- September 4, 2012
- Posted by: essay
- Category: Free essays
I have selected several online shops that deal with selling books online, since books are likely to be popular among college students. The main competitors in online shopping (which sell not only books, but various kinds of items) are ebay.com and amazon.com. Actually, these two companies are the largest and most important competitors in the area on e-sales. However, there are specialized e-shops and the third company that I’ve chosen is online books shop of Barnes and Noble (barnesandnoble.com). The aim of the essay is to analyze security issues concerning credit card payments and to compare initial information gathering process at these sites, steps necessary to make a transaction, features aimed to overcome security and cost risks and the procedure of identification and verification of the card holder person.
Comparison
The results of the analysis are presented in the table below.
 | Barnesandnoble.com | EBay.com | Amazon.com |
1. Information required before using a credit card | ü Valid accountü Valid address (warning appears if address is not in the database) | ü Valid accountü Credit card number and card security number (if the card is not valid, registration will not continue)ü Address (without proper validation though) | ü Valid e-mail addressü Active accountü Valid shipping address (if the address does not exist, registration will not be proceeded) |
2. Transaction steps | ü Loginü Select itemsü Select shipping address
ü Enter credit card number and card security number |
ü Loginü Select itemsü Select payment type | ü Loginü Add items to cartü Enter valid shipping address
ü Enter payment information and valid card number |
3. Features for overcoming risks and other limits | ü SSL protection with 128 bit encryptionü Cross-check of e-mail addressü Standard bank card validation | ü SSL protection with 128 bit encryptionü Password security reminders for usersü Credit questions posed to users before purchase in order to verify their identity | ü SSL protection with 128 bit encryptionü Solid address verificationü Password security checking
ü Credit card number and validity identification ü Enhanced account verification |
4. Cardholder identity verification | ü Security questions for usersü Credit card validation within banking systemü Possibility of purchase by phone | ü Alternative ID verification (without entering credit card number) ”“ for example, by PayPal | ü A special procedure of account check: Amazon places small deposits on the account; the customer should accept them, enter the amounts of both deposits and answer to security question |
Table 1. Characteristics of chosen online shops
Conclusion
The results of analysis have shown that in the context of IT technologies of protecting data, SSL 128-bit MD5 encryption is used everywhere (Caloyannides 2004). Also, registration procedures require a valid e-mail and require a valid account at the appropriate site.
However, ebay.com has stricter credit card control, and amazon.com has very strong address verification during registration.
Transactions are done in almost the same manner; ebay.com doesn’t require a credit card number because its verification was done before registration. The procedures of identity verification and other security alternatives are various: barnesandnoble.com use their specialization and significant offline possibilities, in particular they offer to make phone purchase. Also, they offer more online validation. Ebay.com allows to rely on third party verification (in order to do this, the customer should have a correct routing number and checking account number). Finally, Amazon offers a special validation procedure described in Table 1.
In my opinion, the most security is reached at Amazon.com. E-bay and barnesandnoble.com have experienced several breaks in and customer data leaks; it is easy to see that amazon.com offers better overall protection. However, recent news state that a group of technical professionals managed to use large computing clusters for breaking the md5 algorithm (Williams 2009); this means that websites with SSL protection are not as secure as it was considered earlier.