Beat of Passion

The application of 3rd party certificate programme in Malaysia




E-commerce is widely used around the world. In the developed country, the usage of e-commerce is extremely high as compare to Malaysia. The main issue that Malaysian does not practice e-commerce in daily life is because they feel unsecure. They are worrying that their personal details will be disclosed in the internet since there is lots of fake website and online fraud existed.

Therefore, 3rd party certification program took place to ensure the securities of users where a digital certificate issued. A digital certificate is a digital document that provides verification that your website does indeed represent your company and it will valid for a certain period of time.

MSC Trustgate

The most popular 3rd party certification program in Malaysia, MSC Trustgate.com Sdn Bhd, is corporate in 1999. It is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a Certificate Authority (CA). CA's goal is "To enable organization to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world."


Why is the 3rd party certification needed?

Ø There are threats of internet security spreading over the net nowadays.
For example, with the increase of phishing on the internet; customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on may be misused. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients safely.

Ø It provides e-mail protection and validation, secure online shopping carts and more services in order to avoid being hacked and attacked by the macilious software such as virus, worms and trojan horse.

Ø More safeguard for online shopping. When the customers are confident in particular organization, it will enhance the sales in that particular company indirectly.

As a conclusion, a secure infrastructure is essential on the E-commerce in order to protect the publishers and users. The establishment of Certificate Authority plays a vital role not only to issue digital certificate but also have to ensure the security of E-commerce website. We, as an Internet users, must be aware with the security trademark to prevent from become a victim of security issues.

The threat of online security

Anyone that gets online is at risk. Online security threats are one of the biggest challenges on the Internet today and most security threats are made by attackers using a relatively small number of vulnerabilities. Attackers prefer to continue to take advantage of these most common failures, rather than seeking out new exploits or taking advantage of more difficult ones.

Here are several types of threats of the online security:

1. Virus
It is a piece of code that is loaded onto your computer without your knowledge and runs
against your wishes. Viruses can also replicate themselves and they are all manmade. A
simple virus that can make a copy of itself over and over again is relatively easy to produce.
Even such a simple virus is dangerous because it will quickly use all available memory and
bring the system to a halt.


2. Worm
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms
spread from computer to computer. The biggest danger with a worm is its capability to
replicate itself on your system. Instead of sending out just a single worm, it could send out
hundreds or thousands of copies of itself, creating a huge devastating effect.

One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.


3. Trojan horse
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named
after. The Trojan Horse, at first glance will appear to be useful software but will actually do
damage once installed or run on your computer. When a Trojan is activated on your
computer, the results can vary. Some Trojans are designed to be more annoying than
malicious (like changing your desktop, adding silly active desktop icons) or they can cause
serious damage by deleting files and destroying information on your system.


4. Blended Threats
Added into the mix, there is a threat named blended threat. A blended threat is a more
sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses
and malicious code into one single threat. Blended threats can use server and Internet
vulnerabilities to initiate, then transmit and also spread an attack. Basically it can cause
damage within several areas of your network at a time.

5. Denial-of-Service (DoS attack) or Distributed Denial-of-Service (DDoS attack)
It is used by those attackers that attempt to prevent legitimate users from accessing
information or services to its intended users. Although the means to carry out a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all.


The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information.


6. Identity theft
It is a major form of online fraud, or misrepresentation. Personal identity theft on the Internet is the newest form of fraud that has been witnessed recently. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves can then take this information (such as credit card numbers) and do whatever they want. Identity theft can also be undertaken on a large scale, as in the case of a company or even a city.

For example, in January 2001, the entire municipality of Largo, Florida lost e-mail service for over a week when an unknown company based in Spain compromised its identity.

7. Data theft
It is the term used to describe not only the theft of information but also unauthorized perusal
or manipulation of private data. Examples of data theft abound. In 1996, a 16-year-old British
youth and an accomplice stole order messages that commanders sent to pilots in air battle
operations from the Air Force's Rome Laboratory in New York.

____________________________________________________________________

Latest news on how PayPal enhance their online security




PAYPAL offers extra online security to UK customers

Monday 26 January 2009 10.06


PayPal launches innovative security service via text message

PayPal’s customers in the UK can now opt for an extra layer of security in order to provide them safer online. The PayPal SMS Security Key texts a unique security code to the customer’s mobile phone for them to use to log in to their account. It will give further reassurance against online fraud, especially for customers who use shared computers.

This type of extra security, known as two-factor authentication, is used by several UK financial institutions to protect all their consumers against online fraud such as phishing attacks. PayPal’s SMS version has the advantage that customers who have a mobile phone don’t need to carry an extra device with them and can start using the service within minutes.

Garreth Griffith, Head of Risk Management at PayPal UK comments, “PayPal has always taken online security very seriously and is famous to keep customers’ financial information as private and confidential. As a result, successful fraud attacks on PayPal accounts are becoming very rare. But we know that some people want extra reassurance, and that’s what the PayPal Security Key will offer.

The PayPal Security Key is part of the VeriSign Identity Protection Network.
PayPal works closely with the internet industry in the fight to keep consumers safe from phishing and cybercrime. PayPal is a partner in the UK’s internet safety awareness initiative, Get Safe Online (http://www.getsafeonline.org/). PayPal works with internet service providers to stop fraudulent emails from reaching consumers: Yahoo! Mail and Google’s webmail service Gmail™ both block emails wrongly claiming to be from eBay and PayPal from reaching their customers.

Anti-phishing measures:

• Be cautious with confidential information and e-mails:
  Internet consumers should familiarize themselves with the way in which legitimate organizations normally communicate with their clients. Legitimate companies usually refrain from asking clients to supply sensitive personal details via e-mail. If suspicious about an e-mail message, contact the institution that supposedly sent the message and verify the origin of the message.

• Carefully examine the URL of the websites:
  The URL displayed in the address or status bar should be examined carefully. The longer the URL, the easier it is to conceal the true destination indicated by the link. Users have to beware of cloaked links hiding the actual destination of a link.

• Protect computers with spam filters, anti-virus, anti-spyware software, and a firewall, as well as keeping them up to date.

• Adopt specific anti-phishing browser toolbars:
  By using a variety of technologies, dedicated toolbars are specifically designed to determine whether a site is safe, including a database of known phishing sites, analysis of the URL and the imagery and text on a site, and various heuristics.

• Be aware of an offer that appears too good to be true:
  It probably a treat with suspicion supposed “bargains” advertised on web sites. Requests for users of online banking sites to complete an online banking survey at a monetary reward, for instance, is an example of phishing scam, in which the phishers aim to steal the banking details of the account into which the reward is to be paid .