Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.
Presumably, the reasons for committing Internet fraud may be obtaining access to the user’s bank card, or obtaining his personal data. To confirm or this hypothesis, managers will also need to assess how often data was leaked and how often money was stolen during the Internet frauds. A detailed survey of managers in an interview will give an opportunity to study the main motives of Internet scammers. An interview with a relatively small number of people will allow to interrogate all respondents in as much detail as possible regarding cases of hacking at their workplace. This will help determine the difference between the motivation factor from the diamond fraud theory for offline and online thefts.
Introduction
The globalization of the economy, the rapid development of financial markets and instruments traded on them, the complication of relations between economic entities and their business operations at the present stage create favorable conditions for the tendentious presentation of public information, which includes the financial statements of companies. All this combined with the change in the moral foundations of the modern “homo economicus” generates new forms of corporate fraud. They increasingly do not fit into the framework of the differential association theory proposed by Cressy, better known as FTT (Zadereyko et al., 2019). Next, the three-factor model underlying FTT was modified by including another factor in it, conventionally called “abilities”. Almost fifty years later, an improved model appeared, which was called The Diamond Fraud Theory – FDT. The “ability” factor is necessary for the fraudster to ensure a better implementation of the conditions proposed under the FTT. In particular, it is necessary for the possibility of justifying and concealing unfair actions related to the falsification of public information of the company.
Overview
In the context of globalization, human activity is increasingly connected to the global Internet, and the number of its users has increased many times over the past decades. Most of the inhabitants of the planet use the world Wide Web in one way or another, leaving their personal data in it, including when participating in the process of electronic commerce. In the age of information technology, the Internet has become an integral part of everyone’s life. In the era of globalization, human activity is moving into a different environment that has long been mastered, but not properly regulated by law – the information space of the Internet. A huge amount of personal information that requires protection also flows there. Globalization processes play an important role in the formation of this Internet space (Hirsch, 2018). As a result of it the Internet was initially formed as a phenomenon that does not fall under the jurisdiction of any state and is not divisible into national segments.
Modern gadgets are no longer a luxury, they are an integral attribute of everyday, social and professional activities. Humanity is increasingly immersed in the virtual world, transferring part of its life there. This suggests that people are beginning to think with the terminological apparatus of the information society. However, one should not forget about the dangers and threats that accompany the user in the Internet space.
Many organizations are switching to online trading, new areas of activity and development are emerging. For example, in order to be successful, companies need to create and maintain their image on the Internet, take care of promotion and advertising, and position themselves correctly in social Internet services (Taylor, 2020). In the digital space, market participants are fighting for the personal data of their potential customers (full name, email address, IP address, phone number, credit card numbers, passport data, etc.). Then they can be used for targeted advertising messages on websites and social networks, as well as for personal interaction with the consumer in order to attract their attention to the product or service.
However, in order to maintain their image and increase brand loyalty, it is extremely important for companies to ensure the protection of users’ personal data, since information leaks can have an extremely negative impact on the company’s reputation. Despite the existing protection systems, even large corporations are not insured against leaks and subsequent use of personal data by third parties for fraudulent purposes. According to statistics, more than 80% of companies incur financial losses due to violations of the integrity and confidentiality of the data used (Becerril, 2018). This problem especially concerns e-commerce companies promoting their brand by means of Internet marketing. Since the image of such companies is formed only on the basis of information received by the consumer from the Internet, consumer trust becomes crucial for the formation of a brand image.
In the modern world, the issue of personal data protection is relevant, especially the protection of personal data entering the Internet and their information security is relevant. Working online, a person receives a lot of useful information, but sometimes does not notice that their personal data is under great threat. It is obvious that by making extensive use of computers and networks for processing and transmitting information, e-commerce industries must be reliably protected from the possibility of unauthorized persons accessing their data bases and distorting them.
Background and Problem Statement
The Institute of Personal Data is a fairly young institute by legal standards. Its formation is closely connected with the development of the constitutional rights and freedoms of man and citizen, and first of all, with the right to privacy. The paradox of human development lies in the fact that throughout his development, man used, accumulated, transmitted information. The continuous process of informatization of society covers all spheres of human and state activity: from solving problems of national security, healthcare and transport management to education, finance, and even just interpersonal communication. With the development of electronic payment technologies and paperless document management, a serious failure of local networks paralyzed the work of entire corporations and banks, which led to significant material damage and colossal losses.
Since the beginning of the 2000s, large-scale leaks of users’ personal data began to occur on the Internet as a result of hackers hacking information databases of various organizations and enterprises (Zadereyko et al., 2019). To date, data leaks occur daily around the world, so it can be quite difficult to track them. However, it happens that a data leak is so large that it is impossible not to pay attention to it, since such leaks affect a huge number of people. And the consequences of such leaks can be truly catastrophic.
In 2018, more than 2,000 data leaks were recorded in the world, as a result of which about a billion data records were compromised (Wang et al., 2019). The results show that compared to 2015, the number of data leaks increased by 50%, and the number of stolen or compromised data records increased by 80% (Wang et al., 2019). The main target of cybercriminals when carrying out attacks in 2018 was personal data – such attacks accounted for 60% of all incidents, which is more than in any other category, including more incidents involving the theft of financial data (Bertrand et al., 2020).
In addition, the nature of data leaks has also tightened in 2018: about two-thirds of the 55 most serious incidents happened in 2018 (Bertrand et al., 2020). As for the analysis of statistics by industry, in 2018, data leaks most often occurred in retail and in the financial services sector (Mariania et al., 2021). In retail, the number of leaks increased slightly compared to last year and amounted to 15% of the total number of leaks in 2017 (Mariania et al., 2021).
At any e-commerce enterprise, in the course of which confidential information is processed, along with it there is a need to protect it. People are constantly creating more advanced data transmission channels, ways to protect these channels, their physiology and software improvement of the data transmission system. Depending on the data transmission channels in which information circulates, different methods of its protection are used and conceptually different approaches to protection are required.
Due to the constant development of high-speed Internet access technologies, important business components are moving to the Web environment. Bank-Client systems, public websites of organizations, online stores, news, entertainment and trading platforms, blogs, government portals are an obligatory component of the world wide web. Because of their accessibility, they often become an attractive target for attackers, so solutions for effective protection of web applications are now increasingly relevant and in demand. At the same time, ensuring security implies the protection of data; some assets are tangible and have monetary value, others are intangible, but nevertheless have value. The need to protect tangible assets, such as the company’s property register, personal data of users, customers and employees, electronic money is beyond doubt. However, it is also important to understand that such, of course, an intangible value as a company’s reputation also has a value and needs to be protected.
The main problem and key task related to ensuring information security, not only on a global scale, but also within any organization, is the protection of personal data. A separate issue of personal data protection on the Internet arises regarding e-commerce, because online purchases have become a natural phenomenon for most people. When performing these operations, it is worth studying the site where the goods are purchased very carefully for strict compliance with the law. Another source of danger for personal data on the Internet can be job search sites and portals of personalized (intended for a particular citizen and containing their personal data) services to the public.
The problem that this work is aimed at solving is the selection of optimal means to combat threats to which personal data that have entered the Internet may be exposed. This paper deals with the problems of personal data protection, the threat of their leakage and further illegal use by third parties as a result of their various illegal actions. Among them, theft, distortion, modification, erasure from the media and unauthorized access can be distinguished.
When considering the issue of taking measures to protect personal data, then first it is necessary to determine their purpose. These measures are aimed at limiting the use and processing of personal data by organizations without the knowledge of users, as well as preventing their leakage. Personal data in accordance with this law is considered to be any data about individuals (both customers and employees of the company) that can identify them. These include: name, ID number, IP address, etc. Personal data can be divided into two categories: general personal data which is considered in this paper, and sensitive data. General personal data allows to identify an individual and includes place of work, income level, education level, phone number, ID number, etc.
The protection of personal data includes the implementation of several aspects: the creation of local acts for working with personal data; the introduction of organizational measures to protect personal data; the implementation of technical measures to protect personal data. To date, a single automation tool that could thoroughly describe the process of personal data protection in an e-commerce organization, taking into account the realities existing in it has not been created. The implementation of personal data protection measures is a time-consuming and complex process. It naturally requires a specialist with the necessary qualifications to be on the staff of the institution, or the involvement of third-party specialists, which inevitably entails additional expenses associated with this.
The need to take measures to protect personal data is also caused by increased technical capabilities for copying and distributing information. The level of information technology has reached the point where self-protection of information rights is no longer an effective means against attacks on privacy. A modern person is no longer physically able to hide from the whole variety of technical devices for collecting and processing data about people that are explicitly or implicitly applied to them. Thus, this work deals with the problem of choosing the necessary organizational and technical measures when processing personal data. They are used to ensure the protection of personal data from unauthorized or accidental access, destruction, modification, blocking, and copying. The adoption of these measures is designed to prevent the dissemination and other illegal actions with respect to personal data.
Purpose of the Project
The present work is related to the discussion of the complexities of software development of information systems and methods for the protection of personal data. The purpose of this paper is to review existing methods for preventing the commission of Internet frauds. It considers modern means of protection against cyberbullying, including antivirus software packages that are able to detect and classify messages with suspicious content as spam.
This work focuses on the economic aspects of cyber threats — the problems that people and trading companies face in connection with online crime of various kinds. The main efforts will be aimed at a retrospective assessment of the current state of affairs. The paper studied the standards that allow to achieve information security of e-commerce web services, studied the stages and actions to achieve this goal. Separately, the protection mechanism of the Website, acting as a structural unit of the web service, was analyzed.
A study is being conducted of the most easily accessible and vulnerable places for hackers to attack, and the areas of greatest interest to attackers today. In this regard, examples of vulnerabilities and the consequences of their exploitation are established, as well as the vector of a possible attack and the method of protection (Laptiev et al., 2021). The main types of attacks are reviewed, with special attention being paid to attacks aimed at compromising the resource. The most rational solutions for ensuring cybersecurity and the principles of drawing up an integrated approach that should be used throughout the entire life cycle of software development are considered. It is advisable to use both technical means of protection and organizational measures, which is reflected in this work.
The paper aims to track the software both at the development stage and at the stage of active work. For example, a source code security audit is regarded – a service that allows to check every line of code for vulnerabilities (Fabiano, 2019). A penetration test aimed at identifying vulnerabilities in business logic, incorrect access differentiation, incorrect authentication and session management is also discussed. The auditor’s task at the same time is to bypass all means and methods of protecting the application and gain access to private data. The growth dynamics of modern Internet projects and constant updates: the addition of new functionality, code updates, infrastructure expansion leads to the emergence of new untested areas that may potentially contain vulnerabilities. Therefore, the work provides evidence of the need for periodic testing (at least once a year) and constant monitoring of logs for security incidents.
The work also focuses on the use of protection against various types of attacks, the introduction of WAFs and the use of vulnerability scanners, which are an integral part of an integrated approach and serve as additional protection. Among the tools considered, there are those that can be used exclusively as auxiliary tools. If during testing of some security methods it is possible to obtain data, for example, it is possible to find out the real IP address, then the tool is considered insufficiently reliable (Deng, 2019). At the same time, the work aims to collect information about the need for service updates during software testing, identification of unsafe configurations, open ports and analysis of surface vulnerabilities that may pose a threat to user data. Summing up, the project aims to develop ways to identify the most effective method of personal data protection for specific online trading processes.
Significance of the Project
Against the background of the destabilization and uncertainty caused by the pandemic, people saw that they were expected, and sometimes required, to provide personal information to combat the spread of COVID-19. At the same time, most of the vital activity has moved to the Internet — in normal mode, this process could take more than one year. Such large-scale changes that have affected people’s communication and their immersion in the digital environment have raised many issues related to privacy protection for organizations that want to comply with the law and stop the pandemic, while respecting the rights of the individual. Consumers and the general public are increasingly concerned about how their personal data is being used.
In this regard, data protection is increasingly becoming a key priority for most organizations. According to a survey conducted among data specialists from large and medium-sized global companies, more than half of respondents said that their organizations in 2020 were forced to introduce additional measures to protect corporate data (Clifford et al., 2018). The need for additional measures could arise due to the transition of many employees to remote, as well as due to the activation of fraudsters. During the pandemic, both the importance of privacy and the benefits that companies that implement enhanced protection measures receive have grown. Organizations report to top managers and boards of directors on data protection indicators. At the same time, the role of the leader of the organization is significant, since it is the head who decides on taking measures to increase the company’s privacy indicators.
Confidentiality has ceased to be just a matter of compliance with the requirements of the regulator: business considers it as one of the basic rules, compliance with which top managers should pay priority attention. Most organizations turn to their own data protection specialists to solve these problems (Kodapanakkal et al., 2020). This is due to the growing concern of consumers about the level of data security in the tools needed to make remote purchases, interact with e-commerce sites and connect to payment.
Radical changes in workflows and other consequences of COVID-19 have caused the weakening of the protection of the IT infrastructure. Inefficient implementation of remote access to e-commerce sites, vulnerabilities in VPNs and a shortage of personnel capable of solving these problems have led to the fact that corporate data was at risk of unauthorized access. Therefore, the development of new methods of personal data protection and regular testing of existing tools plays a particularly important role.
Moreover, the importance of this paper and, in particular, research in this area is due to the emergence of a greater number of innovative fishing lures designed to deceive users and complicate the identification of attacks. The most innovative method of mass fishing is the interception of email by the Emotet bot (Kuner et al., 2018). The bot automatically creates decoy emails using data stolen from hacked e-sales services. This data is subsequently used in correspondence, which makes them very convincing and encourages victims to open files with malware.
Whaling is a type of fishing aimed at senior managers, which is even more dangerous. In this way, cybercriminals are be able to use personal information found or stolen on the Internet to create convincing decoy letters to corporate email addresses (Kodapanakkal et al., 2020). At the same time, hackers actively exploit hot topics to push people to open malicious emails. This may be information about COVID vaccines, warnings about financial problems or political instability. In this regard, the role of the leader and their attitude to the security of their personal information data and company data is paramount.
Research Questions
First of all, the study will be aimed at answering the questions «What are the most popular types of credit card fraud and what are the most effective ways of protection against it? », as well as «What are the ways of reducing risks? » and «How do the factors of Diamond fraud theory apply to internet frauds? ». It will also be established how credit card fraud affects business. The impact will be assessed from three points of view. The most obvious way of fraud impact on business — financial losses — will be calculated. Secondly, it will be found out how a company that is exposed to fraud usually lowers its rating in the eyes of investors and business partners. In addition, the paper will answer the question «How can credit card fraud lead to data distortion? ». The study will also deal with ways of maximizing transaction security protection when shopping online.
In order to effectively combat credit card fraud, it is extremely important to understand the mechanism of fraud itself and how credit card fraud occurs. Therefore, the study will answer the question « What are the reasons for modern card fraud, the process itself and the shortcomings of the protection systems that make it possible? ». Attention will be paid to the two most common variants of criminal actions that lead to the theft of money on card accounts. The first option does not include the participation of the cardholder, when card data are stolen en masse from the servers of banks, online stores, online services, etc. As a rule, organized criminal groups or cybercriminals are involved in this. The card details are then sold on the black markets on the Internet, and the money is cashed out.
Next, the method of fraud with the direct help of the cardholder will be considered. In this case, the initiators are lone scammers; they usually use very effective methods of social engineering (a method of controlling human actions based on the use of the weaknesses of the human factor). They commit theft through various tricks or tricks affect the blind spots in the human psyche. The mechanisms of the prevailing types of fraud using plastic cards will be considered and the most effective ways of protecting against each of them will be highlighted. So, the analysis of skimming, shimming, re-debiting from the card, data interception, data theft with the help of viruses and Trojans will be carried out.
The next research question is «What are potential solutions to problems such as the organization of intellectual property, in particular software? ». They will be organized by the strength of the impact of protecting software from hacker hacks and attacks, from possible forgeries of cards mediating the theft of funds. Potential ways of developing and improving fraud methods will also be investigated. For example, earlier skimmers were placed only on ATMs or mini-cameras were installed next to ATMs to read PIN codes of plastic bank card holders. Today, keyboard pads have become the most popular (their own keyboard is pushed inside, and a panel is installed on top, which looks the same and fixes the entered PIN code). Therefore, the paper should highlight the prospects for the development of key trends in cyber frauds and find out what their impact on the global economy and business is.
Theoretical Framework
Personal data is any information related directly or indirectly to an individual who is prescribed by law as a subject of personal data. Yartey et al. provide a list of such customer information, which includes data from ID, exact place of residence, mobile phone, and email address (Yartey et al., 2021). When processing takes place using information systems, new potential threats appear that need to be minimized, and it is better to eliminate them altogether. A threat to information is considered a possible influence or impact on an automated processing system from inside or outside, which entails any negative consequences for the subjects of this information. Morse et al. provide a situational list when information systems become particularly vulnerable (Morse et al., 2020). It happens when the company’s software is imperfect, has not been updated for a long time and contains vulnerabilities. Moreover, the probability of threats is higher if some processes of the system (in particular, protective ones) do not function in full force, or the conditions of operation and storage of information are complicated.
According to Hou et al., there are several levels of security that determine the use of certain means of protection that appear in this paper (Hou et al., 2019). There are four of them in total: maximum, high, medium, and low; for each type of threat, the requirements set their own level of protection. Its choice is determined based on the characteristics presented by Wagner (Wagner, 2018). First of all, it is the number of subjects whose data are to be processed, the class and degree of value of the processed information. In addition, Sun et al. rely on the types of processing used, as well as the relevance of threats (Sun et al., 2018). Taking into account these parameters helps to develop an effective system of measures that can cope with threats to the safety of data at all assumed levels.
In addition to technical means, the protection system involves the implementation of certain measures. They are aimed at ensuring the proper security of personal data due to the requirements of regulatory acts. The measures are both technical and organizational in nature. According to Whitty, leakage, loss, distortion and destruction of personal data of buyers will be understood under cyber fraud in this work (Whitty, 2019).
Ivanov et al. state that compliance with the requirements for the protection of personal data involves the development, installation and maintenance of complex software systems that solve the following tasks (Ivanov et al., 2018). This is to avoid unauthorized access to data from both external intruders and insiders. For this purpose, firewalls, various access control systems, cryptographic and blocking means are used. The company chooses all the necessary means to protect personal data from leakage independently, requirements are imposed on their capabilities and certification, and not on specific names or types of software products.
According to Pérez-González et al., the task of developing one’s own data security system should be solved step by step (Pérez-González et al., 2019). Any project management methods offer several successive stages of introducing a new type of work. These are development, testing, implementation, analysis of results and revision, taking into account the identified shortcomings. All this complex of actions should take place under the control of the head of the organization. In this case, the creation of a personal data security system will be successful and will not require improvements and alterations.
The globalization of the economy, the rapid development of financial markets and instruments traded on them, the complication of relations between economic entities and their business operations at the present stage create favorable conditions for the tendentious presentation of public information, which includes the financial statements of companies. All this combined with the change in the moral foundations of the modern “homo economicus” generates new forms of corporate fraud. They increasingly do not fit into the framework of the differential association theory proposed by Cressy, better known as FTT (Zadereyko et al., 2019). Next, the three-factor model underlying FTT was modified by including another factor in it, conventionally called “abilities”. Almost fifty years later, an improved model appeared, which was called The Diamond Fraud Theory – FDT. The “ability” factor is necessary for the fraudster to ensure a better implementation of the conditions proposed under the FTT. In particular, it is necessary for the possibility of justifying and concealing unfair actions related to the falsification of public information of the company.
Limitations of the Project
The limitations of the project are primarily related to the inability to compile accurate statistics on the number of cyber frauds, since it is possible to operate only with notifications of data breaches that have been reported to the regulator. The total number of registered cybercrimes is only 10-12% of the actual number (Ali et al., 2018). This is because the affected citizens or organizations that have been subjected to extortion on the web are afraid to seek professional help to resolve the issue because of the risks of allowing the publication of stolen information.
Moreover, restrictions are imposed by the fact that attackers are constantly developing new ways to steal confidential data, all of which cannot be taken into account. For example, there are more than 20 types of software designed to cause damage to devices connected to the network (Harvey, 2018). Hackers are constantly improving their skills and have been implementing artificial intelligence for a long time, which presents potential threat detection systems with a lot of difficulties. In addition, fraudsters regularly develop new technologies for stealing payment data. From the customer’s’ profiles of online stores, they can get ID data, address, phone number, as well as bank card number.
New trends in the field of data protection regularly appear, the development of which also cannot be fully taken into account. For example, the use of artificial intelligence is a completely new stage in the fight against cyber fraud. As organizations move from the data center to cloud platforms, the use of AI-based technologies will continue to grow and become more widespread. There are also regular updates for monitoring and protecting online stores, allowing sellers to use new variations of security settings. They are carried out on the basis of the Data Leak Prevention system, which in real time detects and prevents unwanted transmission of confidential information of buyers through various channels both inside the company and outside of it. In addition, with its help, it is also possible to control such actions on the end devices of users.
In addition, it is impossible to foresee all potential security failures and internal vulnerabilities, which is also a constraint in this study. Research on this topic mainly affects only large trading enterprises that use full-fledged monitoring systems based on risks and a wide range of possible attacks. In small and medium-sized e-commerce businesses, there are very few works aimed at collecting and analyzing the risks of external influence, the data of which could be used.
Another limitation is the factor of human error, which is one of the most frequent and main causes of data breaches. Even the most reliable information security systems can be undermined by employees who do not comply with basic security requirements and are negligent in their duties. In case of intentional incidents, the most common motive is additional earnings. In large teams, there is a percentage of employees who are capable of violating if they see an opportunity for this. Unfortunately, employees of departments close to material values are at risk. Information is also valuable — both corporate (customer bases, supplier bases, marketing plans, etc.) and personal data of customers are in high demand. Sometimes employees consider corporate information personal, which is also a motive for its discharge; for example, those who leave often consider it possible to still have an access to the company’s data.
Assumptions
The motivation factor from The diamond fraud theory for Internet scammers might be different from other types of fraud and represent not money, but data. Presumably, the most effective means of protecting bank cards is the installation of an SSL certificate by the store on its website. The SSL certificate will protect such customer data of the online store as name, address, phone number, bank card details (Wang et al., 2020). Thus, hackers will not be able to steal this information and use it (for example, debit money from a client’s card). In addition, presumably each subsequent version of the program is more reliable than the previous one. This is due to the fact that with each new version, developers improve programs and eliminate weaknesses that could become loopholes for hackers. For independent platforms, non-updatable plugins, extensions and applications will make an e-commerce site an easy target for hackers and other intruders.
Constant updating of the website and server software with the help of fresh minor security versions will probably prove to be one of the best and simplest steps that can be taken to stop an attack. Therefore, installing the latest browser update and regularly updating the computer’s operating system should help prevent data leaks associated with device malfunctions. In addition, frequent checking of the service’s security notifications and timely application of security patches reduces the likelihood of hacking.
Presumably, the most effective algorithm for establishing maximum data transfer security will be to bring the site into compliance with the requirements of the international standard for e-commerce solutions. Regular checking of the site by security scanners, creation of backup copies of stores, data storage on a reliable hosting will be effective. If a business accepts credit or debit cards, regardless of whether they are offline or online, it is necessary to comply with the rules established by the PCI Security Standards Board (Wilson et al., 2018). These rules ensure that any financial data stored in the business is protected. Non-compliance with the rules will increase the vulnerability of customer information to hackers and data hacking.
Choosing the right hosting for a website is one way to protect an ecommerce site. Presumably, the installation of a dedicated server will be the most effective, since it is more protected from security breaches and other problems. Virtual services and hosting are likely to be the least effective, since they have common plans and it is not always possible to customize them for a specific store. It is important that a hosting provider maintains regular backups, keeps comprehensive logs of activities, and monitors network activity. Moreover, one of the important factors is the notification system for abnormal actions on the account and possible infection of the site. Technical support should notify about the violation and provide instructions and a link to the knowledge base on how to solve the problem and assist in eliminating it.
Another thing that may have a tangible effect is the use of plugins and firewall software. Firewalls also protect the site from other cyber threats on the Internet, such as cross-site scripting and SQL injection (Latchoumi et al., 2020). An additional step that is expected to significantly increase security will be the use of two-factor identification during the login process. It will require all users to provide an additional piece of information that only they should have. This is an excellent protection of the online store’s website from the leakage of bank card data.
Definitions
- Access control system: a set of software and hardware tools designed to organize and restrict access to data (Hirsch, 2018).
- Antivirus software: a program aimed at the prevention, detection and destruction of computer viruses (Taylor, 2020).
- Blocking protection: specialized software that blocks the transmission of confidential information and makes it possible to monitor the daily work of employees in order to find security weaknesses and prevent leaks (Becerril, 2018).
- Card holder: a person who has the legal right to use a plastic card to conduct financial transactions during a certain expiration date of the cards (Zadereyko et al., 2019).
- Confidentiality: the need to prevent unauthorized access to it by third parties (Wang et al., 2019).
- Credit card fraud: one of the options for illegal withdrawal of funds from a citizen, as well as illegal possession and use of personal data (Bertrand et al., 2020).
- Cryptographic protection: data protection by means of cryptographic transformation, which is understood as data transformation by encryption and (or) generation of an extension (Mariania et al., 2021).
- Details: bank account details, some of which are indicated on the card itself; these include the owner’s name, number, expiration date and security code (Laptiev et al., 2021).
- Diamond fraud theory: a four-factor model of the criteria required by a fraudster for the qualitative realization of theft, including opportunity, motivation, ability and justification. (Zadereyko et al., 2019).
- E-commerce: entrepreneurial activity that, in one way or another, is related to the distribution, advertising, promotion, sale of services or goods via the Internet (Fabiano, 2019).
- External intruder: an intruder who is outside the information system at the time of the threat implementation (Deng, 2019).
- Firewall: a computer programs whose purpose is to protect the computer from viruses and hacker attacks (Clifford et al., 2018).
- Fishing: a type of Internet fraud used to obtain user identification data (Kodapanakkal et al., 2020).
- Identity theft: a special type of fraud involving the use of someone else’s personal data to steal money or obtain other benefits (Kuner et al., 2018).
- Information security vulnerabilities: weaknesses of an information asset or means of control and management that can be used by attackers (Yartey et al., 2021).
- Information storage: the process of maintaining the source information in a form that ensures the issuance of data at the request of end users in a timely manner (Morse et al., 2020).
- Insider: an intruder who is in the information system at the time of the threat implementation (Hou et al., 2019).
- Leakage (of information) through a technical channel: the uncontrolled dissemination of information from a carrier of protected information through a physical medium to a technical means that intercepts information (Wagner, 2018).
- Level of protection: an indicator that characterizes the result of the impact of technical and organizational measures taken to ensure the safety and security of information (Sun et al., 2018).
- Personal data: any information directly or indirectly related to an individual and allowing them to be identified (Whitty, 2019).
- Re-debiting: double withdrawal of money from a bank card for the same operation (Ivanov et al., 2018).
- Shimming: an upgraded type of skimming, carried out using a thin technical device that reads information from a bank customer’s card at an ATM (Pérez-González et al., 2019).
- Skimming: a type of fraud with bank cards, which is the reading of information from their magnetic stripe using a special technical device or skimmer (Ali et al., 2018).
- Trojan: a malicious program used by an attacker to collect information, destroy or modify it, disrupt the performance of a computer or use its resources for nefarious purposes (Wang et al., 2020).
- Unauthorized access/actions: access to information or actions with information carried out in violation of the established rights and (or) rules of access to information or actions with it (Wilson et al., 2018).
- Virus: a small program that replicates by infecting executable files, file allocation blocks or the boot sector of the media and documents created using office packages (Latchoumi et al., 2020).
Summary
The first chapter began with the explanation of the globalization phenomenon, the main symbol of which is the Internet. Against the background of the globalization of Internet users, the popularity of online stores has been increasing recently. It acts as a communication center, playing the role of a coordinator for the smooth interaction of trading elements integrated into the network. However, the impact of the Internet is not limited to positive effects on global trade. Further, the problem of data leakage that arose as a result of the development of the phenomenon of globalization is spelled out. To date, it is happening at an unprecedented rate, and anyone related to e-commerce can encounter it at any time. The statistics collected in recent years are given, confirming that there have been a huge number of data leaks that affect public confidence in the brand.
In connection with the described processes, the purpose of the project is presented below, aimed at describing the various stages of protection against cyber fraud, common causes and the effectiveness of various prevention methods. As a result of the conducted research, an algorithm of the most effective means of crediting data for different types of credit card fraud should be presented. Further, the significance of the project associated with the popularization of online shopping, which came with the beginning of the COVID-19 pandemic and the subsequent lockdowns with the closure of shopping centers, is indicated. Due to the large influx of buyers to the Internet, new methods of fraud have also appeared, which require new protection solutions.
Then follow the questions that will be answered in the course of this study. First of all, it will be necessary to find out which types of credit card fraud are the most popular, and which methods of protection are effective and ineffective for everyone, as well as how it is possible to reduce the risk. After the research questions, theoretical concepts are presented, on the theses and definitions of which this study will be based. In addition, this section of the first chapter also presents the points of view of scientists, which are supported by sufficiently strong arguments and therefore are reliable. The presented theoretical sources reveal new aspects of the scientific substantiation of the problem of personal data protection when using credit cards.
Then the limitations of the project are presented; most of them are related to the rapid growth of cybercrime and the constant development of new methods of fraud. In addition, protection methods are improving rapidly, and at the moment there are too many ways that it is not possible to thoroughly cover in one work. In the Assumptions section, there are hypotheses about the methods of protection that will be the most and least effective. The list of measures with high efficiency is quite extensive and includes a large number of technical methods. At the same time, the list of ineffective methods is usually associated with the choice of a too universal and insufficiently customized method of protection. The list of definitions used in this work completes the first chapter. It can be divided into semantic fields “Types of credit card fraud”, “Methods of personal data protection”, “Confidentiality” and “Electronic commerce”. Then it is followed by a conclusion summarizing the first chapter and the previously mentioned information.
Procedures and Methodology
Introduction
The practical part of the work is connected with the application of the experience of various authors in the field of identifying various kinds of defects, vulnerabilities and threats to the security of information and software systems and their protection mechanisms. This experience was gained by them in the process of certification and state tests, case studies and security audits of more than 500 information security tools, products, portals and systems in the protected execution of leading foreign and American developers (Eslamkhah et al., 2019).
The extraordinary evolutionary growth in the complexity and dynamism of IT products has shown not only the inevitability, but also the hyper-complexity of assessing the compliance of IT products with information security requirements. Despite the heroic efforts of the leading developers, the security problem of software systems has not received its final solution (Baldassarre et al., 2020). The number of critical vulnerabilities does not decrease, and the process of code analysis becomes an extremely difficult task that must be permanently solved within the life cycle of the software system. In this regard, the certification of information security tools remains the main mechanism for managing information security systems. Its effectiveness in real life so far depends on the utmost organization and brainstorming of experts from testing laboratories and certification bodies. Therefore, the use of adequate methods, metrics and methodological techniques can be very useful, which is the main purpose of preparing this work.
In addition to the factors of technical evolution, it should be noted the extraordinary social interest in this problem noted in America over the past few years, for example, it is enough to mention several social phenomena. Thus, the inevitability of the implementation of the law on personal data has profoundly changed the attitude of all legal entities of the country to the protection of confidential information with all the ensuing consequences (Walters et al., 2018). The dialectical emergence of certification wars prompted the developers of security tools to comply with the certification rules in the American computer security market.
In the practical part of this work, the definition of conformity assessment based on a series of international standards is given. It also describes compliance assessment procedures in the field of information security. The following is a detailed description of the concept of certification of information security tools, its legislative and regulatory framework. The practical part is based on the application of mathematical models and methods that can be used in formal proofs of test results, as well as in the planning of work (Mamonova et al., 2020). It also provides formalized methods of testing means and mechanisms of information protection according to the requirements of traditional and new regulatory documents.
The assessment of compliance with the level of security protection, which will be carried out in the practical part of this paper, will demonstrate whether the specified requirements for the product, process and system are met. According to Kurpayanidi, the basic activities of conformity assessment are testing, control, certification, and accreditation for conformity assessment (Kurpayanidi, 2019). The activities used in this chapter will include various conformity assessment procedures. In the field of information security, examples of such conformity assessment activities are certification of informatization facilities, various types of testing and control according to information security requirements. In addition, as part of the procedure for determining the level of information security, it is also possible to audit the security of software, information systems and information security management systems.
In addition to certification of information security tools, various types of conformity assessment procedures for technical means and protection systems, namely testing, certification, testing, audit, and risk analysis, are recognized as the most effective. Testing is a type of activity or conformity assessment procedure. It consists in the experimental determination of the quantitative or qualitative characteristics of the test object as a result of exposure to it during its functioning, modeling or impacts. The legitimacy of information processing at informatization facilities is confirmed by their certification. Its main content consists of certification tests, which are a comprehensive check of the protected object of informatization. This happens in real operating conditions in order to assess the compliance of the applied set of measures and means of protection with the required level of information security.
During certification tests, the compliance of the informatization object with the requirements that ensure the effectiveness of the program is confirmed. First of all, it is the protection of information from unauthorized access (including computer viruses). Further, it is ensuring safety from leakage or exposure due to special devices built into the objects of informatization (Kamalieva et al., 2020). As for software testing, its purpose is to identify errors (defects and shortcomings) in the software implementation of the specified software properties. The features of modern software production imply that testing is integrated into the software quality management system at all stages of the life cycle. According to international standards, testing is a technical operation that consists in determining one or more characteristics of a product, process or service according to an appropriate procedure. Therefore, in the course of the practical part, the synthesis of the described methods for establishing the effectiveness of information security tools will be applied.
Research Project Design
First of all, to implement the project, it is necessary to select the most significant testing areas from the general list. It is necessary to determine the testing method in which the weaknesses of software systems from the point of view of security will be checked. Thus, it will be possible to determine whether there is a blind spot that can be hacked for further data theft. Therefore, it will be mandatory to check the implementation of access control rules. It consists in intercepting explicit and hidden requests, correctly recognizing authorized and unauthorized requests in accordance with discrete and mandatory rules.
It is important to note that manual testing is not the same as vulnerability testing. The purpose of vulnerability testing is simply to identify potential problems, while manual testing is designed to solve these problems. Penetration tests (or pentests) are performed manually in order to assess the security of the online store’s infrastructure by safely hacking it (Ghanem et al., 2019). Vulnerabilities of operating systems, services or applications, incorrect configurations or insufficiently cautious user behavior can be used for this. In other words, an attack is being carried out on the network, applications, devices and employees of the organization in order to check whether hackers can carry out such a hack. According to the test results, it also becomes clear how deeply an attacker could penetrate and how much data they could steal or use for one’s own purposes.
A set of measures is necessary in order to timely track, find vulnerabilities in the system, software in case of illegal, third-party interference, unauthorized access, as well as from copying information. In fact, this is an analysis of data privacy protection. In this regard, it is necessary to choose several of the most suitable tools for verification among those freely available (Panchekha et al., 2019). Security testing will primarily be aimed at minimizing possible risks associated with the purpose of protecting the integrity of the system, software, and personal data. A set of security measures includes checking the resistance of installed applications, software to virus, spyware, hacker attacks, malware. Next, it is needed to choose the tool that is most suitable for working with payment banking systems in online stores and trade web portals.
With the help of the selected tools, it is worth analyzing the degree of protection of confidential data. Next, it is necessary to compile a list of programs that make it possible to restrict third-party user access to certain information. They should also be suitable for checking the integrity of information, which includes the possibility of self-recovery of applications, software and their individual segments after unforeseen failures.
The required level of security largely depends on the type of applications being tested, so it is necessary to identify criteria for assessing the degree of protection. A comprehensive software security check can be carried out in three ways, which are called the white, gray, black box method (Park, 2019). Testing carried out using the white box method implies that the person who is trying to get into the system is well aware of its features and nuances. The gray box employs partial awareness and the black box – its complete absence. Each of the above methods has its own effectiveness and result. It is necessary to identify criteria that will help determine which of the methods is suitable in a particular case. In addition, a static analysis of the code, a search for possible vulnerabilities, bugs, and an assessment of the readiness of products for certification must be carried out without fail.
Sampling Procedures
The selection of ways to protect personal data on the Internet includes the most effective tools from four categories. These are antivirus packages of various types, firewalls, tools to prevent network attacks and alert about them, and scanners of potential vulnerabilities. Antivirus programs can be divided into classic, proactive virus protection and combined. Classic antivirus products search for viruses that are based on signatures — this is a method of searching for known viruses. There are programs with proactive virus protection, the purpose of which is to protect the system from infection; in combined programs, both methods are. The overwhelming number of programs on the market now are of the combined type, which is why they are considered in this paper.
Programs for corporate use differ from personal ones by the ability to install updates for a large number of users from an internal server. Therefore, when compiling a sample of antiviruses, criteria such as real-time protection against viruses and Internet threats (using cloud technologies) and a module for ensuring the security of Internet payments were taken into account. In addition, availability for different platforms (Windows, Android, Mac OS) was an important criterion, which affected the prevalence of using an antivirus package (Shah et al., 2021). The speed of checking the site and the main programs for viruses and adware was also evaluated.
Unlike antiviruses, a firewall is designed to prevent attacks on a computer, so other criteria were used when compiling the sample. The most important factors when choosing a firewall are simplicity and ease of configuration, and the presence of a training mode. Applications should block attacks from the network quickly enough, monitor the traffic of installed applications, detect viruses and malware, as well as automatically block ads when paying for an order.
The firewalls from the sample had to successfully protect against attacks, viruses, malicious code on the store’s pages and take into account a variety of vulnerabilities that could put the client’s security at risk (Kaplan et al., 2019). Moreover, the selected utilities should monitor the incoming and outgoing traffic of other applications. If the process seems suspicious, its connection to the Internet will be immediately blocked. Programs should also have several main modules or sections so that it is possible to customize the level of protection depending on the purpose of use. The selected firewalls also supported flexible network traffic management, creation of their own rules, password protection of settings.
Next, a sample of DLP systems (software or hardware-software complexes) was compiled, designed to prevent leaks of confidential information outside the corporate network. The sample was based on the effectiveness of the analysis of data flows circulating within the company and going beyond it. The reaction rate was also evaluated in case of triggering a pre-configured rule or policy that determines the fact of the transfer of protected information. The time was determined for which the system blocks such a transfer, or sends alarm notifications to a security officer.
DLP systems are divided into three main types (depending on the build of the control subsystem): network, agency, and hybrid DLPs (Guzairov et al., 2018). Network solutions are based on the application of the method of centralized monitoring of data traffic by submitting its mirror copy to deployed specialized servers for analysis according to configured security policies. However, analyzing only network flows, it is difficult to establish a complete picture of how users work with confidential information. In addition, given the current volume of encrypted traffic (according to analysts, in 2019 its share in global web traffic exceeds 60%) and the growing popularity of messengers, cloud services and other specialized applications for information exchange, it is extremely difficult to prevent leaks without workplace control (Dmitriev, 2020). For this reason, only hybrid-type software complexes were considered in the sample.
The last compiled sample included scanners of potential vulnerabilities. The global vulnerability scanner market is actively developing. These tools have become full-fledged vulnerability management systems that can be run as projects. In turn, vulnerability tracking projects turn into processes involving representatives of various departments. For the analysis in this work, modern scanners with integration with risk management or patch management systems, incident management platforms and secure development processes were selected.
Data Collection Sources
Verification of the effectiveness of the protection of e-commerce processes is impossible without a preliminary analysis of information about all aspects of the activities of the selected tools. Manual collection of a large amount of primary data could lead to errors and inaccuracies. Erroneous data taken into account when making a decision could negatively affect the subsequent operation of the protection mechanism. The volume of primary data also significantly affects the completeness and correctness of the subsequent protection strategy. For this reason, automated data collection and processing systems were used, as they cope with this task faster and more successfully both in terms of less labor intensity and in terms of the accuracy of the result obtained.
The list of predefined information sources used in automated data collection and processing includes several tools. First of all, these are sensors that record the time spent on the program’s response to system problems. These are various measuring streaming devices of malfunctions in the system. The largest amount of data was collected during static testing. It consists in on-demand scanning, which is carried out on a collection of malwares. In order to get meaningful results, any static test was conducted on a collection of malwares containing thousands of files. Samples collected over the last six months were used; in addition, during these tests, the results of checking the hard disk on demand were analyzed.
As part of the certification, the products were tested in several categories: the tested product had to recognize all viruses from the list, allowing an attacker to gain access to customers’ banking data (Noeiaghdam, 2019). Next, the program had to not only detect, but also cure the system of detected viruses. Thus, data collection was carried out using the method of statistical observation and consisted in scientifically based registration of facts and their signs characterizing the effectiveness of Internet protection mechanisms against bank data leakage according to a single developed program. This method was used during the initial observation; a monitoring program was compiled – a list of points for which information is collected, and a list of signs and indicators to be registered. These included the performance criteria listed above in the Sampling Procedure section.
In addition, criteria such as the level of detection of the virus collection, heuristic analysis, the percentage of false positives, and treatment of active infection were included in the form. The detection level was determined by the percentage of the number of malicious objects to the total number of files checked. Heuristic analysis included the ability to apply signatures and recognize modified versions of viruses in cases where the signature does not match the body of an unknown program by 100%, but there are more general signs of a virus in a suspicious program (Sing et al., 2021). This technology, however, is used very carefully in modern programs, as it can increase the number of false positives. In this regard, a check was carried out for the percentage of false positives, which is checked for collections with a large number of files that are not malicious. Then the number of false positives was calculated and the ratio of the number of false positives to the total number of files was calculated.
The monitoring program was issued in the form of a blank, in which primary information and technical indicators of the conducted tests were entered. A necessary addition to the form was the instructions, explaining the meaning of the tests carried out and the specific parameter being studied at the presented stage. Thus, a statistical aggregate was collected — a set of indicators of information data protection tools, united by a single qualitative basis (the purpose of programs), but differing from each other in separate features. As a result, homogeneous, dynamic and independent data units were collected.
Unlike static testing, small sets of samples were used to collect reaction rate data. In one type of reaction rate testing, in which the overall indicators for each antivirus company were displayed, test collections of a larger, although still relatively small, size were used. At the same time, the results for specific malware were not published. In another type of tests, calculations were carried out separately for each sample.
As for dynamic testing, its main goal was to use all available means to reproduce the real user environment for which the tested security product is intended. This becomes more and more important as completely new properties appear in the security tools that cannot be implemented in a classic test environment. Such a test was the closest to real conditions, and, as it became clear, the ability to counteract malware in many products turned out to be lower than their detection level when simply checking infected files on demand. The dynamic testing data were also recorded as primary statistical material, and checked for reliability and completeness.
Interviews
As part of the practical part of the study, interviews were conducted with information security specialists working in the fields of electronic commerce. During the interview, it was found out which security systems they prefer for specific enterprises, how they prevent the leakage of bank data. The interview was conducted in order to answer questions such as the method of information risk analysis, the degree of complexity of installation, configuration and maintenance of technical means of information protection.
Any online trading company has a staff of employees related to information technology. Depending on the type of activity of a particular company, its specialization and the tasks they face, they can perform different functions. In this regard, among the respondents there were employees of various fields of computer security, carrying out various activities. A security engineer is a kind of provider to the world of security for the whole company. They develop trainings and recommendations on security issues for internal groups of employees, evaluate security tools, provide assistance in personnel selection, and are engaged in administrative work in the field of information security. A cybersecurity specialist is responsible for ensuring that the organization’s software protection tools work efficiently and reliably. A cloud security engineer is well versed in digital cloud platforms, specializing in protecting databases stored on them. An information security auditor is a pro for checking various systems that may be under attack.
Operational security workers were asked about the preferred organization of the safety of banking information and the processing of data assets. Network and Internet security specialists provided answers to questions about methods of ensuring protection against various viruses and malware of all enterprise computers. Application security professionals were of particular interest: they provided information about establishing invulnerability in working with applications created for mobile devices. An important part was an interview with recovery staff; specialists in this field are called upon to provide assistance after the attack. They shared the value of speed when choosing a method of data protection, the preferred tools for suppressing espionage, stopping data leakage and destroying the virus.
The general section of the interview, applied to all information security specialists working in the fields of electronic commerce, was to determine the preferred tools in the fight against hacking. It was also mandatory to establish the direction and specifics of the place of work. Then it was found out how frequent the use of certified and licensed programs is. In addition, motives and criteria were calculated when choosing a mechanism for protecting client information. As leading questions, the interview included a section with questions about the weak points of the client part of the browser, vulnerabilities of web applications.
The final part of the interview with information security specialists working in the fields of electronic commerce was devoted to the real experience of eliminating threats. The first section dealt with unwanted content: a collection of materials and tools that are used to gain access to information. Such tools include malware, as well as unsafe links. Then there were questions about the experience of combating unauthorized access: hacking, interception of messages and theft of information. At the same time, both a fraudster resorting to hacking and a victim who accidentally provided this access could act as a conductor of unauthorized access. The most detailed section was the experience of dealing with fraud, which includes the use of technology for the purpose of embezzlement of funds. The questions in this part concerned fishing – obtaining personal data, usernames and passwords, and carding – stealing information about plastic cards.
Surveys and Questionnaires
Nowadays, the notion that an online store is one of the components of a commercial company is relevant. According to the data provided by Iavich et al., more than 40% of hacker attacks are on the websites of small businesses; dozens of hacks are registered every day (Iavich et al., 2019). Many companies pay special attention to security issues, as the modern progressive pace of development and activities in a competitive environment leave no other choice.
In this regard, after an interview with information security specialists, a survey of the heads of employer companies was conducted to collect data. This survey was conducted to determine the least effective ways to protect security, which should not be included in the final rating (Torten et al., 2018). The managers were asked if they were satisfied with the existing set of measures to protect the online store. The owners of online stores were also asked how ready they are for the fact that the tools of attackers are constantly increasing, and whether they are worried about attacks in the near future. They were asked questions about the experience of stealing confidential information (especially personal data), as well as penetration into their company’s information systems. Both hacker attacks on corporate web applications and mobile applications were considered.
The negative consequences of security problems experienced by e-commerce business leaders were also calculated. For example, the loss of access to the site was regarded when attackers install a malicious script that replaces the content of the page. A text in a different language appears instead of the product catalog. The next point in the survey was a drop in the number of orders: while the team was engaged in restoring the site after hacking, customers refused orders, and potential buyers went to competitors. It was also found out whether there was an outflow of the audience: if information about security problems gets into the network, it spreads with great speed. Trust in the brand is falling for a while and it is difficult to restore it (Wilis et al., 2020). Users place an order in an online store only if they are sure of its safety. As soon as information about security problems appears, some users flow to competitors. Therefore, during the survey, information was obtained as to how much the respondents’ stores enjoy the unconditional trust of the target audience.
The survey results were also aimed at establishing the necessary level of information security that would suit managers in terms of price and quality. In order to clarify these data, it was found out by whom the functions of ensuring information security in the organization are carried out (Norbekov, 2020). As the first answer option, it was proposed to specify a specially created full-time structural unit of an information security organization. The second answer was an employee (several employees) outside of a special unit that is assigned information security functions. The third answer option had to be chosen by managers whose electronic store security is provided by a third-party organization specializing in information protection. The study did not involve managers whose organizations do not work to protect information.
Next, the managers had to choose the professional standard of information security employees working in their company from the provided list. Automation of information analysis activities in the field of security, security of computer systems and networks, information protection in automated systems were proposed as possible answers. In addition, the list of options included such items as detection, prevention and elimination of the consequences of computer attacks and technical protection of information, technologies and labor organization, or to carry out changes in the economic conjuncture or other geopolitical and social processes. If the respondents chose an affirmative answer, they were asked to presume what new positions in the field of information security might appear in the organization.
Next, the managers had to determine whether they planned to update the equipment in the coming year. In order to simplify the task, a list of potential positions was attached to this issue, including various kinds of analysts: on the security of big data technology, detection of cyberattacks of increased complexity, system security. Experts in the field of information security were also included in possible answers: an expert in data analysis for fraud detection, the security of artificial intelligence and distributed registry technologies, or an expert in computer incidents. This question was included in the survey to identify protection mechanisms that are in demand among managers, high indicators for which will play the most important role.
Document Analysis
The analysis of the data conducted by Liu et al. was carried out through penetration tests and an information security audit (Liu et al., 2021). He showed that errors in the protection of web applications are still one of the most common shortcomings of information security. Moreover, vulnerabilities of web applications are one of the most common ways for attackers to implement attacks on web applications in order to steal information and then penetrate into corporate information systems. According to Nirmal’s statistics, the most common threats to the security of web applications are: cross-site scripting (XSS attacks), SQL injections, calling exceptional situations, forgery of cross-site requests (CSRF), threats of infection with malicious software (Nirmal et al., 2021).
Analysis of the next literature source shows that when ensuring the protection of web applications, it is necessary to take into account a number of features directly related to the process of their functioning (Kim et al., 2021). Thus, the website of the online store and the corresponding web applications (including for payment) should be available to users, customers and partners 24 hours 7 days a week. Abideen et al. claim that firewalls and the use of SSL do not provide protection against hacking of web applications (Abideen et al., 2019). This is because access to the site from external networks should always be open.
Li et al. claim that manual detection and elimination of vulnerabilities in the application itself, website or web portal also often does not give positive results (Li et al., 2020). Developers can find and fix thousands of vulnerabilities, but for an attacker to carry out an effective attack, it is enough to detect just one. The document analysis allows to conclude that the main provision of protection on the website of the online store should be carried out both at the design stage and the development of the payment application itself. However, making timely adjustments during its operation is also a necessity.
Based on the analysis of the functioning of the online store, vulnerabilities, and major threats, Bavel et al. propose an approach to the protection of a web application, implemented on the example of an online store model (Bavel et al., 2019). Since any online store is a web application related to an e-commerce system, the developed model of a secure online store should provide a solution to the problems of protection against threats of fraud and unauthorized access to users’ payment data. To do this, it is necessary to implement the following methods: fraud protection method, payment data protection method, and web vulnerability protection method.
Two experiments were conducted in the next study (Zeng et al., 2020). The first experiment was to assess the impact on the online store of an attacker when trying to inject malicious javascript code through a CSS attack in order to obtain a cookie of the administrator / manager of the online store. During the second experiment, which is of interest for this paper, the effectiveness of the payment data protection module was evaluated by modeling user registration and specifying payment data. Each experiment was carried out first with the protection modules turned off, then these experiments were repeated with the protection modules turned on.
During the second experiment aimed at evaluating the effectiveness of the payment data protection module, the registration of users in the online store and their input of their payment data, which were stored in the database of the online store, was simulated. When the payment data protection module was disabled, the payment data of the online store customer was stored in the database in an open form. Thus, if an attacker can gain unauthorized access to the database, he will be able to take possession of the payment data of the online store’s customers.
With the payment data protection module enabled, the payment data of the online store’s customers were stored in the database in encrypted form. Thus, if an attacker can gain unauthorized access to the online store’s database (for example, using server vulnerabilities), then they will have users’ payment data in encrypted form at their disposal. They will not be able to use them for their own purposes without the use of cryptanalysis tools.
Focus Groups
The focus groups included 5 of the most popular security applications for each of the categories highlighted in the Sampling Procedure chapter.
Antivirus Software
The antivirus software market is extremely extensive today, but some programs have firmly established themselves on the market. Avast antivirus has been in the top of free malware protection software for several years (Nurhayati, 2019). It has a high level of protection, is equipped with a built-in VPN and game mode, is able to create boot copies and assess the vulnerability of Wi-Fi networks. Antivirus Plus is one of the most popular antiviruses in the world, developed by the Romanian company Bitdefender (Shedid et al., 2019). In its arsenal there is a complete set of tools to prevent any virus attacks. At the same time, a special software core minimizes the load on the processor, preventing performance degradation during operation.
Dr.Web CureIt works quickly and efficiently, being able to find even those viruses that a regular antivirus may miss (Uchenna et al., 2018). The program will quickly scan any drive, its partition or directory, allowing the user to independently select objects to check. Kaspersky Lab consistently receives some of the highest scores in antivirus tests. This study examines Kaspersky Security Cloud, which is presented by the company as a new word in protection, combining all the achievements over the 20 years of Kaspersky Studio’s existence (Tchernykha et al., 2018). Considering that in recent years there have been many more different malware than other types of threats, one of the best means to combat it is MalwareBytes (Pisula, 2019). It allows to check the system for various malware and remove it in simultaneously with the operation of the site without violating it.
Firewalls
According to Movahedi’s et al. report, Windows is the most vulnerable operating system, so built-in protection makes sense (Movahedi et al., 2019). In addition to the well-known antivirus, Avast also releases a firewall, which is included in the paid set of Avast Premium Security programs (McIntosh et al., 2019). It comes in addition to an antivirus, an anti-spam module, a wireless network protection module and a set of other functions. PeerBlock is slightly different from all the other firewall programs listed in the paper. Instead of blocking programs, PeerBlock blocks a list of IP addresses belonging to certain categories (Abdi et al., 2020). For example, it can download and block a list of IP addresses that have been marked as business providers, advertising, spyware, etc.
pfSense is one of the leading network firewalls with a commercial level of functionality. It is an open-source security solution based on the FreeBSD (Wada et al., 2021). Sophos is a rising star in the cybersecurity industry, and its software is a great option for protecting businesses. The XG Firewall Business Edition security system is extremely advanced compared to standard firewall software (Stoynov et al., 2021). ZoneAlarm is a well-known firewall with an easy-to-use interface (Muzammil et al., 2019). Behind the user-friendly interface there are many functions, including the choice of the level of protection that can meet the requirements of any business.
Tools to Prevent Network Attacks
In the space of intrusion prevention solutions, the product of the manufacturer Positive Technologies is presented (Arefin et al., 2020). The program can perform all functions in real time, without affecting the network activity of the business in any way. Next-Generation Firewall is an evolution of typical firewalls with the ability to monitor the status of connections. The leading manufacturer of NGFW solutions that will be used in this work is UserGate (Anlei et al., 2020). The paper also presents a proxy server with information security functions, also known as a web filter. Smart-Soft is designed and optimized to comply with the company’s web security policies and control user access to websites (Mimura et al., 2018).
To defend from threats targeting vulnerabilities for which protection has not yet been developed, there is a category of network security solutions. Therefore, the main task of Cisco is to check the file sent through the network device for the presence of malicious code (Alfarsi et al., 2019). The InfoWatch data leak prevention system is the final one in this focus group. It is designed to detect and prevent potential violations of the confidentiality of data and personal information: for example, credit card numbers (Shabalin et al., 2020).
Scanners of Potential Vulnerabilities
Vulnerability scanning tools are one of the most important tools in information security departments, as vulnerabilities appear every day and thus leave a loophole for the organization. The OpenVAS Vulnerability Scanner is a vulnerability analysis tool that will allow scanning servers and network devices due to its complex nature (Dissanayaka et al., 2020). This scanner searches for an IP address and checks for any open services by scanning through open ports, misconfiguration, and vulnerabilities in existing objects. F-Secure Radar is a product of the company F-Secure, which is actively working in the antivirus market (Karantzas et al., 2021). Radar is a cloud-based solution that is not only a vulnerability scanner, but also a platform for vulnerability and asset management.
Astra is a full-featured cloud-based VAPT tool with a special focus on e-commerce (Sodhi, 2020). It comes with a set of applications, malware and network tests to assess the security of a web application for accepting payment orders. W9scan is a free console vulnerability scanner with more than 1200 built-in plugins (Muliński, 2020). They can detect fingerprints of web pages, ports, analyze the structure of a website, find various popular vulnerabilities, scan for SQL Injection. Sn1per is a powerful framework for automatic target security analysis (Li et al., 2021). This work will involve its extensions such as Findsploit (to quickly find exploits to vulnerabilities) and PrivEsc (to search for local bugs).
Observations
The test was conducted on a specially prepared stand running VMware Workstation. For each antivirus product, a clean virtual machine with the Microsoft Windows XP SP2 operating system was cloned (Singh et al., 2018). When installing antiviruses, all the actions recommended by the program were performed (system reboot, update, etc.). The antivirus settings were not changed and remained set by default. A separate clean virtual machine was allocated for each antivirus program. The collection recorded on an external hard disk was scanned. In each tested antivirus, the task of scanning a catalog with virus instances aimed at stealing bank data was launched on demand. The selected 5 antiviruses showed the following results in malware detection: Avast: 95, 52%; Plus: 78, 27%; Dr.Web CureIt: 89, 46%; Kaspersky Security Cloud: 96, 49%; MalwareBytes: 56, 02%.
Then a firewall test was conducted, during which a security testing program was launched, which checked the correctness of the firewall software. The firewall test involved analyzing a set of rules, which is the process of checking manual rules in a firewall. During testing, the program tried to penetrate through ports using certain network protocols to gain access to banking data. After the program was completed, a report was generated indicating the ports and protocols vulnerable in the network. Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and money transfer protocol (MTP) were tested (Akanji et al., 2012). This process was designed to completely check all open ports on the network, which can be several thousand ports. As a result, the number of used ports scanned by each firewall was obtained: Avast: 863; PeerBlock: 874; pfSense: 812; XG Firewall Business: 844; ZoneAlarm: 930.
The third step was testing tools to prevent network attacks. During the inspection, controlled penetrations were carried out in order to verify the completeness and reliability of the intrusion report. The detectors collected event data and used various metrics to determine that the analyzed activity deviated from normal. 10 controlled attacks were carried out by 5 different methods used in attacks on remote bank payment systems. Each of the tools counted the number of unauthorized login attempts. Then it was calculated how many times out of 10 the tools were able to interrupt the interception of access to mobile banking. The following results were observed: Positive Technologies: 9; UserGate: 7; Smart-Soft: 7; Cisco: 9; InfoWatch: 8.
In the final part of the observation stage, a test procedure was carried out to compare the work of vulnerability scanners of e-commerce sites. Previously prepared necessary test content for functional verification of all technical requirements contained various vulnerabilities. The entire class of equivalent vulnerabilities that can be found in the test site was considered as one vulnerability. Scanners with the selected settings were launched on the tested site and a set of functional tests was passed. Next, the web objects found by the scanner (unique links, vulnerabilities, attack vectors, etc.) were calculated and classified. As a result of observations, the following data on the number of identified vulnerabilities were obtained: OpenVAS Vulnerability Scanner: 75, 20%; F-Secure Radar: 79, 27%; Astra: 94, 24%; W9scan: 88, 46%; Sn1per: 90, 14%.
Data Analysis
All the selected tools showed a fairly high level of protection. The first position in the rating is occupied by Kaspersky Security Cloud and ZoneAlarm, the results of which are 96, 49% and 930, respectively. The second position in the rating is occupied by both Avast products that have shown high results. The antivirus software MalwareBytes and OpenVAS Vulnerability Scanner were the last in the ranking and the least effective: their results did not reach 80%. Thus, four levels of control were identified; then the programs and tools involved in the study were distributed among them. Focusing on software and hardware, three main levels of protection can be distinguished. The tools of the first level cope with the search and destruction of known viruses. Second-level programs are successfully working with the search and destruction of unknown viruses, and blocking the manifestation of viruses is a built-in function of the third level of protection.
With the search and destruction of known viruses, it is best possible to cope with using the scanning method. It consists in detecting computer viruses by their unique fragment of program code (signature, program strain). To do this, F-Secure Radar, Astra, W9scan and Sn1per have successfully created some scanning database with code fragments of known computer viruses. Virus detection was carried out by them by comparing the data in the computer’s memory with the fixed codes of the scanning database. Astra and Sn1per were the most successful in identifying and identifying the code of the new virus. They entered the largest number of virus signatures into the scan database. The peculiarity of F-Secure Radar was that it was possible to correctly restore and disinfect infected areas of the electronic payment system. The following feature of W9scan should be noted: the application system does not store the signatures themselves, but checksums or signature extensions. The identified shortcomings of the first-level tools (in particular, scanners) were attributed to the fact that they allow detecting viruses that have already penetrated computer systems, have been studied and a signature has been determined for them. For their effective operation, it is necessary to promptly replenish the scanning database.
Detection and elimination of unknown viruses are necessary to protect against viruses missed at the first level of antivirus protection. The most effective method is system integrity monitoring (change detection), which most of the tools present in this study work with. Both antiviruses and firewalls were able to successfully check and compare the current parameters of the computing system with the reference ones corresponding to its uninfected state. 80% of the studied tools successfully ensured the protection of the information resource from unauthorized modification and deletion as a result of various kinds of illegitimate influences, and failures of the system and environment. Therefore, all tools to prevent network attacks (Positive Technologies, UserGate, Smart-Soft, Cisco and InfoWatch) coped with their task at about the same level, which allows them to be attributed to the second level. In addition, without exception, all antiviruses and brandmasters also coped with the above-mentioned tasks of the second level.
The highest level of protection, consisting in blocking the manifestation of viruses and protection against destructive actions and reproduction of computer viruses, which managed to overcome the first two levels of protection, can be attributed to more than half of the studied antiviruses and firewalls. The methods of Avast, Dr.Web CureIt and Kaspersky Security Cloud antiviruses, as well as Avast, PeerBlock, XG Firewall Business and ZoneAlarm firewalls are based on the interception of virus-specific functions. Dr.Web CureIt and XG Firewall Business work on the principle of filter programs, so they are slightly less effective than other tools that work as hardware controls. When working in global public networks (in particular, when receiving payment from customers), third-level security programs performed antivirus control of all passing traffic. It could be carried out in various ways: by implementing an antivirus proxy server or by integrating an antivirus component with a firewall. The disadvantages of these controllers include the lack of an autoconfiguration system. As a result, there is a possibility of conflicts with other system programs, including other safety protection tools.
Summary
The chapter on procedures and methodology began with an introduction outlining the intended purpose of the research. The background of the complexity of the processes is provided during which the operation of tools to ensure the confidentiality of personal data of the client and the seller will be measured and tested. After the introduction, the research project design was presented. This section contains a description of research methods and algorithms for solving the tasks set in the paper. In addition, it also includes a description of the organization and content of the study: research procedures, and criteria for evaluating the results of the study that will be used.
Then follows a description of sampling procedures necessary for analyzing the quality of research objects, determining their properties by reliability indicators. It describes how the selected samples will present the analyzed composition indicators for the current period of time with the most possible completeness. In addition, the main requirements for sampling used when writing paper are argued. After the description of the sampling procedure, data collection sources are presented. Since the statistical method is used in this work, the proposed process of direct observation is given. The methods of measurement and counting, according to which the registration of the studied units is carried out, are explained. In addition, this section contains details about a documented observation involving obtaining information based on an analysis of the literature.
Then followed a description of a formalized interview with open questions conducted with security specialists in the field of e-commerce. The mandatory plan of the interview, the sequence of questions and their formulations in an open form were described. The answer options and the principles of dividing the interviewees into groups were normalized. In addition to interviews, such a method of collecting primary information as a survey of e-commerce business leaders was also used. It provided for a written appeal to a set of people (respondents) using information security tools in their application or on their website. It was also determined how the statistical processing and interpretation of the responses received would be carried out.
The next part of the third chapter was the collection of theoretical information about the phenomena and processes of data protection using documentary sources. Information from the documents was extracted and recorded, which was later used to study the research problem. The subject of the analysis of the documents included such characteristics and properties of the security content in the field of electronic commerce as the main criteria for assessing the level of protection of bank data.
The study presents four focus groups, the first of which is antivirus software. The five most common antivirus software for the installation of information security of IT infrastructure in the corporate e-commerce sector are described. Then follows a focus group of five firewalls, recognized during the interview as the most powerful means of traffic control. The general functions performed by the firewalls involved in this paper are described. The tactics and advantages of each of the five presented software are described.
The importance of using tools for preventing network attacks in corporate networks has appeared for a long time, and therefore five similar programs are included in the third focus group. The article names the manufacturers that were identified by the interview participants as the most effective. In addition, the interview participants confirmed that data leakage occurs more often than money theft. This demonstrates the fact that The diamond fraud theory modifies the motivation factor for offline scammers.Small details are provided about how a particular program copes with bypass methods, and a brief description of attack prevention systems. One of the most important stages of ensuring information security is the identification of potential risks. Therefore, based on the responses of the interviewed IT specialists, a focus group of five scanners of potential vulnerabilities was compiled. A small summary of each of the network scanners has also been prepared, describing the tasks they are aimed at solving.
Further observations on the testing of the selected programs were presented. The process of checking each of the focus groups is described, and the obtained indicators are given. This section presents all the statistical data received during the work with the four categories of protection. In the final part of the third chapter, an analysis of the data obtained during the observation of testing was carried out. Despite the fact that many of the selected programs showed a very high, third level of data security protection, none of them turned out to be 100% effective. In this connection, it can be concluded that it is most reliable to combine several bank data protection programs at once.
References
Abdi, A., & Singh, G. (2020). Opportunities and challenges of implementation of peer-to-peer block chain technology in the higher educational institutions. International Journal of Engineering Research & Technology, 9(5), 348-358. doi: 10.5860/crl.81.1.43
Abideen, M. Z., Saleem, S., & Ejaz, M. (2019). Advanced data security and its applications in multimedia for secure communication. Security and Communication Network, 9(15), 312-316. doi: 10.1155/2019/7924690
Akanji, O. S., Abisoye, O. A., & Iliyasu, M. A. (2021). Mitigating slow hypertext transfer protocol distributed denial of service attacks in software defined networks. Journal of Information and Communication Technology, 20(3), 277-304. doi: 10.32890/jict2021.20.3.1
Alfarsi, G., Tawafak, R. M., Alsidiri, A., Jabbar, J., Malik, S. I., & Alsinani, M. (2019). Using Cisco packet tracer to simulate smart home. International Journal of Engineering Research & Technology, 8(12), 670-674. doi: 10.1007/s10586-017-1298-1
Ali, N. I., Samsuri, S., Seman, M. A., Brohi, I. A., & Shah, A. (2018). Cybercrime an emerging challenge for internet users: An overview. Sindh University Research Journal: Science Series, 50(3D), 55-58. doi: 10.1016/j.procs.2015.08.443
Anlei, W., Zhaoshun, W., & Shuwang, L. (2020). A fast-single pattern matching algorithm of next generation firewall. International Journal of New Developments in Engineering and Society, 4(1), 33-40. doi: 10.25236/IJNDES.040106
Arefin, T., Uddin, R., Evan, N. A., & Alam, R. (2020). Enterprise network: Security enhancement and policy management using next-generation firewall (NGFW). Computer Networks and ISDN systems, 25(5), 280-310. doi: 10.29145/sir/22/020204
Baldassarre, M. T., Barletta, V. S., Caivano, D., & Scalera, M. (2020). Integrating security and privacy in software development. Software Quality Journal, 28(14), 987-1018. doi: 10.1007/s11219-020-09501-6
Bavel, R. V., Rodríguez-Priego, N., Vila, J., & Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies, 123(6), 29-39. doi: 10.1016/j.ijhcs.2018.11.003
Becerril, A. (2018). The value of our personal data in the Big Data and the Internet of all Things Era. Advances in Distributed Computing and Artificial Intelligence Journal Regular Issue, 7(2), 71-80. doi: 10.14201/ADCAIJ2018727180
Bertrand, Y., Boudaoud, K., & Riveill, R. (2020). What do you think about your company’s leaks? A survey on end-users perception toward data leakage mechanisms. Frontiers in Big Data, 8(5), 1-13. doi: 10.3389/fdata.2020.568257
Clifford, D., & Ausloos, J. (2018). Data protection and the role of fairness. Yearbook of European Law, 37(6), 130-187. doi: 10.1093/yel/yey004
Deng, M. I. (2019). Regulation and protection of personal data in the context of big data. Journal of Beijing University of Posts and Telecom, 21(1), 19-25. doi: 1019722/jcnki1008772920180176
Dissanayaka, A. M., Mengel, S., Gittner, L., & Khan, H. (2020). Security assurance of MongoDB in singularity LXCs: An elastic and convenient testbed using Linux containers to explore vulnerabilities. Cluster Computing, 23(2), 1955-1971. doi: 10.1007/s10586-017-1511-2
Dmitriev, D. D. (2020). Software and hardware complex for the development and research of methods for broadband access to multimedia resources and the Internet. Journal of Physics: Conference Series, 5(15), 1-7. doi: 10.1088/1742-6596/1515/3/032041
Eslamkhah, M., & Seno, S. A. (2019). Identifying and ranking knowledge management tools and techniques affecting organizational information security improvement. Knowledge Management Research & Practice, 26(3), 1-30. doi: 10.1080/14778238.2019.1599495
Fabiano, N. (2019). Ethics and the Protection of Personal Data. Systemics, cybernetics and informatics, 17(2), 58-64. doi: 10.1145/3309772.3309787
Ghanem, M. C., & Chen, T. M. (2019). Reinforcement learning for efficient network penetration testing. Information, 11(6), 1-23. doi: 10.3390/info11010006
Guzairov, M., Gvozdev, V., Davlieva, A., & Teslenko, V. (2018). Analysis of properties hardware-software system in efficiency index under uncertainty component structures. Advances in Intelligent Systems Research, 6(4), 19-25. doi: 10.2991/iwci-18.2018.13
Harvey, L. A. (2018). REDCap: Web-based software for all types of data storage and collection. Spinal Cord, 56(625), 1282 -1288. doi: 10.1038/s41393-018-0169-9
Hirsch, P.B. (2018). The goose that laid the golden eggs: personal data and the Internet of Things. Journal of Business Strategy, 40(1), 48-52. doi: 10.1108/JBS-10-2018-0176
Hou, H., Yua, J., & Hao, R. (2019). Cloud storage auditing with deduplication supporting different security levels according to data popularity. Journal of Network and Computer Applications, 134(4), 26-39. doi: 10.1016/j.jnca.2019.02.015
Iavich, M., Gnatyuk, S., Iashvili, G., & Fesenko, A. (2019). Cyber security European standards in business. Scientific and Practical Cyber Security Journal, 3(2), 36-39. doi: 10.1007/s11042-016-3495-y
Ivanov, V., Reznik, A., & Succi, G. (2018). Comparing the reliability of software systems: A case study on mobile operating systems. Information Sciences, 423(4), 398-411. doi: 10.1016/j.ins.2017.08.079
Kamalieva, L. A., Kazakova, I. A., Nikonovich, S. L., Goncharov, V. V., & Livson, M. (2020). Improving information security: Criminal-legal means of counteracting digital data leakage. Laplage em Revista, 6(1), 222-229. doi: 10.24115/S2446-622020206
Kaplan, D. E., & Rajendran, S. (2019). Firewalls in general relativity. Physical Review, 99(4), 1-8. doi: 10.1103/PhysRevD.99.044033
Karantzas, G., & Patsakis, C. (2021). An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. Journal of Cybersecurity and Privacy, 1(6), 387-421. doi: 10.3390/jcp1030021
Kim, Y., Wang, Q., & Roh, T. (2021). Do information and service quality affect perceived privacy protection, satisfaction, and loyalty? Evidence from a Chinese O2O-based mobile shopping application. Telematics and Informatics, 56(39), 568-575. doi: 10.1016/j.tele.2020.101483
Kodapanakkal, R. I., Brandt, M. J., Kogler, C., & Beest, I. V. (2020). Self-interest and data protection drive the adoption and moral acceptability of big data technologies: A conjoint analysis approach. Computers in Human Behavior, 108(2), 10-16. doi: 10.1016/j.chb.2020.106303
Kuner, C., Cate, F. H., Lynskey, O., Millard, C., Loideain, N. N., & Svantesson, D. J. (2018). Expanding the artificial intelligence-data protection debate. International Data Privacy Law, 8(4), 289-292. doi: 10.1093/idpl/ipy024
Kurpayanidi, K. I. (2019). Theoretical basis of management of innovative activity of industrial corporation. International Scientific Journal of Theoretical & Applied Science, 69(1), 7-14. doi: 10.15863/TAS
Laptiev, O., Savchenko, V., Kotenko, A., Akhramovych, V., & Samosyuk, V. (2021). Method of determining trust and protection of personal data in social networks. International Journal of Communication Networks and Information Security, 13(1), 15-21. doi: 10.54039/ijcnis.v13i2.5034
Latchoumi, T. P., Reddy, M. S., & Balamurugan, K. (2020). Applied machine learning predictive analytics to SQL injection attack detection and prevention. European Journal of Molecular & Clinical Medicine, 7(2), 3543 – 3553. doi: 10.23919/INM.2017.7987433
Li, X., Wang, L., Xin, Y., Yang, Y., & Chen, Y. (2020). Automated vulnerability detection in source code using minimum intermediate representation learning. Applied Sciences, 10(16), 1-16. doi: 10.3390/app10051692
Li, Y., Cheng, J., Huang, J., Chen, Z., & Niu, W. (2021). NEDetector: Automatically extracting cybersecurity neologisms from hacker forums. Journal of Information Security and Applications, 169(58), 80-90. doi: 10.1016/j.jisa.2021.102784
Liu, S., Reviriego, P., Montuschi, P., & Lombardi, F. (2021). Less-is-Better Protection (LBP) for memory errors in kNNs classifiers. Future Generation Computer Systems, 117(22), 401-411. doi: 10.1016/j.future.2020.12.015
Mamonova, G., & Maidaniuk, N. (2020). Mathematical tools for the internet of things analysis. Cybernetics and Systems Analysis, 56(15), 621-627. doi: 10.1007/s10559-020-00279-w
Mariania, M. M., Styven, M. E., & Teulon, F. (2021). Explaining the intention to use digital personal data stores: An empirical study. Technological Forecasting and Social Change, 166(2), 12-16. doi: 10.1016/j.techfore.2021.120657
McIntosh, T., Jang-Jaccard, J., Watters, P., & Susnjak, T. (2019). Masquerade attacks against security software exclusion lists. Australian Journal of Intelligent Information Processing Systems, 16(4), 1-8. doi: 10.1007/978-3-030-66218-9
Mimura, M., & Tanaka, H. (2018). Leaving all proxy server logs to paragraph vector. Journal of Information Processing, 26(38), 804-812. doi: 10.4018/978-1-4666-5888-2
Morse, W. C., Cox, C., & Anderson, C. J. (2020). Using public participation geographic information systems (PPGIS) to identify valued landscapes vulnerable to sea level rise. Sustainability, 12(6), 1-34. doi: 10.3390/su121767
Movahedi, Y., Cukier, M., Andongabo, A., & Gashi, I. (2019). Cluster-based vulnerability assessment of operating systems and web browsers. Computing, 101(4), 139-160. doi: 10.1007/s00607-018-0663-0
Muliński, T. (2020). ICT security in tax administration – Rapid7 Nexpose vulnerability analysis. Studia Informatica: Systems and Information Technology, 2(24), 37-51. doi: 10.34739/si.2020.24.03
Muzammil, A. C., & Nandan, R. (2019). Comparative analysis of packet filtering firewall. International Journal of Scientific Research in Computer Science Applications and Management Studies, 8(5), 1-4. doi: 10.5334/dsj-2018-032
Nirmal, K., Janet, B., & Kumar, R. (2021). Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection. Peer-to-Peer Networking and Applications, 14(4), 2327-2329. doi: 10.1007/s12083-020-00944-z
Noeiaghdam, S. (2019). A novel technique to solve the modified epidemiological model of computer viruses. SeMA Journal, 76(8), 97-108. doi: 10.1007/s40324-018-0163-3
Norbekov, J. (2020). Ensuring information security as an ideological problem. Mental Enlightenment Scientific-Methodological Journal, 1(39), 56-65. doi: 10.1002/ett.3815
Nurhayati, A. (2019). Mapping perception of consumer antivirus software with multidimensional scaling method. Journal on Computer Science and Information Technologies, 4(3), 91-95. doi: 10.11591/APTIKOM.J.CSIT.13
Panchekha, P., Ernst, M. D., Tatlock, Z., & Kamil, S. (2019). Modular verification of web page layout. PROC Acm. Programming Language, 3(151), 1-26. doi: 10.1145/3360577
Park, S. (2019). Software requirement specification based on a gray box for embedded systems: A case study of a mobile phone camera sensor controller. Computers, 8(20), 1-11. doi: 10.3390/computers801002
Pisula, A. (2019). Enigma software group USA. Federal Communications Law Journal, 72(2), 272-275. doi: 10.1109/VTCSpring.2015.7146058
Pérez-González, C. J., Colebrook, M., Roda-García, J. L., & Rosa-Remedios, B. (2019). Developing a data analytics platform to support decision making in emergency and security management. Expert Systems with Applications, 120(7), 167-184. doi: 10.1016/j.eswa.2018.11.023
Shabalin, A. M., & Kaliberda, E. A. (2020). Building a virtual model for corporate information protection using InfoWatch traffic monitor system. Proceedings in Cybernetics, 67(1), 35-42. doi: 10.34822/1999-7604-2020-1-35-42
Shah, H., & Comissiong, D. M. (2021). Computer virus model with stealth viruses and antivirus renewal in a network with fast infectors. SN Computer Science, 407(3), 34-39. doi: 10.1007/s42979-021-00780-9
Shedid, M., Abdelmonem, M., Boraik, A., Elmetwalli, A., & Hassan, D. (2019). Safety parameters throughout the first month of direct-acting antivirus. American Journal of Technologies, 152(1), 16-19. doi: 10.1016/j.jss.2020.110609
Sing, P., & Kottath, R. (2021). An ensemble approach to meta-heuristic algorithms: Comparative analysis and its applications. Computers & Industrial Engineering, 162(48), 1-13. doi: 10.1016/j.cie.2021.107739
Singh, H., & Kumar, A. (2018). A review on Windows update, security patch and issues. International Journal of Emerging Technologies and Innovative Research, 5(10), 701-712. doi: 10.5120/ijca2015907209
Sodhi, H. S. (2020). An investigation for prioritizing industry 4.0 tools using analytic hierarchy process. International Journal of Advance Science and Technology, 29(10S), 5619-5629. doi: 10.1016/j.jisa.2021.102752
Stoynov, S., & Nikolov, B. (2021). Approach to SHIP’S IT and OT systems cybersecurity improvement. Pedagogika-Pedagogy, 93(7s), 185-196. doi: 10.53656/ped21-7s.16appr
Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., & Wang, G. (2018). Data processing and text mining technologies on electronic medical records: A review. Journal of Healthcare Engineering, 14(3), 1-9. doi: 10.1155/2018/4302425
Taylor, R. D. (2020). “Data localization”: The internet in the balance. Telecommunications Policy, 44(8), 132-135. doi: 10.1016/j.telpol.2020.102003
Tchernykha, A., Babenko, M., Chervyakov, N., Miranda-López, V., Kuchukov, V., Cortés-Mendoza, J., & Deryabin, M. (2018). AC-RRNS: Anti -collusion secured data sharing scheme for cloud storage. International Journal of Approximate Reasoning, 45(4), 1-16. doi: 10.1108/ILDS-07-2016-0026
Torten, R., Reaiche, C., & Boyle, S. (2018). The impact of security awareness on information technology professionals’ behavior. Computers & Security, 79(4), 68-79. doi: 10.1016/j.cose.2018.08.007
Uchenna, C. C., Roslee, M. B., & Nmenme, P. U. (2018). Android anti-virus system for malware mutation in networking. Engineering International, 6(2), 63-78. doi: 10.1007/978-3-319-39510-4_25
Wada, I., Dawakinkudu, A. M., & Saka, K. A. (2021). Usability and challenges of pfSense deployed for management of library networks, servers and users in State University of Science and Technology, Wudil. Jewel Journal of Librarianship, 16(3), 71-90. doi: 10.1016/j.acalib.2019.01.001
Wagner, J. (2018). The transfer of personal data to third countries under the GDPR: When does a recipient country provide an adequate level of protection? International Data Privacy Law, 8(4), 318-337. doi: 10.1093/idpl/ipy008
Walters, R., Zeller, B., & Trakman, L. (2018). Personal data law and competition law: Where is it heading? UNSW Law Research Journal, 18(73), 1-20. doi: 10.2139/ssrn.3275832
Wang, X., Continella, A., Yang, Y., He, Y., & Zhu, S. (2019). Leakdoctor: Toward automatically diagnosing privacy leaks in mobile applications. Proceedings of the ACM on Interactive Mobile Wearable and Wearable Ubiquitous Technologies, 3(28), 1-25. doi: 10.1145/3314415
Wang, Y., Xu, G., Liu, X., Mao, W., Si, C., Pedrycz, W., & Wang, W. (2020). Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis. Journal of Systems and Software, 167(4), 16-19. doi: 10.1016/j.jss.2020.110609
Whitty, M. T. (2019). Predicting susceptibility to cyber-fraud victimhood. Journal of Financial Crime, 26(1), 277-292. doi: 10.1108/JFC-10-2017-0095
Wilis, R. A., & Nurwulandari, A. (2020). The effect of e-service quality, e-trust, price and brand image towards e-satisfaction and its impact on e-loyalty of Traveloka’s customer. Jurnal Ilmiah Manajemen, Ekonomi, dan Akuntansi, 4(3), 1061-1099. doi: 10.1016/j.apmrv.2015.03.005
Wilson, D., Roman, E., & Beierly, I. (2018). PCI DSS and card brands: Standards, compliance and enforcement. Cyber Security: A Peer-Reviewed Journal, 2(1), 73-82. doi: 10.1145/3314415
Yartey, D., Omojola, O., Amodu, L., Ndubueze, N., Adeyeye, B., & Adesina, E. (2021). Personal data collection and usage for mobile marketing: Customer awareness and perception. WSEAS Transactions on Business and Economics, 18(5), 42-50. doi: 10.37394/23207.2021.18.5
Zadereyko, O. V., Trofymenko, O. G., & Loginova, N. I. (2019). Algorithm of user’s personal data protection against data leaks in Windows 10 OS. Informatics, Control, Measurement in Economy and Environmental Protection, 1(5), 41-44. doi: 10.5604/01.3001.0013.0905
Zeng, W., Bashir, R., Wood, T., Siewe, F., Janicke, H., & Wagner, I. (2020). How location-aware access control affects user privacy and security in cloud computing systems. EAI Endorsed Transactions on Cloud Systems, 6(18), 1-11. doi: 10.4108/eai.13-7-2018.165236
Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.