Security report of Amazon.co.uk

Security report of Amazon.co.uk


E-commerce is a method of commerce but using the internet to buy or sell products or even your can purchase services from some websites like tesco.com. Also the internet allows you to transfer funds through online banking. There are many websites that dominant the e-commerce market websites like Amazon.co.uk and Play.com have dominated the market due to the amount of different goods they offer and the website being the easy to use. All these websites offers different goods and services to the user. There are many negatives points of using e-commerce websites; one of those points is that there is no face-to-face contact with customer and company, and so the company need to gain the customer details via different methods. The company can collect the details of these customers and use them for a number of reasons from market research, updating stock levels and keeping the customers records. With the e-commerce sites, they can store the data of a customer through an account; this is an advantage over a shop in a high street as the customer information is readily available. The company can look at the products they brought and use this data effectively for different purposes; this is compared to loyalty cards in shop like Tesco, HMV, and other high street stores. The customer can purchase a good with this loyalty card and their details can be link of the item they purchased. Some websites allows the user to use the card for both the online and in the shop which they can maximise their rewards from these cards, as they can receive more points and then more benefits, and then the company can use this information for customer details to be processed. But E-commerce is more open to threats than a normal commerce through physical shops, the main reason for this is because their have been and increasing number of hackers that are on the internet which they want to obtain details of customer like address details and then use payments methods like debit card details and then spend your money, but fraud has also be reduced to and extent, as more banks have protection programs and offer full refunds on the money stolen which will satisfy the customer.
The e-commerce website must obtain specific details of the customer which the customer provides such as name, address so that the purchase can be delivered also the customer must provide the payment which the organisation must be bale to obtain, the customer must know about the goods and services and the customer must be persuaded to purchase.
The website must attract their customers to give their personal details, so the company could issue on the website competition to win a prize. This makes the customer input their details as they get the incentive to give their details as they think that they will win a prize. Cookies are data that the company issues on the customer hard drive which stores data about the customer actions and can track ID’s, usernames, passwords, and all e-commerce website must have them as they help to update the virtual shopping basket of the customer. Companies that place cookies on the website must abide by certain rules for doing this to the user’s computer. E-commerce website like Amazon use legal spyware to track the actions of the customer and where they have been on the website which then they can relate this data to your customer records. But many hackers use spyware to gain access to see what you do on your computer and where have you been on that particular website. Many e-commerce websites use many different types of methods that can be used for market research, and this can be used to maintain or gain over its competitors in the same field, like Tesco offers many different goods that can be delivered to you doorstep and they also offer many different services for the customer needs, but Waitrose don’t offer the amount of goods or services that Tesco have and so Tesco can take a lead in the market. Websites like Tesco and Amazon create a service for the user which no on else can view, for example an account this is password protected and this is a personal service, Website do this by using the data that they have collect in the form of cookies and spyware and other methods, and then provide information that the customer can use, for example the e-commerce website Amazon that I have looked at, uses this information by telling your “Recommendations”, Amazon have traced on what you have looked on previously or brought and provides the customer with items that the customer might intend to buy. This is a way of getting customer to buy the items and also enhances the customer to use the website more frequently, and it also appear that the website is helping you to find more products, which reflects on the virtual help you get in a physical shop. You can also change these items by either rating them which then instructs Amazon to change the items in your recommendations to the choice you have made. Amazon can also send email out to the customer about their recent purchase and other items that they may be interested in. the data which is collect from the user, can be used to interpretate the market and where the market is going to go, and big businesses do this to gain the competitive advantage over its rivals, this allows them to see where products are popular and this will help to reduce costs of the business. The business therefore can order more stock as they can see how many are selling and order accordingly. There are many threats that the data can be inflicted by on E-commerce website such as Amazon.co.uk. These threats include terrorism, hackers, viruses, spyware, hardware failure, human error, natural disasters, theft, flood and fire, dishonest employees. All these threats can affect the data in any way. But there are many ways to prevent these threats. These ways are training, backup, firewalls, risk analysis, passwords, and access levels, anti-viruses, physical security, secure electronic transactions and encryption. By having well trained staff, they will be able to notify about viruses and types of threats that can damage your system. This enables the trained staff to act quickly and reduce the threat of the computer being disrupted. Back-up files should always be stored away from the computers, and should always be up-to-date copies of the important files, the organization should have suitable back-up strategy that works for them this includes how often a back up is carried out, the media used and how much of the data is back up. Firewalls are to prevent hackers from obtaining passwords and other details they are a combination of hardware and software that can be configured to block access to a network or individual computer to all except known IP addresses, firewalls can also be configured to block outward access thereby controlling the websites that employees can visit. The company is set out questions to answer on how safe their computer system is, and if they have measures of security then their website is deem safe use this is part of the program of risk analysis as the organization has to keep up-to-date with new risks, this allows the trained staff to then interact with the organization and to up date the software. Passwords allows the user to “padlock” their accounts, these passwords reduce the number of hackers as it is quite hard to guess passwords, these passwords can be put on many different things to account online or to server accounts. Many website now have password checkers, these allows the user to see if the password that they have chosen is strong or weak and this is done on a scale bar, weak passwords only contain text in, but stronger passwords contain text, number and symbols. Some websites also allows a number of characters and they also instruct the user to include a number or symbol aswell to prevent hackers from obtaining the passwords. Access levels are a way of restricting people and there options in the ability to access files on a computer system and they have different levels according to their status, in school teachers can open staff files on the server system but students are restricted from doing this the reason for this as this is way of preventing any hackers and also prevent the students from going into the teachers files. Anti-virus software prevents any threats from attacking your system, anti-virus software can be brought or downloaded from the internet or you can just go to your nearest computer store to buy the software, Norton anti-virus is one of the well known software to prevent viruses and also guards our internet from others threats, and these options can be customized by the users needs like if they don’t want internet security on they can just turned it off. But some of these virus software’s can slow down your system, and it is better to look around first and to see if there is any on the internet which will not slow down your computer. Physical security is way of protecting a file server system from any damage if someone was to smash it up. By equipping a premise with an alarm system this prevents and unauthorized personnel in these, also by keeping computer out of customer view this prevents any vandalism and theft from going ahead, by locating the server in a room with controlled access to essential personnel only, by storing back up tapes from the server and padlocking projectors and server boxes to prevent any access from unauthorized personnel. Secure electronic transactions is a way of securing credit card transactions over insecure networks like the internet SET is not payment system but is a set of security protocols what enables the user to employ the existing credit card payment infrastructure on an open network in a secure fashion.
http://tinyurl.com/2k48w9 -this link show how SET has adapted,


Encryption is way of translating of data into a secret code; encryption is the effective way of data security. To read an encrypted file you must have access to a secret key and password that enables you to decrypt it. Unencrypted data is called plain text, and encrypted data is referred to as cipher text. There are two main types of encryption public key encryption and symmetric encryption. Encrypting data provides more privacy, and credit card and other details are normally encrypted and these details are scrambled according to an algorithm and it can only be translated back to original by a computer that has the correct unscrambling software.
http://tinyurl.com/2n7grx this is a link on how Marks & Spencer have encrypted their laptops so that this will prevent any hackers from going into their files, they have been given two months to do this as hackers could quickly obtain their files and then cause destruction within in the organization. “Mick Gorrill, assistant commissioner at the ICO, said: "It is essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information, for example, password protection and encryption”
There are many legislation act that protects the computer users, the two main types of acts are the computer misuse act and the data protection act. The computer misuse act is a legislation act against hacking this act was passed in 1990 by the UK parliament and defined three main offences,
Unauthorized access to computer material: this covers offences such as guessing passwords and having a look at confidential files. This offence carries a term of three months imprisonment can be imposed for this.
Unauthorized access with intent to commit further offences: this offence includes situation like where someone transfers money from one account to another unauthorized account, this offence can carry up to five years imprisonment.
Unauthorized modification of computer material: this includes deleting files and introducing viruses, this offence can carry up to a prison term of five years.
Also breaking these set out laws can carry prisons terms and also big fines to these person breaking them.

http://tinyurl.com/2nf8j8 -this link show a case where a man has been arrested due to accessing the internet through a WiFi connection from an unsecured access point of someone else connection. This quote below show a summary of the investigation and a brief note on what happened and how the police dealt with it.
“A 39-year-old man was arrested on Tuesday morning by two police community support officers (PCSOs) from Hounslow, as he sat on a wall outside a house in Chiswick, west London. He admitted to police that he had used a third party's unsecured Wi-Fi access point to gain access to the internet.”

The data protection act is another legislation law that was introduced in the 1998; the data protection act regulates how personal information is used and protects you from misuse of your personal details. The data protection provides a set of rules which prohibit misuse of your personal information without stopping it being used for legitimate or beneficial purposes. There are eight rules that you should abide by:
Data should be fairly and lawfully processed
Data should be processed for limited purposes adequate
Data should not be kept longer than necessary
Data should be kept secure
Data must not be transferred abroad without adequate protection.
Data should be processed in accordance with your rights.
Data should be must be relevant and not excessive.
Data should be accurate.

There are some weaknesses in the data protection legislation; some of the personal information in the public domain cannot be called back as there is no obvious owner. It is very easy to obtain name and addresses of people. Also it is very easy to track down a lot of information about people by searching into Google or other search engines.

Below are two links of Marks & Spencer encrypting their laptops.
http://tinyurl.com/2n7grx -this link shows how Marks & Spencer encrypting their laptops to prevent any hackers from obtaining data from their employees and then data from their customers aswell.
“The order, from the Information Commissioner's Office (ICO), follows the theft last May of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
The laptop contained details of the pension arrangements of M&S employees and was stolen from the home of an M&S contractor. “

http://tinyurl.com/2h6o6k - this link then shows how Marks & Spencer has breached the Data Protection Act. Below is quote from the link where it states how they have breached the Act and what the effects have been.
“Marks and Spencer has breached the Data Protection Act in not encrypting employee data held on a laptop, according to the Information Commissioner's Office (ICO).The system contained pension details for 26,000 employees and was stolen from the home of a contractor. Protecting such information is crucial, according to ICO assistant commissioner Mick Gorrill.”

More companies nowadays have to follow the rules of the consumer protection regulation which will cover the guidelines that was set out from the Office of Fair Trading. The OFT is the UK's consumer and competition authority. Our mission is to make markets work well for consumers.
They pursue this goal by:
encouraging businesses to comply with competition and consumer law and to improve their trading practices through self-regulation
acting decisively to stop hardcore or flagrant offenders
studying markets and recommending action where required
empowering consumers with the knowledge and skills to make informed choices and get the best value from markets, and helping them resolve problems with suppliers through Consumer Direct.
The OFT is a non-ministerial government department established by statute in 1973.