ACCOUNTABILITY AS AN OBJECTIVE FOR SECURITY REQUIREMENTS OF E-BUSINESS PROCESS: SAMPLE SCENARIO(1)

This section shows how to apply our framework to a sample scenario. Rohrig, Knorr, and Noser analyzed the security of M3L: the Mall of the Multimedia Labs (MML) at the Department of Information Technology, University of Zurich. M3L offers products and services of the department such as online courses, research papers, PhD theses, “musical objects”, and services in the area of automatic, additive fabrication (stereolithography). Muller gives a detailed technical description of M3L.

In what follows the security requirements within shopping processes in the M3L will be analyzed. We concentrate on two parties (customer, merchant). The evaluation will include three values: low, medium, and high. Here, low means that the party concerned has no particular interest in this security objective; medium denotes that the party wants this security objective to be protected, while high indicates that this security objective is considered essential.

In the information phase a customer browses the content of M3L. Since the products offered are not customizable and the terms of business are predefined, the negotiation phase consists of putting the desired goods into the virtual “shopping cart” and ordering them by clicking the respective buttons of M3L’s user interface. During the payment phase either credit card transactions or the SET (Secure Electronic Transactions, cf. ) payment system may be used. The delivery of goods can be done online, because most of M3L’s products (e.g. music or online courses) are digital and can be sent over the Internet.

The security requirements for both parties of the business process (customer and merchant) during the four phases will be explored in the next paragraphs.

During the information phase the customer wants to find out whether the goods offered by M3L meet his demands and to compare them with the products of other shops. The data under consideration for the confidentiality and integrity therefore is the information contained in the M3L web pages. The customer will have low demands concerning the confidentiality of this data. Nonetheless, the data he collects is the basis for his decision to buy certain goods. Therefore, he wants them to be correct, i.e. of certain integrity. If he cannot access the web site of M3L, he will visit other merchants; the availability of the M3L server is quite unimportant to him.

Representative APR 391%. Average APR for this type of loans is 391%. Let's say you want to borrow $100 for two week. Lender can charge you $15 for borrowing $100 for two weeks. You will need to return $115 to the lender at the end of 2 weeks. The cost of the $100 loan is a $15 finance charge and an annual percentage rate of 391 percent. If you decide to roll over the loan for another two weeks, lender can charge you another $15. If you roll-over the loan three times, the finance charge would climb to $60 to borrow the $100.

Implications of Non-payment: Some lenders in our network may automatically roll over your existing loan for another two weeks if you don't pay back the loan on time. Fees for renewing the loan range from lender to lender. Most of the time these fees equal the fees you paid to get the initial payday loan. We ask lenders in our network to follow legal and ethical collection practices set by industry associations and government agencies. Non-payment of a payday loan might negatively effect your credit history.

Calculate APR