- September 4, 2012
- Posted by: essay
- Category: Free essays
I have selected several online shops that deal with selling books online, since books are likely to be popular among college students. The main competitors in online shopping (which sell not only books, but various kinds of items) are ebay.com and amazon.com. Actually, these two companies are the largest and most important competitors in the area on e-sales. However, there are specialized e-shops and the third company that I’ve chosen is online books shop of Barnes and Noble (barnesandnoble.com). The aim of the essay is to analyze security issues concerning credit card payments and to compare initial information gathering process at these sites, steps necessary to make a transaction, features aimed to overcome security and cost risks and the procedure of identification and verification of the card holder person.
The results of the analysis are presented in the table below.
|1. Information required before using a credit card||Ã¼ Valid accountÃ¼ Valid address (warning appears if address is not in the database)||Ã¼ Valid accountÃ¼ Credit card number and card security number (if the card is not valid, registration will not continue)Ã¼ Address (without proper validation though)||Ã¼ Valid e-mail addressÃ¼ Active accountÃ¼ Valid shipping address (if the address does not exist, registration will not be proceeded)|
|2. Transaction steps||Ã¼ LoginÃ¼ Select itemsÃ¼ Select shipping address
Ã¼ Enter credit card number and card security number
|Ã¼ LoginÃ¼ Select itemsÃ¼ Select payment type||Ã¼ LoginÃ¼ Add items to cartÃ¼ Enter valid shipping address
Ã¼ Enter payment information and valid card number
|3. Features for overcoming risks and other limits||Ã¼ SSL protection with 128 bit encryptionÃ¼ Cross-check of e-mail addressÃ¼ Standard bank card validation||Ã¼ SSL protection with 128 bit encryptionÃ¼ Password security reminders for usersÃ¼ Credit questions posed to users before purchase in order to verify their identity||Ã¼ SSL protection with 128 bit encryptionÃ¼ Solid address verificationÃ¼ Password security checking
Ã¼ Credit card number and validity identification
Ã¼ Enhanced account verification
|4. Cardholder identity verification||Ã¼ Security questions for usersÃ¼ Credit card validation within banking systemÃ¼ Possibility of purchase by phone||Ã¼ Alternative ID verification (without entering credit card number) ”“ for example, by PayPal||Ã¼ A special procedure of account check: Amazon places small deposits on the account; the customer should accept them, enter the amounts of both deposits and answer to security question|
Table 1. Characteristics of chosen online shops
The results of analysis have shown that in the context of IT technologies of protecting data, SSL 128-bit MD5 encryption is used everywhere (Caloyannides 2004). Also, registration procedures require a valid e-mail and require a valid account at the appropriate site.
However, ebay.com has stricter credit card control, and amazon.com has very strong address verification during registration.
Transactions are done in almost the same manner; ebay.com doesn’t require a credit card number because its verification was done before registration. The procedures of identity verification and other security alternatives are various: barnesandnoble.com use their specialization and significant offline possibilities, in particular they offer to make phone purchase. Also, they offer more online validation. Ebay.com allows to rely on third party verification (in order to do this, the customer should have a correct routing number and checking account number). Finally, Amazon offers a special validation procedure described in Table 1.
In my opinion, the most security is reached at Amazon.com. E-bay and barnesandnoble.com have experienced several breaks in and customer data leaks; it is easy to see that amazon.com offers better overall protection. However, recent news state that a group of technical professionals managed to use large computing clusters for breaking the md5 algorithm (Williams 2009); this means that websites with SSL protection are not as secure as it was considered earlier.