How to structure your security and privacy operations to minimize legal risks and business disruption.When your business moves to the Internet, you enter a truly global marketplace. You must now be concerned about servers, Website design, hits, "look and feel" and suitable domain names--and security must be at the forefront. Developing a trusted Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. infrastructure and investing in security solutions are key to moving your business to the 'Net. The anonymous nature of the relationship between e-market buyers and sellers is at the core of Internet security issues. Is the customer who he or she claims to be? Is the customer a child? These are examples of important "identity" questions that must be answered by the e-commerce proprietor. As you develop your e-commerce capabilities, you must remember to structure security and privacy operations to minimize both legal risks and the disruption to your business caused by system upgrades and installations. Consider the following as you proceed: Online credit card sales Credit card sales on a Website are made on a "Card Not Present" basis. Authenticating a cardholder's identity on the Internet is a paramount problem, and finding and utilizing a solution for identifying consumers is key to reducing credit card fraud Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. . Card issuers hold the online retailer responsible for losses from fraud, even if they received an authorization for the transaction. Potential solutions range from a time-consuming manual review of each order and/or receipt of faxed customer signatures to automated real time risk management solutions. Some risk management software offerings analyze risk factors and provide a risk score in real time for the merchant to consider in accepting the order. A few risk factors include: a credit card name does not match the e-mail name; a consumer using a free e-mail See Internet e-mail service. domain; a ship-to address that is different from the bill-to address. The newest initiatives from the major card issuers are payer authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. services. These services will prompt the consumer for an authentication response. The suitable combination of process, procedure and technology will be determined by your budget and your risk tolerance Risk Tolerance The degree of uncertainty that an investor can handle in regards to a negative change in the value of their portfolio. Notes: An investor's risk tolerance varies according to age, income requirements, financial goals, etc. . Employee acts on the Internet As an employer, you can be held liable for the acts of your employees on the Internet. Employees are using corporate e-mail and Internet access See how to access the Internet. to harass harass (either harris or huh-rass) v. systematic and/or continual unwanted and annoying pestering, which often includes threats and demands. This can include lewd or offensive remarks, sexual advances, threatening telephone calls from collection agencies, hassling by , order or distribute pornography and engage in other forms of non-business activity. Limit your liability by having written Internet policies that specify that e-mail and Internet usage is for business purposes only. Further, support the policies with procedures that ensure compliance and, most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , enforce the policies. Sales to prohibited countries Under the U.S. Export Control Laws, direct or indirect exporting to a list of prohibited countries is illegal. This poses a problem for the borderless Internet. Retailers should, minimally, use an export restriction Export restrictions (Restriction on exportation) are restrictions to the quantity of goods exported to a specific country or countries by the government. This is mainly: In many cases, terms of service are used as a contractual agreement between a company and users of a service they provide. " and in online agreements. Hackers Security technology changes rapidly. Stay abreast of developments, and protect your servers and Website appropriately. Remember that cyber-attacks are initiated by insiders as well as outsiders to your organization. Online agreements If you are using "click-through" agreements on your Website--an online agreement where the user (customer) clicks an "I Accept" button to indicate acceptance of the terms--there are some basic concepts for your Web developers to consider. The law is still evolving in this area and your system practices will have to adjust and change over time: * Utilize buttons for acceptance and rejection. * Make the terms prominent and have them appear for a sufficient duration. * Provide a convenient means for the user to print the agreement. * Send an e-mail acknowledgment of acceptance or rejection to the user. * If the user rejects the terms, do not permit the user to proceed through the transaction. The laws addressing electronic record retention are new and untested, but do require storing as much data about the user at the time of the transaction and providing suitable and secure storage for the records that assures the data will not be altered. Security resources www.cert (Computer Emergency Response Team) A group of people in an organization who coordinate their response to breaches of security or other computer emergencies such as breakdowns and disasters. .org--Good site for security advisories and best-practices information. www.cve.mitre.org--Authoritative list of common vulnerabilities and exposures. www.insecure.org--Includes a great list of security tools. www.infosecuritymag.com--Information Security magazine. www.2600.com--2600: The Hacker Quarterly magazine. Carol A. Romej is a senior attorney with the law firm of Butzel Long Butzel Long is a law firm based in Detroit, Michigan. The firm has over 225 lawyers and offices throughout Michigan, as well as branches New York, Washington, D.C., Florida, and China. They specialize in commercial law. , a Silver-level member of the Detroit Regional Chamber. She is co-chair of the firm's Technology and E-Commerce Practice Group. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion