Mobile Commerce Security and Its Prevention

2018 ◽  
pp. 433-449
Author(s):  
Mona Adlakha
Keyword(s):  
Mobile Devices ◽  
Best Practice ◽  
Personal Data ◽  
Mobile Commerce ◽  
Mitigation Strategies ◽  
Risk Prevention ◽  
Third Party ◽  
Security Measures ◽  
Security Risk ◽  
Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

Mobile Commerce Security and Its Prevention

2016 ◽  
pp. 141-157 ◽  
Author(s):  
Mona Adlakha
Keyword(s):  
Mobile Devices ◽  
Best Practice ◽  
Personal Data ◽  
Mobile Commerce ◽  
Mitigation Strategies ◽  
Risk Prevention ◽  
Third Party ◽  
Security Measures ◽  
Security Risk ◽  
Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks ; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

scholarly journals USE OF INFORMATION TECHNOLOGIES IN SUPERVISION REMOTE PRACTICE: DATA SECURITY

2021 ◽  
Vol 5 ◽  
pp. 318-329
Author(s):  
Kirils Dubinins ◽  
Kristīne Mārtinsone
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
Cyber Security ◽  
Technology Use ◽  
Information Technologies ◽  
Best Practice ◽  
Panel Discussion ◽  
Personal Data ◽  
Security Risk ◽  
Personal Data Protection

Provision of remote services became relevant all over the world, during the 2020 COVID-19 pandemic. Latvian supervisors were also forced to transfer their practice to the digital space as well. COVID-19 pandemic challenges opened a wider range of opportunities for improvement remote practice. Pandemic also highlighted the risks associated with lack of relevant competences. At the global level over the last decade, risks associated with remote counselling summarized in guidelines, providing professionals with examples of best practice. In Latvia, on other hand, such guidelines have not adopted yet.This study developed with the aim to find out the awareness of Latvian supervisors about the risks (cyber security) of using information technology and the protection of personal data in the conditions created by the COVID-19 pandemic.To find out how Latvian supervisors are aware about the risks of using information technology (cyber security) and personal data protection, a survey conducted among Latvian supervisors and organizing an expert panel discussion, scientific strength of the study ensured by data triangulation.The obtained results allowed to conclude that the COVID-19 pandemic highlighted the need for supervision remote practice, at the same time the research data show that the awareness of Latvian supervisors about the risks of information technology use (cyber security) and personal data protection is medium to low.The results of the research show that in the education of Latvian supervisors it is necessary to allocate place for the acquisition of information technology (cyber security) risk and personal data protection regulation.This research emphasizes the importance of several supervisors’ competences such as digital knowledge and personal data protection, however further research is needed to find the most effective methods how to improve these competences.  

The Impact Of Mobile Commerce In Kavala

2017 ◽  
Vol 1 (2) ◽  
pp. 400
Author(s):  
Vasilios Zoumpoulidis ◽  
Aggelos Zoitsas ◽  
Vasilios Ferelis ◽  
Michael Nikolaidis
Keyword(s):  
Mobile Devices ◽  
Population Distribution ◽  
Critical Mass ◽  
Personal Data ◽  
Mobile Commerce ◽  
Advanced Technology ◽  
Business World ◽  
Statistical Program ◽  
The Cost ◽  
The Impact

<p class="AbstractText">The mobile commerce, as an integral and often dominant part of a broader technological, economic and social system, is closely linked to environmental conditions that affect; this affects their decisions and strategy implemented. Undoubtedly, in the current era, the competition is increased and dominant in the market, pushing their bodies and citizens to abandon traditional and time-consuming methods of business functions, practices and yet purchases.</p><p class="AbstractText">The purpose of this study, it is the presentation and the penetration of mobile commerce to the citizens of Kavala. In particular, how they use their mobile devices in making purchases. The survey conducted in 2015 on a random sample of 220 people with criterion that the respondents have a mobile equipment. It was studied the use of wireless technologies in conjunction with the recognition and use of electronic commerce by both consumers and business world.</p><p class="AbstractText">The questionnaire has 47 questions concerning the population distribution, the advanced technology of their mobile devices, the interest for products and services provided by m-commerce and the security they feel. Finally, the respondents were asked for the purchases made by their mobile equipments and whether they were satisfied.</p>For the measurement of the research factors which appear in the conducted study, the method of multiple determinants variables were used. The data analysis was carried out with the use of the statistical program SPSS Statistics 19.0.<br />The conclusions of the survey is that despite the cost of use, the connection speeds, and security and misuse of personal data problems, the mobile commerce is in constant development due to the critical mass of the users who immediately and practically use their mobile devices.

5. The data protection principles

2017 ◽  
Author(s):  
Ian J. Lloyd
Keyword(s):  
Data Protection ◽  
Data Use ◽  
Personal Data ◽  
Third Party ◽  
Security Measures ◽  
Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

Differences in security risk perceptions between logistics companies and cargo owners

2016 ◽  
Vol 27 (2) ◽  
pp. 418-437 ◽  
Author(s):  
Luca Urciuoli ◽  
Juha Hintsa
Keyword(s):  
Supply Chain ◽  
Supply Chains ◽  
Latin American ◽  
Risk Perceptions ◽  
Mitigation Strategies ◽  
Security Measures ◽  
Security Risk ◽  
Security Risks ◽  
Content Type ◽  
Perception Of Security

Purpose – Supply chain stakeholders may perceive security risks differently and thereby misalign mitigation strategies. Hence, causing weak spots in supply chains and thereby disruptions. The purpose of this paper is to determine whether supply chain companies actually perceive security risks and effectiveness of mitigation strategies differently. Design/methodology/approach – Two survey studies measuring perception of security risks and effectiveness of measures have been developed and used to collect data from European and Latin American companies, grouped as cargo owners and logistics companies. Findings – The findings of the surveys unveil that only two (out of six) security risks, namely, violation of customs non-fiscal regulations and illegal immigration, show significant differences between the two groups of companies. In addition, the surveys show that companies perceive equally the effectiveness of security measures. This study concludes that supply chains seem to have good visibility over the security risks of their partners. Hence, in terms of security, supply chain companies seem to have achieved a common understanding of risks and furthermore are able to act jointly to secure assets and operations. Originality/value – Previous research claim supply chain stakeholders may perceive risks differently and thereby may fail to correctly align mitigation strategies. Yet, to the authors knowledge, previous research has not empirically demonstrated these differences in perceptions of risks and mitigation strategies.

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

2019 ◽  
Vol 13 ◽  
Author(s):  
Jin Han ◽  
Jing Zhan ◽  
Xiaoqing Xia ◽  
Xue Fan
Keyword(s):  
Risk Evaluation ◽  
Evaluation Method ◽  
Service Providers ◽  
Risk Preferences ◽  
Cloud Service ◽  
Cloud Security ◽  
Third Party ◽  
Security Evaluation ◽  
Security Risk ◽  
Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

scholarly journals DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽  
2021 ◽  
Vol 1 (2) ◽  
pp. 75-94
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Mobile Networks ◽  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
End Users ◽  
Third Party ◽  
Control Mechanisms ◽  
Security Measures ◽  
Data Caching ◽  
Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

scholarly journals Fingerprinting Mobile Devices Using Personalized Configurations

2016 ◽  
Vol 2016 (1) ◽  
pp. 4-19 ◽  
Author(s):  
Andreas Kurtz ◽  
Hugo Gascon ◽  
Tobias Becker ◽  
Konrad Rieck ◽  
Felix Freiling
Keyword(s):  
Supervised Learning ◽  
Mobile Devices ◽  
Real World ◽  
Third Party ◽  
Learning Approach ◽  
Total Accuracy ◽  
Over Time

Abstract Recently, Apple removed access to various device hardware identifiers that were frequently misused by iOS third-party apps to track users. We are, therefore, now studying the extent to which users of smartphones can still be uniquely identified simply through their personalized device configurations. Using Apple’s iOS as an example, we show how a device fingerprint can be computed using 29 different configuration features. These features can be queried from arbitrary thirdparty apps via the official SDK. Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that (1) all fingerprints are unique and distinguishable; and (2) utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time

Sign in / Sign up

Export Citation Format

Share Document