HSBC E-Business Challenges and Mitigation - Essay Example

HSBC’s online activities are a great way to interconnect all its business functions and services for its customers. The “Anytime Anywhere” concept would enable accessibility and greater risk for damage. The risks which are exposed for consumers and end users are some of the various vulnerabilities that come along with the technology (Speed, T. and Ellis, J, 2003). The various security concerns arise as a result of various individuals who passionately developed intelligent programs with negative and illicit attitude and make sure that all the various concerns are highlighted to its full extent. The basic derivation of such nature is spread in the form of various Malwares and intentional programs which result in harmful activities for a particular business or internet community at large. The various security concerns are dependent on the technologies in use like Ajax and other majority of technologies used. The composite feature of the security concerns are as follows: a. Content exploitation: The largest threat is content exploitation and the various implications of duplicating a wrong site to the transacting parties. It is quite often seen in practice wherein the content is misrepresented with wrong and misleading information about the subject. Often the content which is uploaded and saved by users are not properly referenced like Wikipedia and are nor taken as valid sources for fetching content in many universities. The various objectives which are desired to be achieved would be quite misleading in such cases and make sure that all the various thoughts are achieved to its maximum limit. b. Access control: The security still remains the primary issue for any online activity and when it comes to online transaction the threats increase multifold. Transfer of funds and various online trading activities would meet with severe access control for fetching a secured manner for access and security control. c. Trust on online operations: The online operations are still facing the worst dangers from security and fraud and continue the traditional process of fetching the business. The better security mechanisms would enable to enrich businesses and would contribute largely to the faith of online transactions are would enable to reach customers base for better catering of products and services. d. Customer Relationship Management (CRM): The strength of HSBC’s online business is their internal and external processes for which their relationship with the clients which it has builds for long. The nature of being completely customer focus is the basic requirement in the long term so that they are able to cater best at all levels. The various factors that can enhance their CRM are as follows: Customer oriented: The nature of services to be catered to the end user must be properly researched so that it correctly matches with their demands. Security problems: It must be checked thoroughly that all the security extensions for the site is checked over and over again so that one the company is able to cater customers around the globe. The firewalls in place may prevent the display of certain pages and content and would make the certain processes. The necessary step would be to check whether the system relies on certain technologies and open technologies which passes all firewalls must be taken into account (Stallings, 2003). Completely web based: The complete web based scenario is quite essential for creating the virtual system for getting the job done. Additional overhead to install a plug-in or install software for the purpose of getting a job done would be unfriendly in nature and customers would not love to achieve it. Getting 100% virtual would perform operations faster (Sadegh, 2005). Including a software development kit: The inclusion of SDK’s makes sure that one is able to add or modify features and permissions to the software. This makes the overriding of the functionalities to a large extent so as not to declare it a legacy system. Integrating such a system with CRM systems makes sure that all the necessary administrative privileges are catered to its fullest extent (Sadegh, 2005). Real time systems: Incorporating real time systems would process the tasks at the very instance of mouse click and not by batch systems methodology. Integrating the hardware: The complex requirements of the system to communicate with the hardware takes into account the complex associated operations that are required to be performed for either scanning or using swipe cards for various purposes. Proper integration of the associated hardware brands would make sure that the system is plug_and_play free for any kind of association (Sadegh, 2005). What measures do you think that HSBC may need to take to overcome or mitigate these challenges? The key techniques to the most affordable website security would be the casual features of the website for the purpose of safeguarding the website content and the transactions that are to be made for fulfilling the ecommerce objectives of the website. The following can be credited to the diverse ways to secure the website and customer information for the “Grandmas Treats” website: Web content security: It forms the greater part of the security as they are aimed at non-representation or illegal presentation of false content that a user is not expected to see. The term cross site scripting (or XSS) is often used in conjunction with the web content and links that are to be secured for a website. Acunetix (2007) own product Acunetix Web Vulnerability Scanner is easily downloadable and comes free. Using that one could scan their website for any such flaws. Directory traversal attacks: The directory traversal attacks are quite common where the links are traversed to a very different path where the information flows to the hackers. It is due to the malfunction of the codes at the client and server sides. The code efficiency and link path requires to be checked periodically so that one is able to redesign and test the system for any malfunction (Raymond R. Panko, 2004). SQL injection: It is another method where intruders are capable to draw information from one website using SQL languages to illegally fetch customer’s data for obtaining their financial information or to manipulate information for wrong use. The website must be checked periodically for such incidents and must also make sure that customer records are encrypted using 128 bit security layers at the database side (Diffie, W. and Hellman, Μ. Ε, 2006). The database security must be checked for getting sure that no such activity is evident. The customer’s financial information would be encrypted to hide it from easy access from hackers (C.P. Pfleeger & S. Pfleeger, 2002). E-commerce transactions security: The use of SSL 3.0 makes sure that all vulnerabilities regarding the tapping of information so that one’s purchases are safe in all respects. The use of this protocol makes sure that a secured channel is followed for communication between the client communicating clients. The use of Transport Layer Security (TLS) is important and can be enabled for any website for securing the communication to the communicating clients. IETF (2007) explains that TLS composes of point to point authentication techniques and communications privacy over the internet strengthening the encryption. Web server checks and database security checks: The periodic checks are done to put a check on performance of the website and database usage. All the relevant links and database security is checked for overall assurance. Database backup: The database backup plans must be devised accordingly for keeping the records safe to protect against unforeseen disasters (Navathe, 2002). The above discussed techniques would result in fetching the right mechanism for mitigating the security challenges related with HSBC’s online activities. References/Bibliography Acunetix (2007). Web Site Security Center: Check & Implement Web Site Security. Retrieved 26, November 2008 from http://www.acunetix.com/websitesecurity/ C.P. Pfleeger & S. Pfleeger (2002). “Security in Computing 3rd Ed.” (Prentice Hall International). Data Encryption Standard Federal Information Processing Standards (1993). Publication 46-2. December. Diffie, W. and Hellman, Μ. Ε (2006). "New directions in cryptography." IEEE Transactions on Information Theory, 22, pp. 644-654. HSBC.com (2008). Internet Banking for Business. Retrieved 27, November 2008 from http://www.hsbc.co.in/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4o38QwBSZnFG8ebhnnoR6KImcYbm6IJGcQ7IkSC9L31fT3yc1P1A_QLckNDI8odFQH9osFH/delta/base64xml/L2dJQSEvUUt3QS80SVVFLzZfMl8xVlM. IETF (2007). Transport Level Security. Retrieved 26, November 2008 from http://www.ietf.org/html.charters/tls-charter.html Navathe Elmasri (2002). Database Systems, Prentice Hall. Raymond R. Panko (2004). Corporate Computer and Network Security. Pearson Education International. Rivest, R., Shamir, A. and Adleman, L (1978). "A method for obtaining Digital signatures and public key cryptosystems." Communications of the ACM, 21, pp. 120-126. Speed, T. and Ellis, J (2003). Internet Security: A Jumpstart for Systems Administrators and IT Managers. Digital Press. Stallings, William (2003).Network Security Essentials, 2nd Edition. Prentice Hall. Sadegh, Bahan (2005). Seven Strategies for Successful CRM Integration. Retrieved 27, November 2008 from http://www.destinationcrm.com/articles/default.asp?ArticleID=4844 Read More