Electronic Commerce: Transaction Security (????????) - PowerPoint PPT Presentation

Loading...

PPT – Electronic Commerce: Transaction Security (????????) PowerPoint presentation | free to download - id: 683033-OWJhZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Electronic Commerce: Transaction Security (????????)

Description:

Title: Electronic Commerce: Transaction Security ( ) Subject: Electronic Commerce: Transaction Security ( ) – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 122
Provided by: myday
Learn more at: http://mail.tku.edu.tw
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Electronic Commerce: Transaction Security (????????)


1
Tamkang University
Electronic Commerce Transaction
Security(????????)
??2014/7/03 (?) 14001700????????????R0111???
(???????????318?1?)
Min-Yuh Day ??? Assistant Professor ?????? Dept.
of Information Management, Tamkang
University ???? ?????? http//mail.
tku.edu.tw/myday/ 2014-07-03
2
?????????(Consumer Facing Transaction)
Source http//www.systex.com.tw/
3
Outline
  • 1. ISO 27001 ??????????
  • (ISO 27007 Information Security Management
    System)
  • 2. ???????? (Electronic Commerce Security
    Framework)
  • 3. ????
  • (Transaction Security)
  • 4. ??????
  • (Electronic Payment System)
  • 5. ??????
  • (Mobile Commerce Security)

4
ISO 27001????????(Information Security
Management System, ISMS)
  • ???????? (Information Security Management System,
    ISMS)
  • ??????????, ???????(??)???, ??????????????????????
    ?????
  • ?? ??????????????????????????????????
  • Information Security Management System (ISMS)
  • that part of the overall management system, based
    on a business risk approach, to establish,
    implement, operate, monitor, review, maintain and
    improve information security
  • NOTE The management system includes
    organizational structure, policies, planning
    activities, responsibilities, practices,
    procedures, processes and resources.

Source ISO/IEC 270012005, CNS 27001
5
???? (information security)
  • ???? (information security)
  • ???????????????? ??, ??????????????????????????
    ? CNS 17799
  • information security
  • preservation of confidentiality, integrity and
    availability of information in addition, other
    properties such as authenticity, accountability,
    non-repudiation and reliability can also be
    involved ISO/IEC 177992005

Source ISO/IEC 270012005, CNS 27001
6
Information Security (CIA)
  • Confidentiality (???)
  • Integrity (???)
  • Availability (???)
  • Authenticity (???)
  • Accountability (????)
  • Non-repudiation (?????)
  • Reliability (???)

Source ISO/IEC 270012005, CNS 27001
7
PDCA model applied to ISMS processes
Source ISO/IEC 270012005
8
??? ISMS ???PDCA ??
Source CNS 27001
9
ISO 27001 Annex A (normative)??A (??)
  • 11 ????? (??A.5 - A.15)
  • 39 ?????
  • 133 ?????
  • ISO/IEC 177992005 Clauses 5 to 15 provide
    implementation advice and guidance on best
    practice in support of the controls specified in
    A.5 to A.15.
  • CNS 17799 ?5 ???15 ????????A.5 ?A.15
    ??????????????????????

Source ISO/IEC 270012005, CNS 27001
10
ISO 27001 ??A.5-A.15
  • A.5 ????
  • A.6 ???????
  • A.7 ????
  • A.8 ??????
  • A.9 ???????
  • A.10 ???????
  • A.11 ????
  • A.12 ????????????
  • A.13 ????????
  • A.14 ??????
  • A.15 ???

Source ISO 27001, CNS 27001
11
ISO 270012005 A.10 ??????? (Communications and
operations management)
  • A.10.1 ???????? (Operational procedures and
    responsibilities)
  • A.10.2 ????????? (Third party service delivery
    management)
  • A.10.3 ??????? (System planning and acceptance)
  • A.10.4 ????????? (Protection against malicious
    and mobile code)
  • A.10.5 ?? (Back-up)
  • A.10.6 ?????? (Network security management)
  • A.10.7 ????? (Media handling)
  • A.10.8 ???? (Exchange of information)
  • A.10.9 ?????? (Electronic commerce services)
  • A.10.10 ?? (Monitoring)

Source ISO 27001, CNS 27001
12
???????
  • A.10 ???????
  • A.10.6 ??????
  • ?? ????????????????????
  • A.10.7 ?????
  • ?? ?????????????????????, ??????????
  • A.10.8 ????
  • ?? ?????????????????????????
  • A.10.9 ??????
  • ?? ????????????????????
  • A.10.10 ??
  • ?? ??????????????

Source ISO 27001, CNS 27001
13
A.10.9 ???????? ????????????????????
  • A.10.9.1 ????
  • A.10.9.2 ????
  • A.10.9.3 ???????

Source ISO 27001, CNS 27001
14
A.10.9.1 ????
  • ????
  • ?????????????????????, ????????????????????????

Source ISO 27001, CNS 27001
15
A.10.9.2 ????
  • ????
  • ????????????, ??????????????(mis-routing)??????
    ??????????????????????????

Source ISO 27001, CNS 27001
16
A.10.9.3 ???????
  • ????
  • ???????????????????, ???????????

Source ISO 27001, CNS 27001
17
ISO270012005 ? ISO270012013
Source http//www.fineart-tech.com/index.php/ch/h
ome-2/90-fineart-express/coverstory/394-coverstory
-2014-q2-1
18
ISO270012013 14?????
Source http//www.fineart-tech.com/index.php/ch/h
ome-2/90-fineart-express/coverstory/394-coverstory
-2014-q2-1
19
ISO 270012005 ?ISO 270012013 Annex A
(normative)??A (??)
  • 11 ????? ? 14
  • 39 ????? ? 35
  • 133 ????? ? 114

Source ISO/IEC 270012013
20
ISO/IEC 270012013???
Source http//www.fineart-tech.com/index.php/ch/h
ome-2/90-fineart-express/coverstory/394-coverstory
-2014-q2-1
21
ISO27001 ISMS?????????????
ISO270012005 ISO270012013
A.10.9.1 Electronic commerce A.14.1.2 Securing applications services on public networks
A.10.9.2 Online-transactions A.14.1.3 Protecting application services transactions
Source http//www.bsigroup.com/Documents/iso-2700
1/resources/BSI-ISO27001-mapping-guide-UK-EN.pdf
22
ISO 270012013 6.1.3 Information security risk
treatment(Annex A Control Objectives and
Controls)(??A ?????????)
Source ISO/IEC 270012013
23
ISO270012013 A14.1Security requirements of
information systems
  • Objective To ensure that information security
    is an integral part of information systems across
    the entire lifecycle. This also include the
    requirements for information systems which
    provide services over public networks.

Source ISO/IEC 270012013
24
ISO/IEC 270012013
  • A.14 System acquisition, development and
    maintenance
  • A14.1Security requirements of information
    systems
  • A14.1.1 Information security requirements
    analysis and specification
  • A14.1.2 Securing application services on public
    networks (ISO270012005 A.10.9.1 Electronic
    commerce)
  • A14.1.3 Protecting application services
    transactions(ISO270012005 A.10.9.2
    Online-transactions)

Source ISO/IEC 270012013
25
ISO270012013A14.1.2 Securing application
services on public networks (ISO270012005
A.10.9.1 Electronic commerce)
Source ISO/IEC 270012013
26
ISO270012013A14.1.3 Protecting application
services transactions(ISO270012005 A.10.9.2
Online-transactions)
Source ISO/IEC 270012013
27
ISO270012013A14.1.2 Securing application
services on public networks (Electronic
commerce)ControlInformation involved in
application services passing over public
networks shall be protected from fraudulent
activity, contract dispute and unauthorized
disclosure and modification.
Source ISO/IEC 270012013
28
ISO270012013A14.1.3 Protecting application
services transactions(Online-transactions)
ControlInformation involved in application
service transactions shall be protected to
prevent incomplete transmission, mis-routing,
unauthorized message alteration, unauthorized
disclosure, unauthorized message duplication or
replay.
Source ISO/IEC 270012013
29
Outline
  • 1. ISO 27001 ??????????
  • (ISO 27007 Information Security Management
    System)
  • 2. ???????? (Electronic Commerce Security
    Framework)
  • 3. ????
  • (Transaction Security)
  • 4. ??????
  • (Electronic Payment System)
  • 5. ??????
  • (Mobile Commerce Security)

30
Ravi Kalakota Andrew B. Whinston (1997),
Electronic Commerce A Manager's Guide,
Addison-Wesley
Source http//www.amazon.com/Electronic-Commerce-
A-Managers-Guide/dp/0201880679
31
Generic Framework for Electronic Commerce
  • Electronic Commerce Applications
  • Supply chain management
  • Video on demand
  • Remote banking
  • Procurement and purchasing
  • Online marketing and advertising
  • Home shopping

Public policy legal and privacy issues
Technical standards for documents, security,
and network protocols
Common business services infrastructure(security/
authentication, electronic payment,
directories/catalogs)
Messaging and information distribution
infrastructure(EDI, e-mail, HyperText Transfer
Protocol)
Multimedia content and network publishing
infrastructure (HTML, JAVA, World Wide Web)
Network infrastructure (Telecom, cable TV,
wireless, Internet)
Source Ravi Kalakota Andrew B. Whinston
(1997), Electronic Commerce A Manager's Guide,
Addison-Wesley Professional
32
Turban et al. (2010),Introduction to Electronic
Commerce, Third Edition, Pearson
Source http//www.amazon.com/Introduction-Electro
nic-Commerce-Business-Resources/dp/0136109233
33
A Framework for Electronic Commerce
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
34
A Framework for Electronic Commerce
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
35
EC Infrastructure (1)
  • Common business services infrastructure
  • (security, smart cards/authentication,
    electronic payments, directories/catalogs,
    hardware, peripherals)

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
36
ECSupport Services
  • Order Fulfillment
  • Logistics
  • Payments
  • Content
  • Security System Development

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
37
E-Commerce Security andFraud Protection
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
38
E-Commerce Security Framework
E-Commerce Security Strategy
Regulatory (External)
Financial (Internal)
Marketing and Operations (Internal)
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
39
E-Commerce Security Framework
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
40
Enterprise-wide EC Security and Privacy Model
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
41
Outline
  • 1. ISO 27001 ??????????
  • (ISO 27007 Information Security Management
    System)
  • 2. ???????? (Electronic Commerce Security
    Framework)
  • 3. ????
  • (Transaction Security)
  • 4. ??????
  • (Electronic Payment System)
  • 5. ??????
  • (Mobile Commerce Security)

42
?? (Transaction)?? (Payment)
43
???? (Transaction Security)???? (Payment
Security)
44
???? (Transaction Security)
  • ??????(Non-repudiation Service)
  • ???? (Security Seal)

Source ???????? ????????
45
?????? (Non-repudiation Service)
  • ????????,????????????

Source ???????? ????????
46
?????? (Non-repudiation Service)
  • ?????????????????????(verify)??????????????,???
    ??????,?????????????????????

Source ???????? ????????
47
?????? (Non-repudiation Service)
  • ????????????????(cryptographic check
    value)???,????????????????????

Source ???????? ????????
48
?????? (Non-repudiation Service)
  • ??????????????????????????(accountability)?

Source ???????? ????????
49
?????? (Non-repudiation Evidence)
  • ?????????????????????????????(evidence
    subject)???????????
  • ???? (Secure envelope)
  • ???????(evidence generating authority)???????????
  • ???? (Digital signatures)
  • ??????(evidence generator)???????(evidence
    generating authority)????????????

Source ???????? ????????
50
???????? (Non-repudiation Service Requirements)
  • ??????????????????????????????,????????????????
    ??????,????????????????????????????
  • ???????,??????????????????????????????????????????
  • ??????????????????????????,????????????????,??????
    ???????????

Source ???????? ????????
51
???????? (Non-repudiation Service Requirements)
  • ???????/??????????????(??,????????,????????)?
  • ??????????????????
  • ?????????,?????????????????????????
  • ????????????????,?????????????,???????????????????
    ???????

Source ???????? ????????
52
???????? (Types of Non-repudiation Service)
  • ?????? (Non-repudiation of origin NRO)
  • ?????? (Non-repudiation of delivery NRD)
  • ?????? (Non-repudiation of submission NRS)
  • ?????? (Non-repudiation of transport NRT)

Source ???????? ????????
53
UsernameToken over HTTPS
Source http//docs.wso2.com/display/DSS263/Graphi
calViewoftheDefaultSecurityScenarios
54
Non-Repudiation
Source http//docs.wso2.com/display/DSS263/Graphi
calViewoftheDefaultSecurityScenarios
55
???? (Security Seal)
  • ????????
  • ????

56
????????
?????????? ?????????? ?????????? ?????????? ??????????
???? Hacker Safe HackAlert Worry Free Security Web Alert
????
???? McAfee ???? ???? ????
???? ?????? ??????????? ??????????????? ???????????????
???
???
Source ???????? ????????
57
???? (Trust Seal)
?????? ?????? ?????? ?????? ??????
???? ?????????? GlobalTrust ?????? ???????? ???????????
????
???? VeriSign/ HiTRUST ???? ???? ???????????? ????????????
???? SSL?????? SSL?????? ?????????????? ???????????????
???
???
Source ???????? ????????
58
???? (Trust Seal)
?????? ?????? ?????? ?????? ??????
???? ??????? ????????? ????????? ???? ????
????
???? ?????????? ?????????? ????????????? ?????????????
???? ???????????? ???????????? ???????????? ????????????
Source ???????? ????????
59
???? (Trust Seal)
?????? ?????? ?????? ?????? ??????
???? TWCA ?????????? ???????? Geotrust ISO/IEC 27001
????
???? ???????? ???????? WIS??SSL?????? BSI
???? SSL?????? SSL?????? SSL?????? ??????
Source ???????? ????????
60
Which Site Seal do People Trust the Most? (2013
Survey Results)
Source http//baymard.com/blog/site-seal-trust
61
Outline
  • 1. ISO 27001 ??????????
  • (ISO 27007 Information Security Management
    System)
  • 2. ???????? (Electronic Commerce Security
    Framework)
  • 3. ????
  • (Transaction Security)
  • 4. ??????
  • (Electronic Payment System)
  • 5. ??????
  • (Mobile Commerce Security)

62
????
  • ?????????????,?????????,??????????????
  • ????
  • ????
  • ????
  • ?????
  • ???????
  • ?????
  • ?????

Source ???????? ????????
63
????????
  • ???
  • ?????????????????????????
  • ???
  • ????????????????????????????
  • ???
  • ??????????????
  • ???
  • ????????????

Source ???????? ????????
64
????????-???
  • ????????????????
  • ???(Authenticity)
  • ??????????,???????
  • ???(Confidentiality)
  • ??????(???)??????
  • ???(Integrity)
  • ????????????????
  • ?????(Non-repudiation)
  • ????????, ????????,????

Source ???????? ????????
65
????????-???(?)
  • ?????
  • ??????????IC?,?????
  • ?????
  • ??????????????????????
  • ???(Scalability)
  • ??????????????
  • ??
  • ??????????????
  • ??
  • ?????????,?????????

Source ???????? ????????
66
????????-???
  • ????(Cost of transaction)
  • ????????????,????????
  • ?????(Atomic exchange)
  • ?????,???????????????
  • ?????(User reach)
  • ????????????(?????)
  • ??????(Value mobility)
  • ????????????????,?????
  • ????(Financial risk)
  • ????????????????????

Source ???????? ????????
67
????????-???
  • ???(Anonymity)
  • ????,?????????????????
  • ?????(User friendliness)
  • ????????,????????
  • ????(Mobility)
  • ?????????????

Source ???????? ????????
68
???????
Source ???????? ????????
69
???????
  • ?????(???)?????,???????(???)
  • ??????(??)
  • ?????????????????????
  • ????????????,??????????,?????????????
  • ????
  • ?????????????????
  • ????????????????

Source ???????? ????????
70
?????
Source ???????? ????????
71
?????
  • ????????,??????????????,???????
  • ????
  • ???????????????????
  • ??????????(???????????)????????

Source ???????? ????????
72
???????
  • ????????
  • ????
  • ??
  • ??
  • ???????
  • ????????
  • ????
  • ????
  • ????????
  • ??????

Source ???????? ????????
73
????????
???(??)
????(??)
(1) ?????????
(4) ????(??)
(2) ???????? ????
(8) ??
(5) ????
(7) ????
(6) ??
(3) ???????
????? ???????
????
Source ???????? ????????
74
?????????
  • ?????,???????????????
  • ????
  • ??????,??????
  • ?????,?SSL??
  • ????????????????
  • ????????,?SET??
  • ?????????,?????,????

Source ???????? ????????
75
SSL??
  • SSL??Secure Sockets Layer Protocol
  • ??(Netscape)???1994???
  • ?????????????????,???????????????????
  • ?????(40?128??),??????????????
  • ?????????????(?RSA)???????????

Source ???????? ????????
76
?????????-SSL
Source ???????? ????????
77
????
  • ??
  • ????,????
  • ????,?????????
  • ?????????,??????????
  • ??
  • ????????????????
  • ????????

Source ???????? ????????
78
????????SET
Source ???????? ????????
79
SET ????
  • SETSecure Electronic Transaction????????
  • Visa?MasterCard????????????????????,?????????,????
    ???????,?IBM?HP?Microsoft???????
  • 1996???,1998????????
  • ?????????????????????

Source ???????? ????????
80
SET ????
  • ???(Cardholder)
  • ???SET???????(Electronic Wallet)??????????????????
    ?
  • ????(Merchant Server)
  • ????(Issuer)
  • ????(Acquirer)
  • ????(Payment Gateway)
  • ?????????
  • ??????(Certificate Authority)
  • ???????,??????,??????

Source ???????? ????????
81
SET ?????
Source ???????? ????????
82
SET ???????
  • ?????????????
  • ????
  • ??????????????????
  • ????
  • ???????(??????)??????
  • ?????????
  • ??????????????????
  • ??????????

Source ???????? ????????
83
SET ??????
  • ?????(Registration)
  • ????CA??,??????????SET??????????????
  • ??????
  • ?CA???????????

Source ???????? ????????
84
SET ??????(?)
  • ????(Purchase Request)??
  • ???????????(???????)
  • ????????????,???????????????
  • ???????????(OI)?????(PI),??PI?????????,???????????
  • ??????OI???,????????,?????????

Source ???????? ????????
85
SET ??????(?)
  • ????(Payment Authority)??
  • ????????????PI?????,?????(Digital
    Envelop)??????,????????,??????
  • ????????PI?????????????,????????????
  • ???????,??????????,???????(Capture Token)??????

Source ???????? ????????
86
SET ??????(?)
  • ????(Payment Capture)??
  • ??????????????,??????
  • ????????????,???(??)?????????
  • ?????,????????????,??????

Source ???????? ????????
87
SET ????
  • ??
  • ????,????????????
  • ???????????????,?????????????
  • ???????,????????
  • ??
  • ????????????(PKI)?,????
  • ?????????,????,????
  • ??????????????,????

Source ???????? ????????
88
SET ??????
  • ??????????????????,?????????????????
  • ????
  • VisaVbV (Verified by Visa)
  • MasterCardSecureCode
  • JCBJ/Secure
  • ????
  • ????????????????
  • ??????????,?????????

Source ???????? ????????
89
???????
Source ???????? ????????
90
???
  • ???Smart Card,??IC?????
  • ?????????????,??????????
  • ????????
  • ????
  • ??????,????????
  • ????,?????iCash

Source ???????? ????????
91
??????
  • ???????,????????(????????),??????,??
  • ??????
  • ?????????????????
  • ????????(ATM)??????????(???)?????
  • ???????????????????????,????????????(Loyalty)?????

Source ???????? ????????
92
???(????)
  • ???????????,???????,?????
  • ?????????(?)??,???????????
  • ?????,?????????????,????????
  • ????
  • ??????,?????????????
  • ????????,??????????

Source ???????? ????????
93
??????
  • ??????
  • ???(Stored Value)???(Pre-paid)
  • ????????????,??????????????????????
  • ??
  • ???(????)
  • ????????????
  • ???????,??????????

Source ???????? ????????
94
???????
  • ????Electronic Purse
  • ???????????????????,?????????
  • ????????????,???????
  • ??
  • ????,??????
  • ?????,???????
  • ??????????
  • ???????
  • ?????????????

Source ???????? ????????
95
Outline
  • 1. ISO 27001 ??????????
  • (ISO 27007 Information Security Management
    System)
  • 2. ???????? (Electronic Commerce Security
    Framework)
  • 3. ????
  • (Transaction Security)
  • 4. ??????
  • (Electronic Payment System)
  • 5. ??????
  • (Mobile Commerce Security)

96
Mobile Commerce(m-commerce or m-business)
  • Any business activity conducted over a wireless
    telecommunications network or from mobile
    devices.

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
97
Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
98
Attributes of M-Commerce
  • Ubiquity
  • Convenience
  • Interactivity
  • Personalization
  • Localization

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
99
Mobile Computing(wireless mobile computing)
  • Computing that connects a mobile device to a
    network or another computing device, anytime,
    anywhere.

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
100
Mobile Financial Applications
  • Mobile Banking
  • Mobile Payments

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
101
Mobile Marketing Campaigns
  • Information (??)
  • Entertainment (??)
  • Raffles (??)
  • Coupons (???)

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
102
Mobile Marketing and Advertising
  • Building brand awareness
  • Changing brand image
  • Promoting sales
  • Enhancing brand loyalty
  • Building customer databases
  • Stimulating mobile word of mouth

Source Turban et al. (2010),Introduction to
Electronic Commerce, Third Edition, Pearson
103
A day with NFC technology
104
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
105
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
106
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
107
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
108
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
109
A day with NFC technology
Source https//www.youtube.com/watch?v_64mAcOn44
4
110
Mobile Security Threats
  • Toll Fraud (????)
  • Ransomware (????)
  • Mobile Payments via NFC (NFC ????)

Source http//mcommerce-explorer.blogspot.tw/2013
/03/top-5-mobile-security-threats-2013.html
111
Toll Fraud
Source http//mcommerce-explorer.blogspot.tw/2013
/03/top-5-mobile-security-threats-2013.html
112
Toll Fraud
Source http//mcommerce-explorer.blogspot.tw/2013
/03/top-5-mobile-security-threats-2013.html
113
Ransomware
Source http//en.wikipedia.org/wiki/Ransomware
114
Ransomware
Source http//www.pcworld.com/article/2032767/ran
somware-boosts-credibility-by-reading-victims-brow
sers.html
115
Mobile Payments via NFC
  • steal your money via the classic "bump and
    infect" method, this means that NFC is actually
    acting as enabler for theft.

Source http//mcommerce-explorer.blogspot.tw/2013
/03/top-5-mobile-security-threats-2013.html
116
Mobile Payments Security
Source http//www.mobilecommercepress.com/merchan
ts-becoming-conscious-mobile-payments-security/851
1441/
117
Mobile Security Worm Threat Targets Android
Devices
Source http//www.mobilecommercepress.com/mobile-
security-worm-threat-targets-android-devices/85128
23/
118
NFC
Source http//www.elatec-cards.com/products/telec
om/nfc/nfc-sim-cards/
119
Mobile Commerce Security
4
Requests and processes payment authorization from
PSP
Payment service provider (PSP)
Secured mobile
Internet network
Firewall
Merchant server
1
2
3
Validates unique inbound mobile transaction
fingerprint
Transmits encrypted transaction from mobile to
server
Generate a unique fingerprint for every
transaction
Bank
Source http//ecommercesecurity.co.uk/
120
References
  • Turban et al. (2010), Introduction to Electronic
    Commerce, Third Edition, Pearson
  • ???????? ????????

121
Tamkang University
Q A
Electronic Commerce Transaction
Security(????????)
??2014/7/03 (?) 14001700????????????R0111???
(???????????318?1?)
Min-Yuh Day ??? Assistant Professor ?????? Dept.
of Information Management, Tamkang
University ???? ?????? http//mail.
tku.edu.tw/myday/ 2014-07-03
About PowerShow.com