2. Click for More >>>
Need to Protect Data Protection
Confidentiality of Data Legislation
Social and Ethical
Shop Security Implications of Access
to Personal Information
Online Banking Online Shopping
Back to
Contents
3. Need to protect confidentiality
of data
• This means that data should only be
seen by people who are authorised to
see it.
What is the main technique used into ICT
to ensure the confidentiality of data in
online systems?
Encryption
Back to
What is encryption?
Contents
4. Encryption
• This is a process by which ordinary data is
converted into a secret code. This is done so
that anyone unauthorised to see the data
doesn‟t.
• However, they do have the ability to delete
the information that they intercept.
• On the receiving on of the encrypted data it
is decrypted using a secret key.
Note:
Unencrypted data
is called plain text
Encrypted data is
referred to as cipher
Back to
text
Contents
5. Shop Security
There are two types of encryption keys:
1. Public encryption key
2. Private encryption key
People have a public encryption key they can tell
everyone about. And they have a private
encryption key, which only they know about.
So what?
Back to
Contents
6. So…
• If you know a persons public encryption key; you
can encrypt a message and send it to them. But
ONLY that individual can decrypt the message
using their private key.
• For example: When John wants to send a secure
message to Jane, he uses Jane's public key to
encrypt the message. Jane then uses her private
key to decrypt it.
What is a public key system?
Back to
Contents
7. Public Key System
“This is used to encrypt data
that is transmitted using the
Internet for payment purposes”
Keep in mind that when we use the
Internet to make a payment; all these
tasks of encrypting and decrypting
happens in the background (so we
don’t see it)
Back to
Contents
8. Online Banking
“Online banking uses secure
sites and all the data transferred
using the Internet including your
password, is encrypted.”
• Encryption does not prevent hackers from
accessing your PC. These hackers could use a key
logging software. This allows them to detect the
keys you are pressing on the keyboard. (this may
also allow them to discover your password)
Back to Additional Methods of Security
Contents
9. Additional Methods of Security
1- Use Transaction numbers (TANs): these are passwords that can only
be used once. This could be sent to you via a text message from the
bank. They are only valid for a few minutes thus reducing the time for
a hacker to intercept and use it.
2- Ask the user to type in only part of the password. Every time the
user logs in they are asked for the part of the password in a different
combination (i.e. 2nd character, 3rd character, and 6th character)
3- Providing the customer with a handheld chip and PIN device. This
device generates single-use passwords. Several things are required
by the user to access their account, it includes the following:
• debit card
A customer enters the card into the
•PIN number device and enters their PIN number.
•Online security number They are then issued with an 8-digit
•Chip and PIN itself code. Using this they can then log in.
Back to
Contents
10. Online Shopping
• It is the customers responsibility that they
use a reputable, secure online store.
How do you know if data is being
transmitted in a secure way?
1. The „https‟ prefix in
the URL compared
Protocols used in the
to the normal „http‟ encryption of
2. The secure socket messages between a
layer (SSL)- the pad- client computer and
lock sign at the bottom server
of the screen.
Few Important
Back to Points
Contents
11. Important Points
× The customer MUST check the contact details of the company
to ensure reliability.
× The store MUST have a privacy policy and the customer MUST
read this. If the store does not have one, or the customer is
unsure about some parts of it, they shouldn‟t trust the online
store.
× The customer must know exactly what they are buying. “Both
description and what to do in the event that they are not
satisfied should be clear.”
× A customer must always print out the details from the
transaction they make in case of future disputes.
Back to
Contents
12. Data Protection Legislation
What does it do?
It keeps data private as well as confidential.
For example:
The UK Data Protection Act states
• Personal data shall be processed fairly and lawfully.
• Personal data shall be obtained only for a lawful
purpose.
• Personal data shall be accurate and will be kept up-to-
date.
• Appropriate measures will be taken against
unauthorised processing of personal data
Punishment for breaking ANY rules listed in the
UK Protection Act is a very large fine.
Back to
Contents
13. Social and Ethical Implications of
access to Personal Data
Duty of Aggregated
Phishing
Confidence Information
Breaches of
Duty of Fidelity Spyware
Confidence
Responsibility for
Need for Online Auction or
passing on
information Security Shopping Fraud
Anonymised
Identity Theft
Information
Back to
Contents
14. Duty of Confidence
• They must not tell anyone or use the
information for any reason except with
the permission of the person who it told
them.
• Confidential data includes business
secrets or personal information.
• This could be between an employee and
employer.
• The employee is asked to sign a
confidentiality agreement.
Back to Back to Social/
Ethical
Contents
15. Duty of Fidelity
• This is when an employee must remain
loyal to their employer.
• They must not tell any of the rival
companies about their work.
• However, once an employee leaves a
company they have the free liberty of
using their skills and knowledge that
they acquired from the company.
Back to Back to Social/
Ethical
Contents
16. Responsibility for passing on
information
• When a company passes on information about any
individual they must ensure that the least amount of
information that could identify the individual is used.
• Things like online banking or online shopping require
you to give them your personal information. It MUST
be ensured that information is not passed from
organisation to organisation without authorisation
from the individual.
Back to Back to Social/
Ethical
Contents
17. Anonymised Information
• This is when information about an
individual is passed on without the
mention of their name.
• Companies should always omit any
personal details wherever possible.
Back to Back to Social/
Ethical
Contents
18. Aggregated Information
• It is a summary of personal information without
naming the person.
For example:
All the people who are above the age of 60
and have diabetes.
This way no one can be identified.
However, there is a downside to this. There might be
only one person in the whole hospital so identification
of the person will be easy and may be embarrassing
for the individual.
Back to Back to Social/
Ethical
Contents
19. Breaches of Confidence
• This is basically a „non-disclosure
agreement‟.
• All employment contracts should have
a duty of confidence clause.
Back to Back to Social/
Ethical
Contents
20. Need for Security
• All organisations need to protect they
computerized information.
• Many people don‟t use online banking
because they are scared that people
will defraud them.
Back to Back to Social/
Ethical
Contents
21. Identity Theft
• It starts off by stolen credit card details.
So when does it all go wrong?
Scenario: Purchase is made at a restaurant;
the customer lets the waiter take their credit
card out of their sight.
The card is then skimmed on a special reader
and all the details from the card are copied
from the card.
Back to Social/
Ethical A less obvious way
Implications
would be…
Back to
Contents
22. Identity Theft
• Sometimes the machine is below the cash till
and the customer hardly notices that it has
been skimmed as well as swiped for the
transaction.
Another Method:
Retail outlets’ databases are hacked into and
all the customer data is copied for illegal use.
When data is encrypted, it at some point does
need to be decrypted and at that point the
information becomes vulnerable to theft.
Back to Back to Social/
Ethical
Contents
23. Phishing
• This is when a fraudulent email is sent to a
person. It will seem as if the email is sent
by the bank however in reality it isn‟t.
• The email will request the person to give
their password, card or account number
and other security details.
What the phishers do is that they include the website
address for the customer to go on to. And this website looks
legit.
This fake website is set up PURELY to get customer details.
What is pharming?
Back to Back to Social/
Ethical
Contents
24. Pharming
• This is when a fraudster REDIRECTS a genuine
websites traffic to their own website.
• The customer thinks that they are dealing
with their bank site but they are actually
sending details to the fraudsters website.
Back to Back to Social/
Ethical
Contents
25. Spyware
• This is a software that customers unknowingly
download.
• It usually is attached to a software which the
computer user downloads.
• The fraudster has attached spyware to gather
personal details of the user.
• They do this by using a key logging software when
the user logs on to their bank account of online
shopping.
Back to Back to Social/
Ethical
Contents
26. Online Auction or Shopping
Fraud
• This is when somebody sets up a
genuine site and puts up expensive
items for sale and then they don‟t
deliver it or they send a cheap
imitation.
• They take the money but never deliver
the goods.
Back to Back to Social/
Ethical
Contents