TABLE OF CONTENT

1.0     INTRODUCTION                                                                   2

2.0     THE EVOLUTION OF INFORMATION SYSTEMS               3

2.0     CHALLENGES FACED BY ASOS                                         7

          2.1     Digital e-Commerce Cycle                                              10

          2.2     ASOS Security Issues                                                     11

3.0     THE SOLUTION FOR ASOS ONLINE STORE SECURITIES 12

5.0     CONCLUSIONS                                                                     16

         

1.0              INTRODUCTION

ASOS.com is a British online fashion and beauty store. Primarily aimed at young adults, ASOS sells over 850 brands as well as its own range of clothing and accessories. Sales for the financial year ending 31 August 2013 were £753.8 million. As of August 2013, ASOS PLC has an estimated net worth of £159 million. In May 2012, it reported a jump in pre-tax profits from £15.7 million to £30.3 million, with sales up 46% at £495 million.

ASOS.com is a global online fashion and beauty retailer, offering over 50,000 branded and own-label product lines across women wear, menswear, footwear, accessories, jewelry and beauty. ASOS has websites targeting the UK, Australia, USA, France, Germany, Spain, Russia, Italy and China. It also ships to over 237 other countries from its two distribution centers in the UK.

ASOS's headquarters are in Camden Town, within a building known as Greater London House. As of 2013, its main fulfillment center is in Barnsley, South Yorkshire, which has 3,000 workers. The Customer Care department is based in Hemel Hempstead.

ASOS was established in June 2000 by Nick Robertson and Quentin Griffiths. Despite deprecating its original meaning (AsSeenOnScreen), ASOS is still written as an uppercase acronym; the exception to the rule being the new logo designed by Ben Lewin in 2008, where it is stylistically shown all in lower case.

In 2001, ASOS was admitted to the Alternative Investment Market (AIM) on the London Stock Exchange.

In 2005, the Buncefield Fuel Depot explosion closed the business for six weeks and £5m of stock was lost.

In 2013, ASOS opened its first office outside the South West, in Birmingham In 2013, ASOS recalled belts contaminated with radioactive Cobalt 60. In 2013, ASOS Russia and China were launched. In 2014,a fire in their Barnsley warehouse caused them to stop taking orders for almost three days.

ASOS has over 4,000 employees and is the UK's largest independent online and fashion beauty retailer.

1.1              THE EVOLUTION OF INFORMATION SYSTEMS

Internet services at large are becoming an inherent part of people’s everyday lives. Simultaneously, increasing attention has been paid to the usability of the interactive products and applications, that is, the efficiency, fit for purpose and users’ satisfaction with the products, applications, or services (International Organization for Standardization [ISO], 1999). For commercial B2C business the users’ satisfaction mostly depends on the goods’ quality, the logistics’ service and the experience of website’s shopping. The quality of goods from ASOS can be guaranteed since the company has good control of the production chain of all the goods. And the logistics has competitive advantage due to their advanced supply chain management. But the website is under the average level with low usability.

In the early 2000s, it is noticed from that the shift in product development has taken place toward user experience (e.g. Battarbee, 2004; Hassenzahl & Tractinsky, 2006; Roto, 2006). Aiming for a good user experience means designing products and systems that, in addition to being usable, invoke positive emotions (Forlizzi & Ford, 2000; Jordan, 2002; Norman, 2003), support hedonic needs (Hassenzahl, 2004) and enable flow (Csikszentmihalyi, 1990) in using the product or service. Furthermore, pleasant user experience means that the users’ interactions with every contact point in the life cycle of the product are satisfying, including marketing, product purchase, or acquisition, taking it into use, and other supporting services. This assignment will focus on the product purchase which takes place in the interaction with the website.

As technologies used in the products develop, users’ expectations towards interactive products are rising. Thus, exceptionally good user experiences are harder to achieve as the product markets mature. Customers are different but the website is the only one. How to satisfy the users as many as possible is the main concern for the owner of the websites. From the aspect of interaction design, usability is crucial for websites to be goal-oriented.

“User satisfaction is essential to the success of any Web site. Satisfaction with electronic environments, or e-satisfaction, drives traffic to Web sites and encourages repeated use of a site. With more e-satisfaction there is more sales volume.”

The customers are the god so without the user satisfaction there is no success in the market for any business. In the field of e-commerce the website is the only main way to interacting with the customers which illuminates the important status.

“There are four aspects of website design: usability, content, navigation and aesthetics. The last three all contribute in some way to the first”. A large community of designers exists to help improve appearances of websites. But appearances are only part of the story: usability and understandability are more important, for if a product can’t be used easily and safely, how valuable is its attractiveness? Usable design and aesthetics should go hand in hand.

Nielsen (1993) pointed out that we could find problems by evaluating the process of users’ practical operations. He suggested to evaluate the user interface design by usability criteria. He provided five criteria of usability evaluation, including learnability, efficiency, memorability, errors and satisfaction in evaluating system usability. Learnability means the system is easy to learn. Efficiency means users work efficiently when using the system. Memorability means operation steps are memorable. Errors means the system works in fewer errors. Satisfaction means users feel pleasure and satisfied when using the system. Most researchers’ views about usability criteria are not beyond the Nielsen’s five criteria.

Below are some guidelines and critical lines for websites.

A few critical items that most new web sites have to take into consideration are:

In conclusion for the online commercial websites the usability of website determines whether the users come back or not to some extent. To improve the quality of the website it is supposed to put the usability first not the appearance. However the interfaces’ appearance is another aspect to be improved. So the usability has to be improved for better satisfaction from users. Especially for the commercial websites the users’ satisfaction dominate the future of the brand. As mentioned before there are many problems existed in the website of ASOS which will restrict the development of the brand and the company. In the development of online shopping more and more concerns will be focused on the interaction between websites and customers

2.0              CHALLENGES FACED BY ASOS

Security is one of the principal and continuing concerns that restrict customers and organizations engaging with ASOS.  The aim of this paper is to explore the perception of security in e-commerce B2C and C2C websites from both customer and organizational perspectives.

With the rapid development of E-commerce, security issues are arising from people's attention. The security of the transaction is the core and key issues of the development of E-commerce. This paper about the security issues of Ecommerce activities put forward solution strategy from two aspects that are technology and system, so as to improve the environment for the development of E-commerce and promote the further development of E-commerce.

Web applications used by ASOS increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for an application to coordinate its internal states with those of the component services and the web client across the Internet

ASOS on one side are thinking of how to attract more customers and how to make the visitors feel secured when working on the site, on the other side how the end users should rate a ecommerce website and what they should do to protect themselves as one among the online community. Our objective of writing this assignment is to make the readers to have clarity of thoughts on the technology which helps all of us to do secure transactions along with safety tips. And how ecommerce site owners, have to make their online visitors to be of much comfort or Trust an ecommerce site via Trust marks, and by their security strategies.

Viruses are a nuisance threat in the e-commerce world. They only disrupt e-commerce operations and should be classified as a Denial of Service (DoS) tool. The Trojan horse remote control programs and their commercial equivalents are the most serious threat to e-commerce.

Trojan horse programs allow data integrity and fraud attacks to originate from a seemingly valid client system and can be extremely difficult to resolve. A hacker could initiate fraudulent orders from a victim system and the ecommerce server wouldn‘t know the order was fake or real. Password protection, encrypted client-server communication, public private key encryption schemes are all negated by the simple fact that the Trojan horse program allows the hacker to see all clear-text before it gets encrypted.

Due to the increase in warnings by the media from security and privacy breaches like identity theft and financial fraud, and the elevated awareness of online customers about the threats of performing transactions online, e-commerce has not been able to achieve its full potential. Many customers refuse to perform online transactions and relate that to the lack of trust or fear for their personal information.

The traditional authentication mechanism is based on identity to provide security or access control methods; in addition, traditional encryption and authentication algorithm require high computing power of computer equipment. Therefore, how to improve the authentication mechanism and optimize the traditional encryption and authentication algorithm may be the focus of P2P e-commerce.

E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions.

The success or failure of an e-commerce operation hinges on myriad factors, including but not limited to the business model, the team, the customers, the investors, the product, and the security of data transmissions and storage. Data security has taken on heightened importance since a series of high-profile "cracker" attacks have humbled popular Web sites, resulted in the impersonation of Microsoft employees for the purposes of digital certification, and the misuse of credit card numbers of customers at business-to consumer e-commerce destinations.

The analysis of G2C based online payment systems triggered conclusions which led to emphasize research on the security aspect on online payment systems. It was found that the credit card based payment systems were the most widely used means of conducting online payments. It was also extracted from the study that users want more simplified, convenient and secure online payment systems. The effect of security, protection and trust towards consumers as well as attitudes plays a key role in ecommerce implementation however, if well implemented, instantaneous flow of goods and services internally and externally. Besides, vital information could also be simultaneously processed to matched with data flowing from external ecommerce transactions which could allow for efficient and effective integration into organizational processes.

Transactions between buyers and sellers in e-commerce includes requests for information, quotation of prices, placement of orders and payment, and after sales services. The high degree of confidence needed in the authenticity, confidentiality, and timely delivery of such transactions can be difficult to maintain where they are exchanged over the Internet.

Privacy and security can be viewed as ethical questions. At the same time the privacy and security area attracts a large amount of attention from the commercial sector because it has the potential to determine the success or failure of many business ventures, most obviously ecommerce activities.

Clearly, the online transaction requires consumers to disclose a large amount of sensitive personal information to the vendor, placing themselves at significant risk. Understanding (indeed, even precisely defining) consumer trust is essential for the continuing development of e-commerce.

In online shopping online electronic payment function is the key issue to ensure the consumers are fast and convenient, we have to ensure the safety and secrecy of the parties to a transaction, which requires a complete electronic trading systems.

2.1              Digital e-Commerce Cycle

Security is very important in online shopping sites. Now days, a huge amount is being purchased on the internet, because it‘s easier and more convenient. Almost anything can be bought such as music, toys clothing, cars, food and even porn. Even though some of these purchases are illegal we will be focusing on all the item‘s you can buy legally on the internet.

2.2              ASOS Security Issues

There are many points of failure, or vulnerabilities, in an ASOS e-commerce environment. Even in a simplified e-commerce scenario – a single user contacts a single web site, and then gives his credit card and address information for shipping a purchase – many potential security vulnerabilities exist. Indeed, even in this simple scenario, there are a number of systems and networks involved. Each has security issues:

·         A user must use a web site and at some point identify, or authenticate, himself to the site. Typically, authentication begins on the user’s home computer and its browser. Unfortunately, security problems in home computers offer hackers other ways to steal ecommerce data and identification data from users. Some current examples include a popular home-banking system that stores a user’s account number in a Web “cookie” which hostile web-sites can crack (Graves and Curtin 2000); ineffective encryption or lack of encryption for home wireless networks (Borisov, Goldberg, and Wagner 2001); and, mail-borne viruses that can steal the user's financial data from the local disk (Roberts 2002) or even from the user's keystrokes (Neyses 2002). While these specific security problems will be fixed by some software developers and web-site administrators, similar problems will continue to occur. Alternatives to the home computer include Point-of Sale (POS) terminals in brick-and-mortar stores, as well as a variety of mobile and handheld devices.

·         The user’s web browser connects to the ASOS merchant front-end. When a consumer makes an online purchase, the merchant's web-server usually caches the order's personal information in an archive of recent orders. This archive contains everything necessary for credit-card fraud. Further, such archives often hold 90 days' worth of customers' orders. Naturally, hackers break into insecure web servers to harvest these archives of credit card numbers. Several recent thefts netted 100,000, 300,000, and 3.7 million credit-card data, respectively. Accordingly, an e-commerce merchant's first security priority should be to keep the web servers' archives of recent orders behind the firewall, not on the front-end web servers (Winner 2002). Furthermore, sensitive servers should be kept highly specialized, by turning off and removing all inessential services and applications (e.g., ftp, email). Other practical suggestions to secure web servers can be found in (Tipton and Krause 2002), (Garfinkel 2002), and (Garfinkel, Schwartz, and Spafford 2003), among many others.

·         The merchant back-end and database. A site’s servers can weaken the ASOS’s internal network. This not easily remedied, because the web servers need administrative connections to the internal network, but web server software tends to have buggy security. Here, the cost of failure is very high, with potential theft of customers’ identities or corporate data. Additionally, the back-end may connect with third party fulfillment centers and other processing agents. Arguably, the risk of stolen product is the merchant's least-important security concern, because most merchants' traditional operations already have careful controls to track payments and deliveries. However, these third parties can release valuable data through their own vulnerabilities.

3.0              THE SOLUTION FOR ASOS ONLINE STORE SECURITIES

There are many relevant technologies, including cryptographic technologies that can mitigate the above vulnerabilities. However, none is comprehensive or airtight by itself. Accordingly, we next present a brief overview of the major technologies, also considering the advantages and disadvantages of each. For a more complete description of each technology, see (Bishop 2003).

In the mass media, the most visible security technologies are the encryption algorithms. For a general introduction to these technologies see (Treese and Stewart 1998); a popularization can be found in (Levy 2001). Two classic textbooks are (Denning 1983) and (Koblitz 1994), and encyclopedic compendia include (Schneier 1996) and (Menezes, Van Oorschot, and Vanstone 1996).

Public key infrastructure (PKI) systems are one such encryption technology (Adams et al. 2001, CCITT 1988, Housley et al. 2002, Polk, Housley, and Bassham 2002). Important PKI-based secure protocols include the retail mechanism Secure Socket Layer (SSL) (Dierks and Allen 1999, Rescorla and Schiffman 1995) and the interbank standard suite, ANSI X9 (American National Standards Institute 1994, RSA Security 2003a). The PKI is a flexible key-distribution system in which every participant carries two cryptographic keys, one for encryption and one for decryption; together these two keys make up what is called an asymmetric key pair (Diffie and Hellman 1976, Rivest, Shamir, and Adelman 1978). The encrypting key is published to the world and is called the participant’s public key. The decrypting key is called the private key. The system is characterized by mathematical elegance, efficient scaling features, and theoretically based security guarantees. A performance advantage of PKI is that it does not require a centralized, highly available intermediary for every secured transaction; however, this also makes it difficult to know when another party's key has been stolen or otherwise compromised. As such, PKI often requires a centralized, highly available intermediary for key management, and especially for prompt notification about revoked key-pairs (Adams and Farrell 1999). This issue, the revocation problem, is still unsolved (Davis 1996, Davis 1998), despite the best effort to date (Myers et al. 1999).

A digital signature (Rabin 1978, Rivest, Shamir, and Adelman 1978) is the salient application of public-key cryptography (and by extension, of PKI), and is an analog of a handwritten signature. A digital signature is a cryptographic tag that only one author can calculate; the tag can be combined with any kind of data that the author might create (e.g., financial, entertainment, medical); and the tag's validity can be checked by anyone who can access the data. This combination of authored content with the author’s identity serves the same purpose as applying one’s signature to a paper document; a digital signature can be used to sign contracts, to provide authenticity of an electronic distribution, or to prove identity for access. While e-commerce digital signatures have been much anticipated, they have been little adopted to date. There is still substantial research potential in understanding the legal and economic issues involved in the lack of widespread adoption of digital signature-based electronic commerce.

In symmetric key systems, on the other hand, the same key is used for both encryption and decryption, so it must always be guarded as a secret. For e-commerce applications, the principal examples of symmetric key systems are the ciphers DES (NIST 1993), AES (NIST 2001), and RC4 (RSA Security 2003b), as well as Microsoft's Hailstorm authentication system (formerly PassPort). As advantages, symmetric key cryptography runs orders of magnitude faster than public key cryptography.

These ciphers can be used in a variety of ways. As noted above, the technical challenge in authenticating users is that the identifying information must remain private but the Internet is a public broadcast medium. Cryptography meets this challenge by guaranteeing that the subscriber’s identifying information cannot be stolen, copied, or replayed by others. It was once supposed that most users would use public-key cryptography to authenticate themselves. However, very few end users possess public key certificates currently, because certificates are expensive. Instead, web users use a variant of SSL in which users identify themselves with passwords instead of with digital signatures. A second way in which e-commerce sites validate users’ passwords is with HTTP cookies. Cookie-mediated authentication, however, is very insecure (Dawson 1998, Festa 1998). Symmetric key cryptography offers more security than password-mediated authentication with more favorable key management tradeoffs than PKI affords, but as noted above, the key must be tightly guarded.

Other technologies can be used to perform both authentication and data protection. For example, smart cards (Rankl and Effing 1997) can be used to store data about the bearer of the card, including financial data, medical records, identification credentials. Because those data are so sensitive, it is critical to store the associated encryption keys in tamper-resistant hardware. Further, the smartcard shouldn't ever have to share the bearer's personal data or his keys with a POS terminal, otherwise the bearer’s privacy and keys could be compromised. In practice, this means putting a computer processor and cryptographic hardware on the card, along with the encryption keys. A further advantage is that smartcards can allow POS transactions to be more intricate, because all the user’s data is always available. This architecture can also avoid the centralized storage of personally sensitive data, and supposedly demands less trust of the consumer to a centralized authority to husband the data properly. Smartcards have the disadvantage that every promise of tamperproof packaging has been shown false (Anderson and Kuhn 1996, Anderson and Kuhn 1997). Smartcards saw early and widespread deployments in Europe, especially in Germany, Benelux, and France, but not in the U.S. The reason for smart cards' adoption failure in the US remains unclear.

Similarly, cryptographic technologies can be used in various points in the payment system (Neuman and Medvinsky 1998). The majority of Web transactions are currently SSL-protected credit card transactions. However, many other mechanisms have been proposed for handling electronic payments. Digital cash and networked payments (e.g., (Chaum 1985) purport to bring anonymous electronic transactions to e-commerce; that is, like currency and unlike credit cards, digital cash cannot be traced to any specific individual. Thus, a consumer might buy electronic data or a digital service without revealing his identity to the merchant, and without revealing his purchases to a financial clearinghouse. There are many digital cash variants, but Chaum’s version was the archetype, using digital signatures and encryption to simulate the issuance of paper currency with serial numbers. In some variants, this currency can be given to others while not having the side effects of allowing counterfeiting, duplication, or double-spending. Micropayment schemes, such as MilliCent (Glassman et al. 1995) are systems for transferring extremely small payments, perhaps fractions of cents, for Internet goods (often information goods). The goal in this case is to enable the creation of markets for small quantities of data and services, such as per-article newspaper subscriptions. Despite these interesting social and technical advantages, these sophisticated digital payments schemes haven't thrived, for a variety of reasons. Shirkey (2000) has provided sharp arguments on why micropayments have not caught on: the history of communication markets shows that users greatly prefer simple and predictable pricing schemes. The Mondex anonymous payments system has been successful in Europe, but cryptographers have raised questions about Mondex's security (Brehl 1997). Similarly, PayPal, a payment intermediary, has been financially successful but has been plagued by repeated problems with fraud (Jonas 2002). Indeed, Stefan Brands, a cryptographer specializing in the design and analysis of digital cash systems, noted in 1996 that of the digital cash issued in European pilot deployments, 10% had been lost to fraud (Brands 1996).

Recently, the entertainment and mass media industries have invested much effort in digital watermarking technology (Delaigle, De Vleeschouwer, and Macq 1996). Here, the technical goal is to find ways of cryptographically tagging electronic content (especially images and audio) in a way that is recognizable, non-forgeable, and non- removable. The business goal is to enable firms to detect unlicensed distribution or re-sale, in hope of firms being able to distribute content electronically and safely. The watermark tag is generally designed to be invisible or unobtrusive. This is still an active area of research, as all proposals to date have been successfully attacked (Craver et al. 2001). Currently, the entertainment industry is using the Digital Millennium Copyright Act of 1998 (DMCA) to bolster with law the technical weaknesses of digital watermarking proposals, by making it illegal in the US to remove or forge such protections (Lazowska 2001).

5.0       CONCLUSIONS

E-commerce is widely considered the buying and selling of products over the internet, but any transaction that is completed solely through electronic measures can be considered e-commerce. Day by day E-commerce and M-commerce playing very good role in online retail marketing and peoples using this technology day by day increasing all over the world.

E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-commerce security; Integrity: prevention against unauthorized data modification, No repudiation: prevention against any one party from reneging on an agreement after the fact. Authenticity: authentication of data source. Confidentiality: protection against unauthorized data disclosure. Privacy: provision of data control and disclosure.

Fraudsters are constantly looking to take advantage of online shoppers prone to making novice errors. Common mistakes that leave people vulnerable include shopping on websites that aren't secure, giving out too much personal information, and leaving computers open to viruses. In this paper we discussed E-commerce Security Issues, Security measures, Digital E-commerce cycle/Online Shopping, Security Threats and guidelines for safe and secure online shopping through shopping web sites

In summary, privacy and security are still ongoing research problems. There have been some interesting and significant findings, however, in the last five years that bear important consequences for e-commerce sites and consumers. Privacy is now understood, by many, to be a social construction with expectations the largest consideration. Yet, privacy is also considered a public issue by regulators, who have nonetheless largely allowed technology to unfold to date. Security is now understood to be largely imperfect, the continual cat-and-mouse game of security expert and hacker. Important technical developments have been deployed in the last five years; however, it is clear that organizational policies may play as an important a role in site security. Finally, detailed economics- and sociologically- based analyses are beginning to find their way into the published literature, and we expect that these studies will bring greater clarity and proficiency to admittedly murky areas.

REFERENCES

Anderson, Ross, and M. Kuhn. 1996. Tamper Resistance - A Cautionary Note. Proceedings of the Second USENIX Workshop on Electronic Commerce : 1-11.

ASOS.com. (2013, November 17). Retrieved July 11, 2015, from https://en.wikipedia.org/wiki/ASOS.com

Bishop, Matt. 2003. Computer Security. New York: Addison-Wesley.

Brehl, B. 1997. Security of `Cash Cards' Questioned. Toronto Star, October 6, 1997, E1-2.

Brands, Stefan. 1996. Electronic Cash. Invited talk, RSA Cryptographers' Colloquium.

Borisov, N., I. Goldberg, and D. Wagner. 2001. Intercepting Mobile Communications: The Insecurity of 802.1. Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking : 180-189.

Craver, S., J. McGregor, M. Wu, B. Liu, A. Stubblefield, B. Swartzlander, D. Wallach, D. Dean, and E Felten. 2001. Reading Between the Lines: Lessons from the SDMI Challenge. Unpublished manuscript, to have been presented at the Fourth International Information Hiding Workshop, from http://cryptome.org/sdmi-attack.htm.

Denning, D. 1983. Cryptography and Data Security. New York: Addison-Wesley.

Diffie, W., and M. Hellman. 1976. New Directions in Cryptography. IEEE Transactions on Information Theory, 22 (6) : 644-654.

Dawson, K. 1998. JavaScript Privacy Bugs Hit Netscape, Then Microsoft. Tasty Bits from the Technology Front, October 12, 1998,

Festa, P. 1998. Navigator Still Has Bug Problem. CNet News.com, October 7, 1998,

Garfinkel, Simson. 2002. Web Security, Privacy and Commerce. Cambridge, MA: O'Reilly and Associates.

Glassman, S., M. Manasse, M. Abadi, P. Gauthier, and P. Sobalvarro. 1995. The MilliCent Protocol For Inexpensive Electronic Commerce. Proceedings of the Fourth International World Wide Web Conference

Garfinkel, Simson, Alan Schwartz, and Gene Spafford. 2003. Practical Unix Internet Security. Cambridge, MA: O'Reilley.

Graves, P., and M. Curtin. 2000. Bank One Online Puts Customer Account Information At Risk. From http://www.interhack.net/pubs/bankone-online.

Koblitz, N. 1994. A course in number theory and cryptography. Berlin: Springer-Verlag.

Levy, Steven. 2001. Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age. New York: Viking.

Lazowska, E. 2001. Overview of CRA and Felten et al. from http://lazowska.cs.washington.edu/felten/FeltenOverview.pdf.

Menezes, Alfred J., Van Oorschot, Paul C., and Scott A. Vanstone. 1996. Handbook of Applied Cryptography. New York: CRC Press.

Neyses, J. 2002. Higher Education Security Alert From the U.S. Secret Service: List of Keystroke Logging Programs. http://www.unh.edu/tcs/reports/sshesa.html.

Neuman, B. Clifford, and Genyady Medvinsky. 1998. Internet Payment Services. In Internet Economics. Edited by L. W. McKnight and J. P. Bailey. 401-416. Cambridge, MA: MIT Press.

Roberts, P. 2002. Bugbear Virus Spreading Rapidly. PC World Online, Ocotober 2, 2002,

Rivest, Ron, A. Shamir, and L. Adelman. 1978. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21 (2) : 120-126.

Rankl, W., and W. Effing. 1997. The Smartcard Handbook. New York: John Wiley.

Schneier, B. 2001. The Security Patch Treadmill. Crypto-Gram Newslette, Mar 15, 2001,

http://www.counterpane.com/crypto-gram-0103.html#1

Shirkey, C. 2000. The Case Against Micropayments. O'Reilly OpenP2P.com, Dec. 19, 2000, From

            http://www.openp2p.com/pub/a/p2p/2000/12/19/micropayments.html.

Tipton, Harold, and Micki Krause. 2002. Information Security Management Handbook. New York: CRC Press.

Treese, G. Winfield, and Lawrence C. Stewart. 1998. Designing Systems For Internet Commerce. New York: Addison-Wesley.

Winner, D. 2002. Making Your Network Safe for Databases. SANS Information Security Reading Room, July 21, 2002,