- Security is an essential part of E-commerce development.
- The need for security is immense because businesses and consumers need to be able to trust one another. Businesses need to know that products and services will be paid for, and customers need to know that merchandise will be delivered. Therefore, Site owners need to maintain the confidence of their customers and partners that transactions will be handled securely and that confidential data will not be accidentally made available.
The Risks
Unauthorized access: Someone accesses or misuses a computer system to intercept transmissions and steal sensitive information.
Data alteration: The content of an e-commerce transaction, such as user names, credit card numbers, and dollar amounts is altered.
Monitoring: A hacker eavesdrops on confidential information.
Spoofing: A virtual vandal creates a fake site masquerading as yours to steal data from unsuspecting customers or just disrupt your business.
Service denial: An attacker shuts down your site or denies access to visitors.
Repudiation: A party to an online purchase denies that the transaction occurred or was authorized.
- These dangers pose the threat of fraud, service
- disruption, lost sales, theft of confidential information, and most damaging of all, loss of your customers' trust. However, there are many reliable security technologies that help reduce these risks:
Digital certificates are a kind of online passport issued by a trusted third party, a certificate authority, who verifies the identity of the certificate's holder.
SSL (Secure Sockets Layer) provides sound privacy protection by encrypting the channel between the consumer and the merchant. To find out if your transaction is secured by SSL, check for the unbroken key or closed lock symbol in the frame of your browser window. Or check the merchant's URL -- it should change from "http" to "https" when processing secure transactions.
SET (Secure Electronic Transaction) uses digital certificates issued by financial institutions to verify that a consumer has a valid Visa card account and that the merchant is a valid Visa merchant.
Encryption is a way of altering or scrambling data so that only those who know how to unscramble it can use it. The basic concept of encryption is that it makes your messages secret
Firewall, is a protection device to shield vulnerable areas from some form of danger. It is a system, i.e. a router, a personal computer, a host, or a collection of hosts, set up specifically to shield a site from protocols. A firewall system is usually located at a higher-level gateway, such as a site's connection to the Internet, however firewalls can be located at lower-level gateways to provide protection for some smaller collection of hosts
- A firewall system offers the following specific advantages:
- concentration of security, all modified software and logging is located on the firewall system as opposed to being distributed on many hosts.
- protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation. information hiding, in which a firewall can hide names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts.
- application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol. extended logging, in which a firewall can concentrate extended logging of network traffic on one system.
Conditions for a secure transaction over the Net:
1) It is inaccessible to anyone but sender and receiver (privacy),
2) It has not been changed during transmission (integrity),
3) The receiver can be sure it came from the sender (authenticity),
4) The sender can be sure the receiver is genuine (non-fabrication),
5) The sender cannot deny he or she sent it (non-repudiation).
|
[ Methods of Advertising ] [ Security ] [ Reviews of Website designs ] [ Effective Website Design ] [ Main Page ] [ Quiz ] [ View Guestbook ] [ Feedback ] [ Contact Us ] [ Sources ] |