Reputation Systems: A framework for attacks and frauds classification

Reputation and recommending systems have been widely used in e-commerce, as well as online collaborative networks, P2P networks and many other contexts, in order to provide trust to the participants involved in the online interaction. Based on a reputation score, the e-commerce user feels a sense of security, leading the person to trust or not when buying or selling. However, these systems may give the user a false sense of security due to their gaps. This article discusses the limitations of the current reputation systems in terms of models to determine the reputation score of the users. We intend to contribute to the knowledge in this field by providing a systematic overview of the main types of attack and fraud found in those systems, proposing a novel framework of classification based on a matrix of attributes. We believe such a framework could help analyse new types of attacks and fraud. Our work was based on a systematic literature review methodology.info:eu-repo/semantics/publishedVersio

A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.<br /

A trading model and security regime for mobile e-commerce via ad hoc wireless networking

Ad hoc wireless networking offers mobile computer users the prospect of trading with others in their vicinity anywhere anytime. This thesis explores the potential for developing such trading applications. A notable difficulty in designing their security services is being unable to use trusted parties. No one can be guaranteed present in each ad hoc wireless network session. A side benefit is that their costs don't have to be paid for. A reference model is defined for ad hoc m-commerce and a threat model is for- mulated of its security vulnerabilities. They are used to elicit security objectives and requirements for such trading systems. Possible countermeasures to address the threats are critically analysed and used to design security services to mitigate them. They include a self-organised P2P identity support scheme using PGP cer- tificates; a distributed reputation system backed by sanctions; a group membership service based on membership vouchers, quorate decisions by some group members and partial membership lists; and a security warning scheme. Security analysis of the schemes shows that they can mitigate the threats to an adequate degree to meet the trading system's security objectives and requirements if users take due care when trading within it. Formal verification of the system shows that it satisfies certain safety properties

Using Control Frameworks to Map Risks in Web 2.0 Applications

Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Exploring The Role Of Cyber Security Measures (Encryption, Firewalls, And Authentication Protocols) In Preventing Cyber-Attacks On E-Commerce Platforms

The present study seeks to examine the significance of cybersecurity measures, specifically encryption strength (ES), firewall configuration (FC), and authentication protocols (AP), in protecting e-commerce platforms against cyber-attacks. The data collection process involved the administration of a survey to IT professionals responsible for overseeing e-commerce operations in a range of organisations located in Saudi Arabia. A convenience sampling method was employed to distribute a total of 300 questionnaires, out of which 190 completed responses were selected for analysis. The measurement model, which encompassed variables such as ES, FC, AP, security training (ST), cyber-attack incidents (CAI), customer trust (CT), and incident response time (IRT), was estimated using the structural equation model in Amos. The results of this study provide insights into the relationship between cybersecurity measures and their influence on the frequency of cyberattacks. The study highlights the significance of encryption, firewall configuration, and authentication protocols in strengthening e- commerce platforms. Additionally, this study examines the impact of security training on the improvement of overall cybersecurity posture and its subsequent effect on customer trust. The examination also takes into account the duration of incident response as a critical element in minimising the consequences of cyber incidents. The findings obtained from this study contribute to a more comprehensive comprehension of the cybersecurity environment within the realm of electronic commerce

International Financial Standards and the Explanatory Force of Lex Mercatoria

The global financial crisis has cast a strong light on some hitherto obscure corners of the financial world, provoking an outpouring of calls for concerted international action. “Hard law” having disappointed, can “soft law”, in the form of international financial standards, substitute for traditional national legislation. This article examines some of the difficulties associated with the “international standards as soft law” discourse. First of all, conceptual problems in the “soft law” discourse itself reveal profoundly different patterns of legal thought cutting across national boundaries, resulting in different understandings of international financial standards. Secondly, recent experience, over the past decade, with some “soft law” international financial standards as both diagnostic and prophylactic tools, has been decidedly mixed, in fact, largely unsatisfactory. Thirdly, the “soft law” discourse in international finance appears strangely remote from the daily grind of international commercial practice, where the discourse is largely unknown. But perhaps in this disconnect between theory and practice lies clues to important normative forces at work in international finance, and in particular the international capital markets. The more one considers the world of international finance, the more obvious become the outlines of centuries old transnational merchant law, the contentious lex mercatoria. The proposition put forward here is that the formal regulation of financial markets is supported by a body of strong and persistent customary law, a lex mercatoria, a rarely acknowledged but powerful undercurrent in finance, especially in its international iteration. The continued prevalence of oral contracting and the stubborn persistence of self-regulatory principles are examples. There are several intriguing implications to this proposition. Is it possible that the global financial crisis represented not only a failure of formal, state-led regulation, as it surely did, but also a breakdown of a lex mercatoria of finance? If that is the case, international standard setters and national regulators, both, ignore this lex mercatoria (the customs and practices of international finance) at their peril. To do so, would be to miss a true, powerful, source of normativity operating in international financial markets

Blockchain-based reputation models for e-commerce: a systematic literature review

The Digital Age is the present, and nobody can deny that. With it has come a digital transformation in various sectors of activity, and e-commerce is no exception. Over the last few decades, there has been a massive increase in its utilization rates, as it has several advantages over traditional commerce. At the same time, the rise in the number of crimes on the Internet and, consequently, the understanding of the risks involved in online shopping has led consumers to become more cautious, looking for information about the seller and taking it into account when making a purchase decision. The need to get to know the merchant better before making a purchase decision has encouraged the creation of reputation systems, whose services play an essential role in today's e-commerce context. Reputation systems act as mechanisms to reduce information asymmetry between consumers and sellers and establish rankings that attest to fulfilling standards and policies considered necessary for shops operating in the digital market. The critical problems in current reputation systems are the frauds and attacks that such systems currently have to deal with, which results in a lack of trust between users. These security and fraud issues are critical because users' trust is commonly based on reputation models, and many of these current systems are not immune to them, thus compromising e-commerce growth. The need for a better and safer model emerges with the development of e-commerce. Through reading the articles and pursuing the answers to the primary questions, blockchain is data register technology to be analysed in order to gain a better acknowledgment of the potential of such technology. More research work and investigation must be done to fully understand how to create a more assertive reputation model. Thus, this study systematizes the knowledge generated by reputation models in E-commerce studies in Scopus, WoS databases, and Google Scholar, using PRISMA methodology. A systematic approach was adopted in conducting a literature review. The need for a systematic literature review came from the knowledge that there are reputation systems that mitigate some of the problems. In addition to identifying some indicators used in reputation models, we also conclude that these models could help provide some insurance to buyers and sellers, with a commitment to being a problem solver, being able to mitigate known problems such as Collusion, Sybil attacks, laundering attacks, and preventing online fraud ranging from ballot stuffing and bad-mouthing. Nevertheless, the results of the present work demonstrate that even though these reputation models still cannot solve all of the problems, attacking one fraud opens the door to an attack. The architecture of the models was identified, with the realization that a few lacks that need to be fulfilled