Monday, June 3, 2019

Website For Malaysian Insurance Institute

Website For Malayan indemnification workINTRODUCTIONThe project aim is to setup a website for Malaysian damages to allow indemnification place leader to enroll their candidates for the Pre-Contract Examination. In phase 1, the author go forth conduct a few studies related to the electronic mercantile system to allow insurance agency leader to pay for the trial run fees. Furthermore, additional security features to protect the website and the substance abuser will in like manner be oeuvre to enhance the security of the website.FINDINGSBackground Study of Malaysian Insurance foundMalaysian Insurance Institute is a non-profit brass section that founded in 1968. This organization is a leading insurance institute that provide insurance knowledge, training and offer all kinds of qualifications that recognized by the international insurance club such as insurance, financial planning and risk anxiety. MII is known as the primary insurance knowledge provider in Malaysia. It wo rks together with other insurance comp both in the industry with supports and helps from the Bank Negara Malaysia and Regulator to guarantee the provided education is up to date and fulfill the changes in the insurance industry.Figure 1.1 Malaysian Insurance Institute Website1.1 MII AS EDUCATIONAL AND TRAINING BODYAn average of 300 training programs is organized by MII to educate the brokers, insurers, reinsurers, adjusters and regulators. In each training program, there atomic number 18 about 10,000 participants from all other countries including Malaysia. These outstanding records make MII a place in the Education Board of the Federation of Afro Asian Insurers and Reinsurers (FAIR) that based in Egypt. to a fault that, MII also help general and life insurance agents by providing training to them. These training will help them to provide a better service to their customers. For agency leaders, MII is ally with LIMRA (USA) to organize the Agency Management Training Course (AMTC) t o upgrade their leadership and professionalism.There be two primary professional programs provide by MII. They are the Diploma of The Malaysian Insurance Institute (DMII) and the Associateship of The Malaysian Insurance Institute (AMII). These two programs are the basic requirement for the insurance industry and also for the emerging markets.1.2 MII AS EXAMINATION CENTREMII act as a guardian to monitor the education standards of insurance exam. excessively that, it is also the authorized exam center to conduct insurance examination. MII offers 32 major examinations that attract over 60 thousand candidates for the insurance industry in a social class. Because of the outstanding management and good reputation as an education and exam centre, MII is consigned to be the primary place to conduct some others examinations that organize by others examination bodies such as The Institute of Risk Management (UK), Chartered Institute of Loss Adjusters ( UK), The Insurance Institute of Amer ica ( USA), The Society of Actuaries (USA) and others.1.3 MII AS INSURANCE INFORMATION CENTREMII is noble to have their own library that specialized in the insurance industry and others related industry. Besides that, all kind of collection of books, magazines or journals that related to insurance is also collect by the library for public use. Moreover, MII also has an electronic library portal that publish information to the public such as online cuttingfoundspapers, electronic journals, links to others insurance companies, associations, regulators, university and other related sectors.1.4 MII AS CONFERENCE ORGANIZERThere are around eight assemblages that conducted by MII in a year which was planned to fulfill the urgencys of the emerging insurance industry. Most of the conference receives massive response from all kinds of descent industry from local and international. These conferences not tho provide experience and knowledge to the public but also provide a chance to each other to build up their networking with other industry.1.5 connexion WITH INTERNATIONAL BODIESMII has a firm belief in collaborating its lawsuits and resources together with other reputable insurance education bodies throughout the world so as to maximise and leverage on each others strengths. MIIs commitment to deliver the best quality standards in education is reflected in its international links with major insurance institutions, universities and pertinent organisations. Among the collaborations that MII has established are with The Chartered Insurance Institute (UK), Australasian Institute of Chartered Loss adjusters (AICLA), Chartered Institute of Loss Adjusters (CILA), Australian New Zealand Institute of Insurance and Finance (ANZIIF), LOMA (USA), Institute of Risk Management (UK), LIMRA (USA) and others1.6 INTERNATIONAL PRESENCEWhile addressing the domestic needs will always remain as a main focus and priority, MII has also spread its wings into the international scene, particularly in fulfilling the needs of the emerging markets. This is in line with its vision to be the preferable Institute for training solutions, education and information in insurance in Malaysia and the emerging markets. The increasing numbers and wide range of international training participants and conference delegates is a testimony of the recognition and regard for the relevant and high quality programmes being offered by MII.MIIs presence in the emerging market, particularly within the ASEAN portion is quite significant. When the 10 ASEAN insurance regulatory authorities formed the ASEAN Insurance Training Research Institute (AITRI), MII was given the honour to lead as the secretariate for AITRI. AITRI is a non-profit organization to provide regional research, insurance education and training support for the regulators as well as the industry of the ASEAN member countries. Its activities are feature in international publications and have gained great recognition and i nternational support such as the World Bank (USA), International Association for Insurance Supervisors ( Switzerland), patch of the Superintendent of financial Institutions ( Canada) and others.1.7 INTERNATIONAL AWARDMII won a title named as Professional Service Provider of the Year 2007 Award at year 2007 from The Review Worldwide Reinsurance Association in London, U.K. MII show up as the first winner that come from Asia after 14 years when the award is started. MIIs effort and their compliance for the training and the education was the reasons for them to receive the award.1.8 List of Certification and Professional ProgramsThe list below is the certification or professional programs that offer by Malaysian Insurance Institute. These certification or professional programs are recognized by all the insurance company in Malaysia. The agent of an insurance company es moveial possess the related certification or professional programs to promote or sell the insurance to the customers .Diploma of Financial ServicesAssociateship of the Malaysia Insurance Institute (AMII)Associateship of the Malaysia Insurance Institute (AMII) InternationalDiploma of the Malaysia Insurance Institute (DMII)Diploma of the Malaysia Insurance Institute (DMII) Life documentation of MII Insurance (CMII Insurance)Pre-Contract Examination for Insurance Agent (PCEIA)Certificate Examination in Investment-Linked Life Insurance (CEILLI)International Certificate in Risk Management (CIRM)Basic Agency Management Course (BAMC)Registered Financial contriver (RFP)Basic Certificate Course in Loss Adjusting (BCCILA)Intermediate Certificate Course in Loss Adjusting (ICCILA)Basic Certificate Course in Insurance Broking (BCCIB)Intermediate Certificate Course in Insurance Broking (ICCIB)Certificate in General Insurance Actuarial Practice (CGIAP)1.9 expirationMII is a powerful organization that provides high quality education to the insurance industry and others related field. Besides that, MII is also recognized by international organization for their quality services and sharp programs.Literature ReviewThis chapter discusses about the online electronic commerce constitution and the security features that plan to implement on the registration website such as on hide come uponboard, multi step au and sotication and secure socket layer.2.1 electronic CommerceElectronic commerce is known as any transaction or defrayment that occurs through the internet. It includes a wide range of area such as auction website, retail website, registration website, banking website, and etc. The content of electronic commerce can be goods or services. It has become important with the emerging of the internet and World Wide Web.Since electronic commerce is conduct on the internet, so the customer can ignore the breastwork of distance and time. The electronic commerce is growing frequently since five years ago and it is expected to growing in faster rate.When electronic commerce is conducted, it g overnment agency online payment will be conduct during the transaction. There are several of payment method are available online such as ac address card, PayPal, and Google checkout.(Networksolution, 2010) realisation card is the most prevalent payment method used by most of the electronic commerce website. A marketing research shows that an electronic business will lost 60 to 80 percent of potential customers if credit card payment is not implemented in their electronic commerce system.With credit cards payment enabled, it makes the customer has the impulse to purchase an item at anytime and also ensure the legitimacy of the electronic business to the customers.(EasyStoreCreator, 2010)Another popular online payment method is PayPal. The benefit of PayPal is it allows the merchant or customer to make online and offline transaction at anytime. Furthermore, PayPal is well known for its ease of use and no verification bounding of credit rating. The users of PayPal only need to verify their electronic mail address and their accounts individualised information. Payment can be easily directed to the PayPal account with the tied electronic mail address like emailprotectedAdditionally, Google checkout is also a preference of some electronic business merchant. Google checkout fast enough to become popular is because the provided service of this system is user friendly, very stable and reliable. Another benefits of Google checkout is it charge lesser merchant fees compare to PayPal and this makes it grow at a fast rate.(Arora.n, 2010)2.2 Types of Electronic CommerceThere are multiple types of electronic commerce that are available on the internet. Among all kinds of electronic commerce, there are 4 popular types that occupy most of the electronic commerce website. They are business-to-business (B2B), business-to-consumer (B2C), consumer-to-business (C2B), consumer-to-consumer (C2C).Out of these popular types, there are also some others electronic commerce are used b y those electronic business merchant such as business-to-employee (B2E), government-to-government (G2G), government-to-employee (G2E), government-to-business (G2B), business-to-government (B2G), government-to-citizen (G2C), citizen-to-government (C2G) and etc.(DigitSmith Embroidery and Screen Printing, 2006)2.3 On Screen KeyboardOn screen keyboard is a software or application that shows on the monitor of the computer. It allow user to input any kind of text by mouse or the monitors tint screen. On screen keyboard can help those mobility impairment people or those people that cannot type. Besides that, on screen keyboard also can help users to get out those virus, Trojan or key logger to steal data (Microsoft Corporation, 2010).Figure 2.1 shows an example of on screen keyboard. It is a default application that comes with the operating system provide by Microsoft.msosk.jpgFigure 2.1 Microsoft on screen keyboard2.4 Multi Step AuthenticationThe single factor authentication such as the username and word form is widely used by a lot of website in the World Wide Web. Due to the demand for more security during login, an ideology named multi step authentication has been gain to fulfill the public demand.Multi step authentication is a process of login and authenticates users in multiple webpage. The first step of the authentication is verify the username entered by the user. If it is match with any name inside the database, then the user will be redirect to the second step. Second step mandatory the user to enter their password and if it is correct, then the system will redirect the user to the services they login to.(Agilewebsolutions, 2010)Besides that, this feature also delay any malware that using form robot to capture password entered by the user because there is two different login processes is performing.2.5 Secure Socket stratum Protocol(SSL)Secure Socket Layer is a well known protocol that uses to provide a secure connection amidst the server and the client. The purpose to secure a connection is to protect the integrity of data, privacy and authentication.SSL protect data by encrypting a plaintext message to ciphertext. Ciphertext is meaningless to allone if someone captured the data packet try to crack it. A pair of key is used to encrypt the data. They are named public key and private key. Public key is used to encrypt data that send from the client and the private key is used to decrypt the data that received by the server.To ensure the server side is the real owner of the service provider, a digital certificate will be issue by a triplet party certificate authority such as GeoTrust and VeriSign. This process is to identify the domain is maintain by the recognized owner and it is legal. Figure 2.2 shows an example of digital certificate. (GeoCerts, 2010)cert.gifFigure 2.2 Digital CertificateNetscape introduced the SSL Protocol in 1994 due to the concern for the security over the internet was rising. At first, SSL is develop to secure the connection between the server and the client but modification was make to fit it in to other services such as TELNET, FTP, Email and etc. (Martz. C, 2010)2.6 Conclusion security measure feature is an important session to keep a website safe from any threats. All the features discussed is planned to implement into the website to work with the electronic commerce system and the website security.Electronic Commerce System SecurityIt is a big challenge to maintain and securing an electronic commerce system as the internet world is emerging every day. It is important for electronic merchant to implement security for their electronic commerce website.3.1 Components of Electronic Commerce SecurityThere are 5 components of electronic commerce security that is important to electronic commerce website. The first component is containment that uses to prevent all kinds of violates. The second component is compartmentalization that uses to avoid unauthorized access to the websit e system. Besides that, it prevents collateral damage deal to the website during attacks. The third component is continuity that guarantees website system to keep running even during DOS attacks or even during the equipment failure. The fourth component is recovery that frequently starts the recovery operation during external attacks or malicious internal activity. The fifth component is performance that ensures the network performance is not decrease due to the others security operation.3.2 Electronic Commerce VulnerabilitiesThe fearful of online transaction threats has been increase with all types of attacks. Multiple vulnerabilities will be discussed to understand their characteristic.3.2.1 SQL InjectionSQL injection is a technique that inserts the SQL meta character into the user input. This technique allows the attacker to force the back-end database to execute the command entered into the system. To check whether the website is vulnerable to this attack, a single quote () cha racter will be send into the database. An invulnerable website will return an error message which exposes the technology being used at the host machine. These information is enough for the attackers to perform further attacks to the restricted area or the operation system.SQL injection attack can be different depends on the types of database. If the attack is conduct on the prophet database, it needs the UNION keyword to execute and it is harder to capture compare to Microsoft SQL server.(Mookhey. K. K, 2004)3.2.2 Price ManipulationThis is a new threat that threatens the payment gateway and the shopping cart. In the park case, the total price that needs to pay by the customer is presentd in a hidden HTML field. A web application procurator such as Achilles can modify these figures when the information is send from the users browser to the website.The figure 3.1 is taken from one of the Symantec article showing that the price can be modify by the attackers to any value. Then, this information will be send to the merchants payment gateway.(Mookhey. K. K, 2004)achilles.jpgFigure 3.1 Achilles web proxy3.2.3 Buffer OverflowsBad consequences will be happen when massive number of bytes is sent to an application that is not set up properly to handle these bytes. According to K. K. Mookhey, the path of the PHP functions is exposed when he sent in a very large value in the input field.Figure 3.2 shows that when a large value is sent in and the PHP paw cannot process the value, the returned error message expose the location of the PHP functions. This error message reveals the admin folder that allows attackers to conduct further attacks.(Mookhey. K. K, 2004)phptimeout.jpgFigure 3.2 PHP timeout error3.2.4 Cross-site ScriptingCross-site scripting is primary concentrated to the end user and also leverages two factors, the weak input output validation of the web application and the trust gain from the user to the well known website name.This attack required the website t o take in user input, process it and shows the result together with the original user input. This sequence is commonly found in the search system. The attacker conducts the attack by embedding the JavaScript into the user input as part of the input. Then, a link will be created which contain this JavaScript and the victim will be persuaded to click on it. For example, the URL will looks similar like this http//www.vulnerablesite.com/cgibin/search.php?keywords=alert(OK).This example will pop up an alert box that shows the text OK. The attacker can place the script they want into this link to conduct the attack.Usually, the attacker will use this method to capture the victims cookies that whitethorn contain victims sensitive information. Besides that, the JavaScript can be also use to redirect the victim to the website that contain malicious code and conduct the attack at there.3.2.5 Weak AuthenticationAuthentication system that does not block multiple fail login can lead to unexpecte d consequences. An attacker may use some brute force software to guess an accounts password by sending all kinds of combination to the server to validate the password. Another weak authentication is when the website uses basic authentication but does not transfer it through SSL. assailant can sniff the traffic packet and discover the user information inside the packets.3.3 Pros and Cons of Electronic Commerce SystemAlthough electronic commerce provide a lot of benefits to electronic business and the consumer, but there are also some consequences that affect both merchant and the consumer.The benefits of electronic commerce are it save the users time compare to shopping at any shops or markets. Everything transaction is conduct on the internet and just a few clicks, consumer can corrupt everything they want and pay it. Compare to shopping at regular shop, consumer have to travel to the shop, park the car, walk to the shop, browse the shop for the item, then pay it and that is squa nder a lot of time.Electronic commerce is cheap compare to the reaping selling at regular shops and markets. This is because every electronic merchant does not need to pay for the rental and utilities expenses like the physical shop. That is why they can sell cheaper product when they do not need to cover these expenses. Besides that, lowering the product price is one of the marketing skills to attract customers to obtain from their electronic shop.(Finnila. J, 2008)Most of the electronic commerce is supported with credit cards paying method. With this method enable, consumer does not need to download or install special plugin to make a transaction. Besides that, consumers with credit cards are always fill with impulse to buy something during every visit. Furthermore, the electronic merchant can keep the customer transaction information for future use such as follow up sales or advertise product.(Nightcats Multimedia Productions, 2010)The disadvantages of electronic commerce are the competitor is all around the world. Electronic merchant have to keep generate new marketing strategy to attract customers or keep the customers to visit them again.As the internet world is changing rapidly, there are a lot of new traps appear to steal information from the consumer such as phishing website and malicious scripts. For any electronic commerce user that unaware to these internet threats will expose their face-to-face confidential information to those scam owners.(Finnila. J, 2008)From the point of view of most of the customers, it is an abuse to the customers personal information when the electronic merchant keeps the information for future use. The customer may want to keep their personal information in private and it is better to request for their permission before their information is used. Besides that, the customers also worry that their personal information may leak out to the public in any accident. It is a benefit for the merchant but a disadvantage to the c ustomers.(Nightcats Multimedia Productions, 2010)3.4 ConclusionIt is important to electronic merchant to secure their electronic commerce system to prevent all kinds of incident that cause unexpected losses to the business.CONCLUSIONSThe author successfully completed objective one to three in the phase 1 of the project. The author learns how MII works in daily operation and their roles and responsibilities. Besides that, the author also learn how those additional security features works to protect the website and the users. As a proof of meeting objective one to three, the reference list below shows unlike information from different sites.REFERENCES (BACKGROUND READING MATERIALS)About MII (Online) (Cited 20 MAY 2010) visible(prenominal) fromhttp//www.insurance.com.my/mii2010/about.htmlMII Vision and Mission (Online) (Cited 21 MAY 2010) usable fromhttp//www.insurance.com.my/mii2010/about_vision.htmlCertification and Professional Programmes (Online) (Cited 22 MAY 2010) Available fr omhttp//www.insurance.com.my/mii2010/certification.htmlWhat is Ecommerce? (Online) (Cited 23 MAY 2010) Available fromhttp//www.networksolutions.com/education/what-is-ecommerce/Choosing a Merchant Credit carte du jour Processing Vendor To Meet Your ecommerce Credit Card Processing Needs (Online) (Cited 25 MAY 2010) Available fromhttp//www.easystorecreator.com/choosing-vendor.aspDifferent Payment Methods in E-Commerce Website (Online) (Cited 26 MAY 2010) Available fromhttp//ezinearticles.com/?Different-Payment-Methods-in-E-Commerce-Websiteid=2073803Ecommerce definition and types of ecommerce (Online) (Cited 26 MAY 2010) Available fromhttp//www.digitsmith.com/ecommerce-definition.htmlHandling Financial Web Site Tricks (Online) (Cited 28 MAY 2010) Available fromhttp//help.agile.ws/1Password3/multi_step_logins.htmlTwo-Step Authentication Method For Online Banking (Online) (Cited 30 MAY 2010) Available fromhttp//priorartdatabase.com/IPCOM/000126859Handling Financial Web Site Tricks (Onlin e) (Cited 30 MAY 2010) Available fromhttp//help.agile.ws/1Password3/multi_step_logins.htmlTurn On and Use On-Screen Keyboard (Online) (cited 31 MAY 2010) Available from http//www.microsoft.com/windowsxp/using/accessibility/oskturnonuse.mspxSSL Secure Sockets Layer (Online) (Cited 1 JUNE 2010) Available fromhttp//www.birds-eye.net/definition/s/ssl-secure_sockets_layer.shtmlHow SSL Works (Online) (Cited 1 JUNE 2010) Available fromhttp//www.geocerts.com/ssl/how_ssl_worksPros Cons of E-Commerce (Online) (Cited 2 JUNE 2010) Available fromhttp//ezinearticles.com/?Pros-and-Cons-of-E-Commerceid=1481356Pros and Cons for consumers when shopping online (Online) (Cited 2 JUNE 2010) Available fromhttp//www.nireland.com/e.commerce/Pros%20and%20Cons.htmBeginners Guide to Ecommerce (Online) (Cited 2 JUNE 2010) Available fromhttp//www.nightcats.com/sales/free.html5 Essential Components of E-Commerce Security (Online) (Cited 3 JUNE 2010) Available fromhttp//www.intruguard.com/E-commerceSecurity.htm lCommon Security Vulnerabilities in e-commerce Systems (Online) (Cited 4 JUNE 2010) Available fromhttp//www.symantec.com/connect/articles/common-security-vulnerabilities-e-commerce-systems***END OF REPORT***

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.