The application of 3rd party certification programme in Malaysia

Third Party Certification(TPC) is one of the methods to provide confident and satisfaction to customers to surf the website. Through the implementation of TPC programme, people will ensure that their information traveled over Internet reaches the intended recipients and is safe from intruders because of the increased phishing and spoofing attacks on the internet. The most famous application of third party certification programme in Malaysia is provided by the MSC Trustgate.com Sdn.Bhd.

MCS Trustgate.com Sdn Bhd was established in 1999 as a licensed Certificate Authority ( CA ) which issues digital certificate to provide verification that the website does indeed represent its company. It is operating within the Multimedia Super Corridor. The objective of MSC Trustgate .com is to secure the open network communications from both locally and across the ASEAN region. It offers complete security solutions and leading trust services that needed by all the categories. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, and cryptographic products, Managed PKI, Personal ID, My Trust, MyKad ID, Managed Security Services, VeriSign Certified Training and Application Development.

MyKad PKI ( MyKey )

MyKey is the MSC Trustgate.com Sdn. Bhd.'s Digital Certificate which is MyKad PKI solution that works with your physically MyKad. It is class 2 certificate and has 1024-bit key length. When a document digitally signed with MyKey is treated as a legal binding document as it is with a handwritten signature. It provide highest protection for your data and transaction online with reliance limit for fraud protection.

VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority enabling secure e-commerce, communications, and interactions for Web sites, intranets, and extranets. VeriSign gives confidence to consumers because they can conveniently and securely log-in to their accounts to use online services.

VeriSign will review the credentials and check through all the background of organization to ensure that the claim of organization before issuing any server certificate. The browser will verify its business purpose through ID automatically when browser connects to a legitimate site with VeriSign SSL Certificates. After that, information received by Web visitor is identical to encryption between browser and server and no modification is taken place.

Related link:

http://www.msctrustgate.com/

http://www.mykey.com.my/Website/home.php

http://www.verisign.com/

The threat of online security: How safe is our data?

Due to the booming in internet and technology in computer, internet access security in personal information become more and more important. When Internet users browse any websites which contain the damaging threats, the regarding threats would attack or destroy their computers. The damaging threats such as viruses, spyware, adware and identity theft are common occurrence.

As an accountable company, the company must safeguard customer privacy as it is particularly critical for the financial service company.

Hackers are not the only or even the primary threats. Hazards lurk within the company as well, and need not stem from any criminal intent. Therefore, protecting customer data more than just adding security features to corporate computer system but it also involves an organized and standardized approach to collecting, storing and using consolidated customer data.

To protect customer privacy from possible threats from hackers, there should be proper security penetration testing, network security certification and security vulnerability assessments based on which a particular hacker safeguard certification mark and the security seal is then attached to websites making it more secure and trustworthy in the services that are catered to clients and customers. The hacker safeguard certification mark appears on a website viewable by clients and visitors who can then rely on the site with utmost belief.

The assured hacker safeguard certification that is guaranteed to a site with the security seal, detects such as SQL Injection by means of built-in intrusion detection system, does the security penetration testing, provides network security certification and protects web servers against the latest phishing schemes. The website with comprehensive security, meets the highest published website security standards. Customer can then browse safely carry out trouble free checkouts and transaction without the risk of websites security breach.

Technology is a great help to keeping private data private. But technology alone can’t win the war. So, business processes, trainings and attitudes have to lead the charge so that technology can support them in the effort to protect financial data and monitor financial activity.

Another way for company to secure customer information is outsourcing security service. But company has to be careful not to outsource privacy completely, or to rely too much on the consultant to make important decisions. Turn to outside help for direction, but always remain of its own programme.

Related link:

http://www.zdnetasia.com/itlibrary/security/0,3800009948,43536627p,00.htm

http://tools.cisco.com/security/center/caseStudies.x?i=51

http://www.emeraldinsight.com/Insight/viewPDF.jsp?contentType=Article&Filename=html/Output/Published/EmeraldFullTextArticle/Pdf/0460070505.pdf

How to safeguard our personal and financial data?

Since the network plays an important role in nowadays, it also creates many problems, such as gaining access to personal data. In this fact, we need to have a safeguard to protect the personal or financial data such as:

Guard your password

It is better that do not use real personal data in our password. We also need to frequently change password or do not use the same password for all accounts. A strong password must have at least 12 characters long. For example, when payment by using the credit card. The credit card password can fulfill those requirements and entering the credit card verification code is a good way in preventing those data from being stolen during online shopping.

Deal with companies we can trust

As we know, when we purchase any items online, we need to give our detail to the seller. So, if we purchase the goods for an unsecured site, there is a high probability that our personal detail will be leaked out. Secured site is usually verified by a trusted third party, so their effort or ability in protecting the private and confidential information will be stronger.

.

Avoid accessing and disclose financial information in public

Resist logging on to check our bank balance when working from a coffee shop that offers wireless access. These systems are convenient, but also unknown. Casual users have no way of assessing how sturdy their firewalls are. We also cannot disclose any information to others.

Look for "locks"

How can we tell if our financial site is really secured before we log on? The

Web address should start with "https," instead of "http". Also, look for small lock icon in the lower-right corner of the browser window.

Don't open mystery attachments

Never open an attachment or cli

ck on a link sent to us by an unknown party. Attachments can contain viruses and links

can lead unsuspecting users to dummy sites where they are asked to input financial information.

Install and update firewall, antispyware and antivirus programs

Firewalls help keeping hackers from using our computer to send out our personal information without our permission. Protect ourselves against viruses and Trojan Horses that may steal or modify the data on our own computer by installing the antivirus programs. Using the antispyware programs to remove the spyware hidden in software programs may affect the performance of our computer and gives attacks to our data. For those programs to be effective, it needs to be set up properly and updated regularly.

Related Link:

http://www.us-cert.gov/cas/tips/ST06-008.html

http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets

http://www.emeraldinsight.com/Insight/viewPDF.jsp?contentType=Article&Filename=html/Output/Published/EmeraldFullTextArticle/Pdf/0460070505.pdf

Phishing: Example and its prevention method

'Phishing' (pronounced 'fishing') is exactly for fishing information which included personal information such as credit card, bank account and social security numbers. It is a high-tech scam that used spoofed e-mail spam or pop-up messages to deceive users.The fraudsters can steal the identity and run up bills or commit crimes in your name.

Example of Phishing Email

• Scammer sends out phishing emails to claims the recipients account has been suspended.They need to verify some information to return their account to normal status.When the user clicks on a link and submits their information,then scammer compromises the user account.

Bank Phishing Spam

PayPal Phishing Spam

Example of Phishing Website

• This method supports the phishing email which is designed to reflect the legitimate web site and it is purporting to be. The fraudsters use multiple methods such as genuine looking images and text, disguising the URL in the address bar or totally removing the address ba

No Phishing Allowed: Prevention is better than cure.

1) Do not click on embedded link or unexpected e-mail.

If you initially don’t trust the sender of the e-mail message containing the link, don’t click the presented URL address or enter any confidential information. Instead of clicking the link, try manually typing the address in the URL bar to log directly the website’s home page.

2) Always look for "https" and padlock on website

The https:// (Hypertext Transfer Protocol over Secure Socket Layer )is used to implement a security method in website. There is an extra encryption and authentication layer standing between your protocol and the Internet provider. When loading an https:// or looked padlock on the internet browser’s status bar for doing a sensitive financial and personal transaction, you can also check the certificate of security scheme.

3) Password Protection

Although some phishes are good at knowing details and facts about the profile, but you are still the master of virtual household. Learn to use several passwords instead of just one. If a phished gains access to, for instant the blogging account and get the e-mail address. They cannot access more sensitive account with your blog account password simply because the phishes knows the wrong password to the right account if you have different passwords between blog account and e-mail account.

4) Use Specialized Domain Name System (DNS) service.

DNS service acts like a firewall when it filters phishing sites from the website you visit or have visited. It works with any type of browsers.Some security measures require outsiders to monitor and check around if the company is a target of phishes.

Resource Link:

http://www.fraudwatchinternational.com/phishing-fraud/phishing-protection/
http://www.dailybits.com/what-is-phishing-the-lessons-to-learn/
http://knowledge.epictouch.com/index.php?page=index_v2&id=151&c=25