A discussion on E-learning offered in Malaysian universities: Pros and Cons from the student’s perspective

E-learning (also known as electronic learning or eLearning) is a term used for all types of technology-enhanced learning (TEL). It is the technology which is used to support the learning process. In other words, E-learning means the delivery of a learning, training, or education program by electronic devices. Nowadays, Malaysian universities such as Universiti Putra Malaysia, Universiti Kebangsaan Malaysia, Universiti of Malaya and etc, have incorporated the e-learning strategies into their undergraduate programs.

E-learning is able to provide a vast amount of benefits for Malaysian universities which are implementing it.
1. Accessibility.
E-learning can promote great accessibility to all students irrespective of their physical locations. The students are able to communicate with their lecturers, deepen their knowledge in their particular subjects as well as materials through e-libraries by e-classes. Moreover, Universities that are well-equipped with electronic facilities can provide their fast and qualified assistance to their online students. Therefore, students’ interactions with their peers and lecturers will become easier, in comparison to a face-to-face communication.

2. Time and costs savings
By executing e-learning in the educational courses, it can reduce travel time and travel costs for off-campus students tremendously. With this, students can obtain online resources, discussion or communicate with their tutors or classmates at any time without the hassle of meeting and discussing physically.

3. Reduce environmental impact
When people are not required to travel around using vehicle to meet up, it will definitely reduce the overall unwanted waste in our Mother Earth. Waste can be hazardous to the whole ecosystem. Besides, the paper usage will also trim down by applying e-learning. The reason is because the students can directly study from the virtual notes uploaded. As opposed to using paper notes and paper assessments. Without a doubt, e-learning is a more environmentally friendly method of studying.


Nothing is perfect. Thus, there are still a few disadvantages of e-learning, which are:-
1. Inferior connection that will cause frustration.
At times, the students may face the problems due to the inferior internet connection that will result in difficulties in downloading notes, communicating and etc. In addition, they may also face the problems with the virtual notes or assessment being missing because of the usage of electronic device.

2. Lack of face-to-face communication
All in all, E-learning will cause students to have problems with understanding of explanation given by tutors because explanation online is still not as profound as a face-to-face explanation. In the long-run, student that doesn’t communicate physically may have low motivation or dreadful study habits. Other than that, the students can simply become lazier and will always procrastinate their work and in return, not being able to meet datelines. Last but not least, students will tend to feel isolated from their tutors and classmates.


Related Links: -

Electronic Learning
My E-learning talk wawasan open
Advantage of e-learning
Article of e-learning

Corporate Blogging

How does corporate blogging helps the organization?

Corporate blogs are widely used as a marketing communication tool which mainly serves the purposes of brand building, customer service, technical support and promotion for the company.

Not only it helps to build stronger relationships with important target groups (employees, clients, media, general public and shareholder) with low cost, it encourages employee participation in contribution of expertise and allows free discussion on issues or topics, thus generating a collective intelligence for the company.

Besides, corporate blogs also enable the customers to obtain the information needed rapidly through a series of discussion and to share their views or ideas by writing comments. Hence, valuable information and instant feedbacks can be communicated to the company which may inspire new ideas for improvement, therefore creating a two-way communication. Furthermore, it can be used to announce new products and services, explain and clarify policies of the company and to react on public criticism on certain issues.

Examples of corporate blog












· Dell’s corporate blog is a successful one as the company posts with a great conversational voice, and it listens and responds to customers as well as it publishes breaking news on their blogs. It also maintains its blogs postings with a minimum of 1 or 2 postings per day, to keep content fresh and encourage repeat visits. Generally, “Direct2Dell” focuses on Dell’s news such as launching of new products and etc.
Direct2Dell













· Southwest Airlines, unlike Dell, does not make its company as the main discussion topic in their blog postings, which is a relatively good thing for the visitors of their blog. The company blogs about itself as well as the airline industry with a “ personal touch “ and has been uploading a great deal of fun, behind-the-scenes videos which are both captivating and interesting. This is how Southwest Airlines make their visitors keep coming back and enjoy themselves while reading their postings. .
Nuts About Southwest













· GM FastLane Blog is a good example of corporate blogging, Apparently, GM has realized that the actual purpose of having corporate blogs are not to republish press releases or news which are already known to the public. Rather, GM emphasizes about their vehicles and the design choices they make while creating them in its blog. Also, it also stimulates discussion on interesting treatises about the current hot issues, such as alternative energy.
GM FastLane Blog

For more examples of corporate blogs, please refer to:
15 companies that really get corporate blogging

Benefits of corporate blogging:-
· Increase traffic of users who provides useful information
· Brand image creating, improvement on media relations, potential community building
· Reduce cost of traditional PR activities
· Search engine positioning (make your website rank higher)
· Centralized hosting and structured conversation threads of posts and comments allow easy information gathering for employees
· Reduce cost of thoughts and ideas gathering
· Employee integration
· Create corporate identity among employees

Although it shows that corporate blogs brings a great deal of opportunities and benefits, there are still problems with corporate blogging that a company must deal with.

Drawbacks of corporate blogging :-
· Make it easy for invasion of privacy or surpassing the information security system, resulting loss of company’s confidential data
· Expectation of updating blog regularly
· Need to responding customers instantly which otherwise would result in customers’ complaints and disappointment
· Accountability and credibility of the information provided by executives
· Risk of losing control over the communication strategy
· Unfavorable organization culture make known to public
· Leak of important insider information
Corporate blogs are basically beneficial to a company if used well, and a menace if used poorly. Hence, companies which participate in blogging activities should manage it effectively to the benefit of their companies.

Related links:
Corporate Blogs Not Trusted
Corporate blogs – innovative communication tool or another internet hype?

E-government in Malaysia

The implementation of e-government in Malaysia was initiated by the introduction of the Multimedia Super Corridor (MSC) in 1996. It seeks to improve convenience, accessibility and quality of transactions with citizens and businesses. Besides, it helps to improve information flow and processes within the government and this would enable the government to be more responsive to the needs of citizens.

Current applications of E-government in Malaysia include:
1) Electronic Labor Exchange :
- Includes job registration and matching system, job clearing system for the handicapped and etc
2) E-Perolehan system :
- assists suppliers on the transaction with the Government for the procurement of Government products and services
3) Road tax & driving license renewal
4) Traffic summons information and payment :
http://www.eservices.com.my/speedhp_BI.jsp
5) E-syariah
6) E-filing of income tax forms
7) EPF Account enquiries and payments (KWSP i-Account)
8) MIA(Malaysia Institute of Accountants) annual fee payment
9) Repayment of PTPTN loan :
10) Payment to Telekom, Tenaga Nasional and Indah water

Common problems encountered by consumers:
1) lack of awareness of the services offered
- the lack of advertising done by government about what it has to offer online has resulted in the ignorance of citizens about the existence of such online services, hence, they do not have the opportunity to enjoy the clicks of the mouse convenience.

2) Inaccessibility
- People who live in remote areas where internet connection is not easy to be accessed hinders them to benefit from using the applications of e-government system.

3) Lack of computer literacy and IT knowledge
- People who have minimal computer or IT knowledge will be less inclined to use online services as they are afraid they may not understand the steps for online processing or perceive it as a very difficult task for them to accomplish. Hence, they usually turn to offline services instead.

4) Security of transactions
- Users may not feel secured or safe to use online services as they fear the personal information will be accessed by other party for fraudulent purposes.

5) Language barrier
- Users may encounter difficulties when using the online services if they do not have a good grasp of the language used in the government websites.

Ways to encourage citizens to use these online applications:
1) Government should improve citizens’ awareness of the benefit brought by its online services as it is a convenient, efficient and cost effective to use and to access to the most current information available regarding the services offered.

2) Government websites should be designed in a way that is user-friendly and not too complicated and step-by-step guidance should be given to the users for processing transactions online.

3) To overcome the language barrier, translation of more types of languages should be made allowed.

4) Assurance regarding the security of transactions should be given to users by government. This can be accomplished by demonstrating to the public how strong the system is in preventing data stealing or modification by intruders.

5) Government may also improve the infrastructure of internet connection in remote areas to improvise the accessibility of users to internet and therefore benefitting from the online services provided.

Related links:-

Malaysia’s Government official Portal
E-government
Implementation of e-government in Malaysia

MADE IN MALAYSIA: E-COMMERCE WEBSITE (Review)

Our chosen one: Blooming Florist
Blooming Florist is an e-commerce website that is selling flowers, gifts, and etc for various seasonal needs, such as birthday, new born, wedding, valentines, condolences and many others. The products that they offer are quite conclusive, considering they are selling a similar group of products. This is a click-and-mortar e-commerce site because it also possesses a physical storefront.

APPEARANCE IS EVERYTHING.

The foremost thing that we notice from the website is that the website design is just average. This is because its design is lack of the element of attraction. The layout is not very eye-capturing, we believe that the layout should place fewer words in the Homepage because this will make the website look dull and not intriguing. Overall, the layout is kind of crammed and hard to read. Furthermore, they ought to use more vibrant colours in the website to make it look fresh and attractive. The white background colour is rather boring and there are insufficient pictures to detain user’s mind. Above all, the font size is a little too small, which users will tend to avoid reading it. Straining the customer’s eyes is not a good idea of selling ones products. Other than that, we suggest that the website should use “Adobe Flash Player” to create better layout and more interesting animation for superior navigation.
MAIN COMPONENTS OF AN E-STOREFRONT.

Electronic catalog: The electronic catalog provided in this website is in a grid form which is very systematic and organized. The products are well categorized to help user to search for products without difficulty. In addition, the information given in d catalog is adequate for customers. The name of the product, price, picture of the sample as well a “buy now” button for easy purchase.
Search engine: Within this website, they have provided a search engine tool at the top left of the webpage to aid customers to look for specific products. Thus, in this manner, users can seek for products in a faster mode. This can encourage customers to hunt for targeted products by just keying in the keyword instead of going through the e-catalog page-by-page.

Electronic cart: Blooming has also incorporated the “electronic cart” function to hold items that customers wish to buy. With this function, customers need not pay for the first item before shopping for the second item. In this condition, it is less tedious for the customers and thus making shopping with Blooming uncomplicated.

E-auction: The website did not adopt this facility. However, it is not a major component because Blooming is not selling durable products, flowers and fruits have a limited lifespan. For that reason, e-auction is not feasible for Blooming.

Payment gateway: For purchases, customers can make payment by a range of methods which are credit card payment, online banking, Kawanku ATM, WEBCASH, open bill payment and pay cash at Blooming outlets. With these well-diverse methods, it is very convenient for customers to make payment because they can select the most suitable payment means.

Shipment court: Due the the nature of the products sold by Blooming, it is definite that it provides delivery services.

Customer services: The website does offer a wide series of customer service. The list of services presented is as follows:
. Track Your Order
. Payment Methods
. Outstation Order
. Product & Material Used
. Verified by Visa/Master card
. FAQs (frequently asked questions)
. Refund Policy
. Valentine Refund Policy
. Delivery Services
. Outside Malaysia
. Privacy Policy

As you can see, these services are very useful to customers and it strengthens customer’s confidence in Blooming. They also appreciate customer’s opinion by giving an e-mail link for customer feedbacks. This can help them to continue to improve their products as well as the website.

OTHERS
We have also noticed that website’s map is well planned. This helps the navigation through the website. The WebPages are well-linked and one can easily go to the Homepage by clicking “home” icon. This can reduce confusion when customers are using the website.

Security is also important in transactions. For Blooming, they secure their website transactions with VeriSign. With this, buyers can place their trust on Blooming as a seller with integrity.
Fortunately, Blooming also offer “International Delivery”, meaning they are willing to send products to countries outside of Malaysia. This can be useful for customers that wish to send gifts to their loved ones half way round the world. Hence, they have a “currency converter” linked to their website to help customers to estimate the amount of money payable.

The download speed of Blooming is considered fast to us.

Reference:
Blooming Florist

SAY GOODBYE TO HASSLE! (Application of prepaid cash card for consumers)

WHAT IS PREPAID CASH CARD?

A prepaid cash card is a card that affords people without access to credit or debt cards the convenience of cashless payment. It's a sensible, more affordable alternative to having to carry cash and paying check-cashing fees. You load it with a balance of your choosing at the retail location where you purchased the card or via direct deposit of your checks. You can use it anywhere credit cards are accepted. For better illustration, we provide examples of prepaid cash card, which is, Touch ‘N Go, Octopus card in Hong Kong as well as Ez Link in Singapore.











WHAT ARE THE GOODIES INSTORED FOR USERS?

It’s a real world out there, only things that are highly beneficial will be well-supported by public. Thus, let’s look at the advantages a prepaid cash card brings: convenience, cost savings, and security are the biggest advantages of the prepaid cash card. As a substitute of having to rely on cash, consumers can have the convenience of a “credit card” to pay for purchases online, pay your bills, and even access ATMs nationwide. You also will save a lot of money by not having to pay check-cashing fees every time you get paid. A prepaid cash card enables you to take control of your financing by limiting your spending to money you actually have. Finally, you will enjoy the security of knowing you don't have to carry large amounts of cash around to pay for things anymore. You also will enjoy security protection with your card, so you will not be liable for charges if it is lost or stolen.

APPLICATIONS

The most popular prepaid cash card in our country is Touch ‘N Go. It is mainly used in highway tolls and public transportations, selected parking sites and theme park as a substitution to paying cash. As at today, Touch ‘N Go hasn’t venture into e-tailing yet. E-tailing is selling and buying products online. Example of usage of Touch ‘N Go is:
1. Highway: PLUS, ELITE, SILK and etc.
2. Public transport: RapidKL buses, Ampang Line, Kelana Jaya Line, KTM Komuter and KL Monorail.
3. Parking: Armada Hotel PJ, Pantai Hospital, Sunway Pyramid and etc.
4. Theme park: Bukit Merah Lake Town Resort


One the other hand, the Hong Kong Octopus card is also an example of prepaid cash card. The Octopus card has a built-in microchip containing an electronic purse and other applications which can accurately record the holders' transaction details. Consumers can simply hold their Octopus over a reader, and the correct amount will be deducted automatically. There's no longer a need for coins. Octopus is widely used in Hong Kong for purchases on public transport, and in convenience stores, fast food shops, supermarkets, cake shops, vending machines, schools and parking. Octopus is also used for office and residential premises access control. By possessing this card, people don’t have to worry if they do not have cash-on-hand, they can still travel, buy foodstuff and etc.






In other countries, they also have their own prepaid cash card to ease the users in their daily life. One of our neighbouring countries, Singapore, is using Ez-Link as their prepaid cash card. As for India, they have ItzCash card to act as cash.


FUTURE PROSPECTS

As consumers with high expectations, we will definitely look forward to the advancement of the Touch ‘N Go card in order to simplify our daily transactions. It is definitely a good concept because users won’t fall into debts with it as it does not function like a credit card. Besides, consumers will not overspend. Therefore, in future, Touch ‘N Go is trying to press on into providing services/payment methods for fast food purchase, dining, groceries and many more. In our opinion, Touch ‘N Go will become a successful prepaid cash card and more functions will be available in the near futur

Credit card debts: Causes and Prevention

A credit card can also be called as a charge card. It allows the consumers to purchase the products and services without using cash and only have to pay them at a later date. Thus, many card holders tend to take advantage of it and start spending impulsively. This is how they started to accumulate credit card debts. What causes them to be the credit card “slaves”?


Poor Money Management
Many credit card holders failed to manage their money properly. When they have free time, they will go shopping without having any purpose or target in mind. Hence, they spend hundreds or thousands of dollars each month buying things which are not needed and without realizing their excessive spending until the credit card bill arrives.

Low Income, High Expenses
Normally this will happen when there is a member in the family who has lost his/her job, rendering the total income of the family to shrink. With less cash in hand, people will start to rely on credit cards to make ends meet, having in mind that they will certainly be able to find a way to pay for the debts later on. Also, the purchasing habit of a person who relies on credit card heavily is not easy to change as a habit is not cultivated in just one or two days. It takes time before people can make adaptation to his/her buying behavior.

Non Financial Communication
Non financial communication is also one of the causes that contribute to the credit card debts. Parents should communicate more with their children about the current financial situation in their family. Without proper communication and sufficient understanding of the current situation, children will continue to be a big spender (i.e. loves to buy expensive branded goods using parents’ credit card) without realizing that the family in fact could not afford these luxury goods. Ultimately, the parents who are the credit card holders had no choice but to struggle to find ways to pay for the heavy credit card debts.

Since the credit card debts issue has become a burgeoning problem in this modern society today, here are some useful tips for its prevention measures.

Treat your Credit Card as your Cash
Always think of your credit card as a sum of cash that you hold it with you. For instance, set an appropriate amount of money that you can use on your credit card. Once it reaches the limit which you have preset, cease using the credit card. Also, every time you swipe your credit card, think of how many pieces of “imaginary” cash notes is gone and how many is left in your credit card. This way, you will have a better idea of how much you have spent and how much is left for you to spend.

Control Yourself
You should know your own ability to afford for certain items. The expenses you spend monthly should not exceed the amount of your income. If ever you have the urge to buy something which is out of your budget, think twice, and analyze whether it is really needed or not. You should be able to stay conscious and control your own buying desire before things are too late: feeling regret of bringing unwanted things home.

Good Finance Management
A well management of your finances will prevent you from getting loaded with credit card debts. You should determine your own monthly budgeted expenses and follow closely to your budget. The budget should only include the expenses for your daily necessities and perhaps some extra money for you to satisfy your shopping desire. However, this should not be an opportunity for you to spend excessively by swiping your credit cards. With a proper management of finances, you would not face the credit card debts problem at all.

Related Links:-
Credit Card Debt Resources
Credit Card Debt

Electronic currency

Electronic currency is also known as e-money or electronic money, digital cash or digital currency. It can be explained as the act of users buying goods through the internet. The money can be only be exchanged electronically. Usually, this will involve the use of computer networks, internet, and digit value systems. These institutions became popular in the 1980s among domestic right-wing extremists. By using e-currency, it provides some of the benefits and disadvantages to the users.

Advantages of Electronic Currency Payment System
By using e-currency, it will be safe from natural disasters like tsunami. It is because there is no physical currency. Base on the records from various servers, the restoration of the record is very simple.

Electronic currency payment can also easily replace the cheque book. The online payments are definitely far more easier and secured compared to paper transfer of money. It can save plenty of time because users do not have to queue up and wait at the bank.

Above and beyond that, the holders will not have to fear or worry about robbers as and when they are dealing with the physical cash for depositing and withdrawal purposes.

The privacy and confidentiality of the customer’s information will be protected by the usage of the electronic payment system.

Disadvantages of Electronic Currency Payment System
Electronic currency is facing a lack of records and difficulty to determine the identity that receives the money. As a result, the fraudster can easily carry out illegal activities over internet such as money laundering and etc.

Moreover, peer to peer double spending is also one of the significant disadvantages. Only when the consumer uses a peer-to-peer transaction, does the drawback surfaces. The bank is able to check the serial number of each coin in a transaction against its database of spent coins, and if the coin has been spent, the transaction will be denied.

Apart from that, let us introduce the many types of electronic currency that are in existence: click and buy, peppercoin, digicash and etc.

Click and Buy














Click and buy is one of the payment systems on the internet. About 26 countries have more than 14,000 merchants benefit from this complete service. It eases users in buying and selling online. Click and buy internet payment and billing system are one of the market leaders in whole of Europe. Normally, it is used by msn, Skype, ScanDisk, Apple iTunes, and etc.

Peppercoin

In the light of the current events, Chockstone had announced that it has acquired Peppercoin, which is a provider of card-based merchant loyalty programs and related consulting services. In order to tie customer loyalty programs to credit and debit cards at the point of sale, leading restaurant brands used the Peppercoin’s PCI-compliant services. Peppercoin also develops and markets an innovative suite of products and services for processing the payments to increase the revenue through the sale of low-priced offerings.
Related Link:-
Peppercoin acquired by Chockstone


DigiCash
DigiCash is another type of electronic currency. DigiCash Inc. was a pioneering corporation which is founded by David Chaum in 1990. However, it was declared bankruptcy in 1998 and the assets were sold to eCash Technologies. DigiCash allows consumers to make any amount of anonymous payment against other e-cash schemes. DigiCash will become more innovative and transform the online incentives into powerful new tools, establishing a strong, high-value connection between ecommerce companies and consumers.

Other Related Links:-
The New Money
Major e-micropayment vendors
GIST ABOUT E-CURRENCY SYSTEM

Mobile Payment Systems in Malaysia: its potentials and consumer adoption strategies

“Maxis FastTap”
On 9th April 2009, the world’s first contactless mobile payment system service which is named as “Maxis FastTap” has been launched in Malaysia, together with partners Nokia, financial services companies Visa and Maybank as well as Touch ‘n Go card. “Maxis FastTap” is an integrated mobile payment service which uses near field communication technology (NFC). It offers high levels of interoperability between devices and readers and it enables a mobile phone to be integrated with a wide range of features that allows credit card, debit card, ticketing and transportation payments.

Customers who sign up for Maxis FastTap are able to use their Nokia 6212 classic phones to buy goods and services at more than 1,800 Visa payWave merchant locations, pay for transit, toll, parking charges at more than 3,000 Touch ‘n Go points nationwide. With all prominent leaders in their field (Maxis, Nokia, Visa, Maybank & Touch n’Go) colllaborating for this new technology, certainly there is a great potential to explore a new commercial market that will spur the e-commerce industry in Malaysia.

Related link:
‘ World's first contactless mobile payment system’ launches in Malaysia


“Mobile money” (MM wallet)

MM wallet, on the other hand, is another mobile payment system which has been in the market for several years. Mobile Money is the pioneer of mobile payment using mobile phone in Malaysia. MM wallet allows its users to conduct transactions via short messaging service(SMS) by a 6-digit security PIN authorization using a mobile phone. Users could send cash to anyone, pay merchants, buy iTalk card, Celcom, and Maxis reload cards, pay utility bills simply by replying to an authorization PIN to make payment. Currently, the participating banks for MM wallet are Hong Leong Bank and Bumiputra Commerce Bank.

These mobile payment systems certainly have great potentials in Malaysia. As the targeted customers for these services are mobile phone subscribers and there are approximately 16 million mobile phone users in Malaysia, it is inevitable that it has vast market potentials in Malaysia. Plus, it brings convenience at our fingertips. This is the case especially when consumers are in need of cash but doesn’t have any in hand, therefore with mobile payments they do not need to even search for an ATM machine to withdraw money for making payments. In addition, mobile payment system also allows buyers to pay merchants for online order without disclosing their credit card details, thus increasing security of data and removing initial trust barriers between merchants and consumers. Through all these potentials, it leads to higher customer satisfaction and therefore creates an increasing trend of using mobile payment systems in Malaysia.

How to get more people to adopt this payment system?

1) Publicize this practical payment solution. Emphasize on the convenience it brings to its users as well as enlightening people on its functions and how it can be used in their daily lives.

2) Alliance with more banks and merchants to enable more consumers to benefit from the service. For instance, if a shopper intends to pay using mobile money (MM wallet), he/she must have either a savings, current or credit card account with the participating banks.

3) Enhance the payment security protection for its users to boost their confidence in using mobile payment system. For instance, a strong pin fraud protection system and prevention of password hacking system are crucial to secure the reliability of this system.

4) Continuous improvement of the system helps to secure customers’ loyalty and satisfaction.

5) Reduce transaction fee of such payment system.

Related link:
Mobile Money (MM wallet)

T.R.U.S.T (Third Party Certification)

WHAT'S THIRD PARTY CERTIFICATION?


















Third party certification is an assessment implemented to make sure there is compliance with industry standard. This method of securing transactions on the internet is well-embraced because it uses independent party.This technique is done by a third party organization that is qualified and licensed to issue certification. Certification will be licensed when the assessment is completed successfully.

WHAT'S UP?

Now we all know, of course, that "trust" is very very important when it comes to buying and selling online. Most people refuse to transact on the internet is because they lack of this element. Users are afraid that the sellers are either just pure scam bag, sending wrong items or poor quality items. On the other hand, sellers will also worry if the buyer is not genuine. I personally confess that I do not really trust buying things online because I simply do not have confidence in abstract shopping. Thus, what is stopping e-commerce is the "lack of trust" issue.

In the light of all these, MSC TrustGate and VeriSign have given solution to this matter, which is by the "third party certification". MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region.

TrustGate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development.

TrustGate is also committed to provide the finest Public Key Infrastructure (PKI) to assist all types of companies and institutions conducting their business over the Internet.

Moving on to VeriSign Inc, it is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, our SSL, identity and authentication, and domain name services allow companies and consumers all over the world to engage in trusted communications and commerce.


















HOW DO THESE TWO SYSTEMS WORK?
1. Cryptography, the science of coding messages so that only a specific audience understands them, is an ancient craft that has become a highly specialized science in the digital age. Certificate authorities, like a latter-day notary public, provide encryption services for "netizens" of the world wide web that insure security for anything from credit card purchases to national defense intelligence.

2. Verisign/TrustGate, the certificate authority (CA) organizations, assigns a digital signature to a customer that contains two encrypted codes called keys--a private key that certifies the customer and a public key, which certifies the customer to anyone using the customer's web site. These codes form what is called a "secure socket layer", or SSL (a digital system developed by Netscape) that insures the website's authenticity.

3. Verisign/TrustGate verifies web sites using a process that examines traditional documents like articles of incorporation and business licenses as well as digital verification of each site operated by the organization. It is this certification process that is represented by the Verisign/TrustGate trademark on participating web sites. The trademark is generally found in an upper or lower corner of a page and any order forms where personal information is requested should display one. Most Windows systems also display a warning screen when the computer switches to secure mode.

4. Each web site is issued a public key and a private key. The public key allows consumers or users to encrypt their transactions using SSL technology. The private key allows authorized users of the web site to receive information sent using the public key. This double-handshake system assures consumers that their transaction is secure and that only authorized representatives of the recipient's company have access to the information (like credit card numbers or bank information) they've sent.

5. Public and private key encryption has been used by merchants for years, but many banks are beginning to add another layer of security for consumers by providing systems that allow the consumer to verify with his own private key. Although this adds a second step to the log-in process for banking and other financial activities, it is the next step in secure encryption and will become more prevalent as CA's develop new ways to protect against cyber-theft and terrorism.

6. Verisign/TrustGate session services are available in various bit (number or pieces of data, or complexity of codes) sizes, beginning with 128 or 40 bits. Public/private keys within certificates are issued in 512 or 1024 bit packages. Since Verisign/TrustGate IDs work on almost all browsers, these companies have become pre-eminent, controlling a majority of certification of sites.

IS THE IMPLEMENTATION OF THIRD PARTY CERTIFICATION IMPROVING CUSTOMER TRUST?

1.Easy-to-use and manage with Web-based user and administrator services.
Customer are able to register or apply for extra certification through via web, thus, it will help customers to have faith on the third party programme because so simple to use and it doesn’t require complicated procedures.














2.Efficient of management of digital certificates.
Customer authorization for digital certificate and certificate issuance are done via Web-based service. Both customer and administrator services are browser-based and accessed through the Web. Therefore, it will tremendously strenghthen customer trust because they can access the digital certification and inquire about the certificate online.

3. Availability of solutions
Customer will have a better solution provided by the administrator if there are any threats that tampers the company system. The user can contact the administrator to provide a solution to the customer to solve the problem. All in all, it will increase customer trust because of the efficient and effective management of the programme.

4.Complete control over digital certificate issuance, usage, certificate content.
By having this application users would have ultimate control over the service level and certificate. Unlike other public CA deployment model which customer only can rely on the public CA.

PROBLEMS WITH VERISIGN'S NEW FLASH-BASED "TRUST MARK" SEAL.
The newly designed VeriSign Trust Mark is positioned as a way for VeriSign's customers to better communicate the authenticity of their site to potential consumers online. Unfortunately, they implemented it very poorly. One of the Flash designer and developer, analyzed their implementation and found numerous problems, including several ways in which it can be trivially spoofed. His analysis, with a live demonstration, appears at http://www.infinitumdesign.com/verisign.html

Well, in my opinion, third party certification definitely helped in the trust issue by minimizing risk of information being leaked or exposed. However, nothing is a guarantee, so as users of internet, we should be more aware of the current issues on information privacy breaches and equip ourselves with necessary knowledge to avoid damages transacting online.

How to safeguard our personal and financial data?

1. Install a firewall to act as a gatekeeper which guards your network access.
This software checks whether data attempting to enter or leave your network should be allowed, according to rules that you define. It helps to prevent hackers from entering to your network to destroy, change or steal your data. DSL or cable modem provides an added layer of protection to your computer security as it comes with another built-in firewall while older computers or internet users who use dial-up connection are required to install a firewall separately.













2. Be vigilant while using the internet: look out for phishing scammers and viruses
contained in attachments.
Never open an attachment or click on a link embedded in an email from an unknown party. Even if the sender is a known party asking for personal details, one should independently verify the validity of the requests as well as the legitimacy of the organization. Phishers can bring you to a site which looks and feels like the authentic organization which you previously had dealings with. Also, look for small lock icon on the lower right corner of the browser window. Besides, attachments from mysterious sender can contain viruses which can corrupt your files and data.








3. Using encryption as a means to render data unreadable to unauthorized users.
Encryption is often used to achieve data security and privacy. It uses an algorithm to change the contents of computer messages or files into codes which are in an unreadable from, so as to prevent unauthorized eavesdropping along the transmission line. Only the authorized users have the “key” to convert the encrypted information or ciphertext back to a readable form.










4. Inquire web owners what precautions they have against malicious attacks
Database should be designed in a secured way, in which the database management system should not allow user to directly change the data, giving opportunities to hackers to abuse Structured Query Language (SQL) and reach parts of the system they should not be able to access. Although we are unlikely to be involved in writing a web application, we can, however, ask the web owners what precautions they have against SQL injections and other potential vulnerabilities before deciding to input our personal and financial data into its database system.

5. Back up your personal and financial information
This is certainly a sensible way to mitigate problems arising from data loss or files corrupted due to virus attack. Offsite copies of your data can be accomplished in two ways: 1) place hard copies of your personal data at a secured place; or 2) use an online service and synchronize your files with the off-site server.

6. Keeping operating systems and browser updated
Keeping both of this updated will ensure the computer to operate more efficiently and to include more security protection against infringement. Security flaws in the not-so-updated versions could be patched up in the up-to-date versions and this helps to reduce the possibility of Intruders to invade into the system and manipulating the data by taking advantage of the vulnerabilities observed.

7. Setting a strong password and be alert when you’re typing your password or pin number
A combination of uppercase and lowercase letters, numbers, and symbols will offer you a more secured password. Do not use personal information like your birthday, child’s name as your password as these can be easily guessed by others. Also, do not share your password or write it down, giving the others the opportunity to gain access to your personal and financial information. Moreover, shield your password with your hand when you’re typing it particularly in public area.











8. Install and update antispyware and antivirus programs
Virus will slow down the computer’s operation and cause data loss. Hence, do scan your computers regularly with these programs and keep them updated from time to time. This will inevitably prevent viruses, Trojan horse, spywares from attacking our computers.


To learn more, please refer to:
- Safeguard your financial life
- The best ways to safeguard personal data on social networks

Phishing: Examples and its Prevention methods

• Phishing is an attempt of online identity theft in which confidential and sensitive information of an individual is obtained by disguising as a trustworthy entity in an electronic communication. Usually, a phishing scam can be seen in e-mail messages, social networking website, forged website which accepts donation for charity and instant messaging program. It often places links and directs users to enter details such as passwords, usernames, and credit card details under the pretense of the official or legitimate website.
  
• 
  Phishing scams
  Example 1: Below is a phishing e-mail which disguises as Internal Revenue Service of the United States
  

Abundance of e-mails is sent to potential victims advising them that they are under investigation by the IRS or that they have a refund pending from the IRS. The e-mail then asks the intended victim to “click here” which is a link contained within the e-mail to access the IRS website and prompts the victim for personal information, credit card numbers and credit card pin numbers.

Tips to avoid being a victim
• Tax payers should be aware that government entity such as IRS does not initiate tax payer communications through e-mail. IRB never sends out unsolicited e-mails to request personal information, credit card information and pin numbers.
• Do not reply, open any attachments or click on any links if you receive an e-mail claiming to be from IRS.
• Contact IRS by phone to inquire about your account if you believe it might be legitimate. However, most likely it isn’t.

Example 2: Bank phishing emails are very common too
Tips to avoid being a victim
• Most phishing e-mails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or Credit Card Company will be addressed to you by name. Thus, be suspicious if generic greeting is used.
• Beware of forged links. HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. Even if a link has a domain name which seems correct and authentic, it may not link to the real organization. Do not click on the link provided in the email. Also, it is preferable to call and enquire the bank that you usually deal with.

Notice in the following example that resting the cursor on the link, reveal the real Web address. If the string of numbers looks nothing like the actual company’s Web address, don’t click on it.

• “https” are safer websites than “http”. The “s” refers to as “secure”. Do not proceed if it is not an “https” website.
• If ever you’re required to open up a link, do not click on a link provided in the e-mail, rather, the best option is to open up a new browser window and type in the address which you know to be the authentic one. Or else, you could call the bank or company directly if you have dealings with them and have spoken to them by telephone before.
• The creation of sense of urgency by phishers is to entice people to react immediately without thinking twice about what they are doing. Internet users should always have a clear mind and not acting impulsively which will eventually lead them to be one of the victims.
• Generally, no legitimate business will request its client to send their passwords, login names, pin numbers or any other kind of personal information through an e-mail. If an e-mail requires you to submit personal data, it is probably a phishing attempt.

Example 3: Phishing case with Java Script on eBay.com
Perhaps the most sophisticated phishing scam is with java script. Scammers are given the opportunity to set up traps right on eBay.com as eBay allows java script to be manipulated. The internet criminal uses a forged feedback in order to make buyers believe he has a reputation at eBay. Check out the following:

Fake feedback
A feedback score of 120, Paypal buyer protection button and power seller.















Real FeedBack















To learn more about java script scam, please refer to :-
Acquiring personal information with java script

Other prevention methods of phishing scams:
Upgrading your browser to Internet Explorer 7 with built-in Phishing Filter which is designed to warn or block you from potentially harmful Web sites.
1. An excellent password manager helps to secure your logins, hide your keystrokes and encrypt your passwords. It is a guard against identity theft. It should not release your personal data if the site is not legitimate and has been spoofed.
2. Phoolproof Phishing Prevention. Please refer to:
Phoolproof Phishing Prevention

Take a look at these interesting articles about Malaysia’s online security issues:
• Cyber security in Malaysia Is rated above average
• Phish, your money’s gone!

The threat of online security: How safe is our data?

With the rapid advancement of technology, computerized systems have become a more preferred method among businesses and individuals than manual systems to store a vast amount of data and information. Consequently, the online security which protects data from loss, damage, abuse and misuse has become a major issue of concern for internet users.

Ironically, as the society becomes more and more technologically savvy, the risks of infringement of confidentiality and security of data increase as well. With internet being a medium which connects people from every nook and cranny of the world, it poses a great threat that jeopardizes the online security of data.

Cyber attacks fall under several categories: (1) Accidental Actions; (2) Malicious Attacks; (3) Natural disasters.

(1) Accidental Actions
Accidental actions includes matters such as setting poor passwords, accidental or incorrect business transactions, accidental disclosure of confidential information, outdated software which is easily trespassed by intruders as well as theft or misplace of notebooks which give rise to intruders to access to company’s data.

The root of causing these unintentional acts is attributed to the deficiency of basic knowledge about online security concepts which then result in using security products which are not configured properly. An incorrectly configured web server can allow even an unsophisticated hacker to access files and directories on the web server that should not be accessible. Ultimately, it leads to leakage of important information to outsiders due to insecure information transfers.

(2) Malicious Attacks
These are attacks which are aimed to do harm by breaking through the security defense created by the organization or individuals. The most common threats which internet users face nowadays are cybercrime, hacking, phishing and network attacks.

(a)Cybercrime & Hacking
Cybercrime is the use of online computers as an instrument to conduct illegal acts. Since the internet is inherently open, computer and network experts such as crackers, hackers and corporate spies are “hired” to gain access to competitors’ server to destroy data, change or steal important information without proper authorization given. It involves the violation of privacy of others and it typically attacks computer-based property such as files or web pages.

Hackers can easily learn about the targeted company’s web-based applications and discover its vulnerabilities in order to disguise as genuine users who are able to connect to the company’s web server and do whatever a user could do. For instance, hackers can attack by using SQL injection by circumventing the username and password required to gain access to the database and easily alter the stored data such as ledgers.



(b)Phishing
Internet scam that is designed to trick the recipient into revealing credit card details, usernames, passwords, and other personal information to individuals who intend to use them for fraudulent purposes is known as phishing. The communications are sent in the manner that it looks as if they come from reputable and trustworthy companies. Very often, a phishing attempt requests the recipient to verify their bank account by asking them to click on a link provided in the email and giving his/her personal information. The consequences of giving such confidential information to an unknown person could be very severe.

(c) Network Attacks
Several forms of malicious-logic program are virus, Trojan Horse, computer worm, Denial of Service attacks and etc. Virus, being the most common type of malicious code, its attack is pervasive, in which it can damage the operating system, spread throughout the computer and infecting other computer files, rendering files being corrupted or causing data loss or damaged.

A Trojan Horse is a program that secretly hides within or looks like a legitimate program giving people the impression that it is harmless. However, one may realize that it actually will do harm to one’s computer and data files when it is triggered with certain conditions satisfied.

Distributed Denial of Service attacks (DDOS) attack a web server by overwhelming server with overflowing messages which appear to be normal. The DDOS attacker will instruct its key players to simultaneously send data packets against the given IP addresses using false source addresses. Since the attack contains too much information to be processed, the target server has no choice but to disconnect from the internet or by denying service indiscriminately to all clients sending incoming data. Hence, this shows a potential risk of data loss in transit as client may not know whether his/her data sent is received by the web server.


(3) Natural disasters
Natural disasters also pose a threat to online security. Natural disasters such as fire, flood, earthquake which occurrence at the place where server and database hardware are located can cause data stored to be destroyed or lost. Hence, a comprehensive disaster recovery plan should be in place before any unpleasing event happens.

Related links:-
Computer Security Ethics and Privacy
Top Online Security Threats for 2009
Computer Security, Viruses and Threats