Featuring 11 Papers as of August 8, 2013
Protecting Small Business Banking by Susan Bradley - July 22, 2013
Over the last several years, the use of online banking and other financial transactions have risen dramatically.
Security of Mobile Banking and Payments by Vanessa Pegueros - January 4, 2013
There doesn't seem to be a week that something relative to mobile and/or mobile payments is not in the news.
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data by nuBridges, inc - September 29, 2009
Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
A Trusted Smart Phone and Its Applications in Electronic Payment by Changying Zhou - August 29, 2006
This paper analyzes the building blocks of the trusted smart phone and proposes a framework to provide a trusted platform for mobile electronic payment.
An Overview of Session Hijacking at the Network and Application Levels by Mark Lin - May 5, 2005
With the business of ecommerce booming, more and more sensitive information is being passed around on the web. Financial and identity information are constantly at risk of being stolen as more and more users take advantage of the ease of doing business online through web applications.
Shopping for Security by Kimberly Lemieux - March 26, 2003
This paper serves as a tool to assist users in establishing and testing some baseline security measures as described in the EUser's Security Concerns.
Unique Characteristics of Ecommerce Technologies and their Effects upon Payment Systems by Stephen Burns - March 26, 2002
This paper discusses and highlights unique characteristics of the technologies of the ecommerce world compared with traditional payment systems and the way these characteristics may be exploited to compromise payment systems.
eCommerce and Defense in Depth by Clayton Dillard - October 24, 2001
This document gives an overview of some common methods that can be employed to build defense-in-depth into your eCommerce solution.
Inspection Grade Card for Conducting E-Commerce by Andrew McAllister - August 27, 2001
This paper provides instructions for inspecting and grading E-Commerce sites, offering descriptions and sample questions to prepare for the inspection.
"SET" to Pull Down the Insecurity Barrier in Front of E-commerce by Onur Arikan - July 25, 2001
This paper addresses the topic of Secure Electronic Transaction (SET).
Information Security Issues in E-Commerce by David Olkowski - March 26, 2001
A discussion on some of the issues in the state of information security as it pertains to e-commerce.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.