I have visited the eBay. In the eBay help page, it list the following payment methods:
a. PayPal
b. Credit cards and debit cards
c. Moneybookers
d. Paymate
e. ProPay
f. Pay upon pickup
g. Escrow
I would like to trust the eBay and PayPal for the business. It is because they are well known and famous company. The most important point is that they protect both merchant and buyer for business in its ecommerce website.
2. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
a. Payment and its status should be traceable. (traceability)
b. Provide purchase protection
c. Prevent seller to obtain buyer's credit card number when using international wire payment such as PayPal (anonymous)
d. Provide encryption and authentication for information transfer.
3. Visit the Verisign web site - what solutions does it offer for e-commerce?
The versign provide SSL certification for authentication. The certification is used to certify the identity of the individuals and website. By using the PKI infrastructure, it is possible to authenticate the website and individual through the certificate and the three way handshare mechanism.
4. Visit the TRUSTe web site. Describe what services and solutions are offered.
The TRUSTe web site provides online privacy services to individual and businesses.
According to the factsheet from TRUSTe, they provide the following solutions for protecting privacy.
"Web Privacy Seal Marks companies that adhere to TRUSTe’s strict privacy principles and comply with the TRUSTe Watchdog Dispute Resolution System.
EUSafe Harbor Seal Certifies compliance with the EU Directive on Data Protection, specifically the Safe Harbor Framework, to avoid trade disruptions resulting from international privacy laws.
Email Privacy Seal Reinforces companies’ commitments to good email practices by certifying email disclosures, reputation, and unsubscribe policies.
Trusted Download Program Provides market incentives for adware and other software companies to clearly and unavoidably communicate key functionalities and obtain informed consumer consent prior to download.
Site Reputation Services Reduces the risk of attack by using technology to scan user-generated or third-party content for potential malicious content before it’s uploaded to a Web site"
5. Get the latest PGP software from http://web.mit.edu/network/pgp.html; install it on two machines and encrypt a message on one machine and decrypt it on the other. Report your findings.
Figure 1. PGP software is not found at URL provided
Figure 2. Install screen of PGP Desktop
Figure 3. Key Generation Assistant
Figure 4. Encryption settings for keys
Figure 5. Enter passphrase for private key
Figure 6. Generate the key and sub key
Figure 7. Secure a plain text file
Figure 8. Add key to secure file
Figure 9. Sign and Save the secured file
Figure 10. Compare plain text and encrypted file
Figure 11. Decrypt the encrypted file
Figure 12. Enter the key to decrypt
Figure 13. Decrypted file
I've download the trial version at www.pgp.com. When I install the PGP program, it generates two keys, one of them is private and one is for public. During the encryption of the plain text file I made, it asked to add a signature on to the encrypted file.
6. The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
Biometrics
It is used to identify the person by recognizing the physiological charactertics such as retina, fingerprint, face recognition.
Smart Card
It is a chip with integrated circuit with non-volatile and volatile storage components and microprocessor components. It is used to authenticate himself/herself to sign-on the company.
Posts
No comments:
Post a Comment