his own living room in San Jose, California (, 2001).
eBay is a website that offers person-to-person trading community using the technology of the Internet and World Wide Web. Buyers and sellers are brought together in a way that sellers are allowed to list items for sale while buyers are authorized to bid on items of their interest and users are allowed to surf to through the listed items in a fully automated way. Items are arranged by different classifications and each type of auction has its own group (, 2001).
Today, eBay is considered as the worlds largest online buying and selling community. (2007), stated that the past year has been the big one for eBay – many features have been added and many aspects of the website have been changed. It is also one of the top 20 most time spent website in America (see appendix A to see the top 20 most time spent websites)
According to (2005), phishing is the act of sending a forged email using a bulk mailer to a recipient, falsely mimicking a legitimate establishment in an attempt to scam the recipient into divulging private information like credit card numbers or bank account passwords. The e-mail in most cases, will tell the user to visit a Web site to fill in the private information. To gain the trust of the public, the website is designed to look like the site of the establishment the scammer is impersonating (). In simple words, Phishing is known as carding or brand spoofing (, 2005, ). Phishing attacks are increasing frequency in haste; there are many that are good enough to fool users (, 2005, ). Anti-Phishing Working Group (APWG) reported that in April 2004, reports of phishing attacks had increased by 180% and rose by 4,000% after six months (as cited in , 2005, ). Phishing is considered as one of the most encountered cyber crimes n the cyber world.
The first phishing attack to eBay was first reported on March 9, 2004 (, 2005, ). According to (2005), the attack begins when the potential victim receives an email, portraying to be from eBay, that claims that the user’s account information is invalid and must be corrected. The email contains an embedded hyperlink that appears to point to a page on eBay’s website. The web page will ask for the user’s credit number, contact information, Social Security number and eBay username and password ( ).
In order to prevent this attack, eBay joined Yahoo and PayPal. The use of DomainKeys technology provided the company an exceptional technique to validate the legitimacy of e-mail messages, by allowing Internet services providers to decide if messages are valid and should be delivered to a customer’s inbox (, 2007). See Appendix E for screenshot of valid eBay email. This joint force will help particularly the eBay and its customers to protect their account, their personal and private information as well as to protect their financial interests.
Entering of Password
Another important part of security aspect of eBay is the process of changing information regarding the user. Before a user can enter to the market-like page of eBay, he/she have to register first or enter their existing password and username. In case of eBay, if the user wants to change or edit any of his/her account information; another log-in form will pop. This is to heighten the security of the company itself as well as the interest of their customers.
Reentering of password all over again will prevent future dilemma such as if the user forgot to log out and then, another user of the computer will come. If the company will not going to ask to reenter the password and username, there will be a high chance and risk for the original password to be changed and this will no longer be available to be used by the original owner.
Limiting the Change Password Feature
The company has once implemented the change password menu; this is to prevent malicious hacker from changing the password of the eBay users and gain access to those accounts (, 2002).
Use of Separate Firewall
The company is using a separate firewall for the personal information and the credit card information. This is to protect the eBay users by hiding their credit card information from hackers. As well as protect the important information that has a relevance to the company performance and transactions.
Unlike the two other company websites, eBay is always asking to verify the email address first to ensure that the email address that the customer that will be using is working or cooperative. This is due to the fact that most of the information regarding the shipment, delivery or order of the customers will be sent via email. See appendix E for the sample email verification.
Amazon.com was founded by , a computer science and electrical engineering graduate from Princeton University and went online in July of 1995. During May, 1997, the public have begun to be aware of the website (, 2002, ). It offers a vast selection of products in different categories. Just like any other e-business, Amazon.com is offering online service by selling products over the net. Amazon.com is one of the most established e-businesses in the e-market. It is well known for its vast selection of books in different subjects, genre and areas.
Amazon.com against Phishing
Unlike eBay and Paypal, Amazon.com implemented an order-notification system that can give the retailer an alleged safety advantage. Desktop software are offered in order to provide encrypted order alerts, this technology will replace the emails that the company will send to the third party sellers (, 2007). According to (2007), besides Amazon’s new encryption program, its main difference against the company’s main competitor, eBay and PayPal, is that the company sellers are required to exercise the use of an internal system, Amazon Payments – the same checkout used for purchasing new items from the company. Buyers automatically receive $2, 500 of money-back coverage per transaction with any Amazon seller.
Secure Sockets Layer Software
During the transfer of information from the customer to the company and vice versa, the data is protected with the use of Secure Sockets or SSL software that encrypts the information that was exchanged (, 2007). This will help to ensure the privacy of the customers and the information and data that are important to them as well as the company.
Staples first launch its office products superstore in Brighton, Massachusetts in 1986. It is a company that offers business supplies. In 1998, the company launches the stables.com. It becomes the first office supple superstore that integrated the use of its e-commerce site to its retail store that is located nationwide. During 2002, the company has become the world’s largest seller of office supplies, garnering revenue of $11 billion.
Staples against Phishing: Email Verification Standards
Staples.com is using two kinds of email verification standards. One is the, senderID; this standard scrutinizes the Internet protocol address associated with the email and confirms whether that IP address is certified to send email on behalf of a definite domain. Like eBay, the company is using the second approach which is the DomainKeys identified mail or DKIM. This requires both the public and the private key to be issued and then compared to make sure that there are no changes that have been made (, 2006).
Unlike the first two mentioned website, staples.com is implementing password strength for the sake of their users. This is to prevent hackers from retrieving the user’s password easily.
Reentering of Password
Staples.com is also like eBAy that is implementing the reentering of password. This is to prevent illegal users from using the account of other users.
Level of User
Like any other system whether window based or online based, staples.com is implementing the level of users where in there are parts of the company website that are not available for public views. There are page that are exclusive only for the suppliers and huge wholesalers as well as the employees inside the company. If one will try to enter to their private page, a message box will be shown saying that the page is forbidden. This only means that the user or the viewer is not allowed to enter in that specific page.
Identity Theft Protection
According to the news release of (2004), every second, someone becomes a victim of identity theft. There are 20 million Americans that have been victimized just in past two years. In order to solve this dilemma of the users and customers of the staples.com, the company has implemented the use Identity Theft Protection that is powered by PrivacyGuard. This technology will help the company’s customer to monitor their credit, identify fraud resolution support and insurance.
Aside from the different techniques and tools that are now used to maintain the security of the three different company web sites, all of them are also combating different cyber crimes that will affect their performance, operations as well as their image to their customers and other target netizens. This is the main reason, why they are always giving press releases that will serve as warning that will inform the public regarding new threats to their information security and privacy.
They are also giving tips and advice to their customers regarding on how they can prevent future dilemma about security issues. Tips on how to secure important information such as the password and username were given to their customers for daily use in the large e-market.