e-Security Provisions


Buying something online? You are stress free, you don not care about something that can risk your money or your secret info to be accessed by others, Yes we all don't care about these things while shopping online because many of the safeguards present today.
Today, let us discuss about these security privileges.




According to a 1999 survey by Ernst & Young, consumers who are online but who do not shop online because of the two main reasons, usually they are



  • frightened to share their credit card info, and
  • the need to see the goods in person before buying them.

Thus, there is a role of Information security in increasing the growth of e-commerce - procedures and policies that help to protect credit/debit card data should help alleviate one of the primary concerns that keeps some consumers from purchasing online.


To protect the consumers as well as business right and to ensure safe e-commerce, there are certain security provisions for e-commerce. Let us discuss what these provisions are.


Most e-Commerce merchants leave the mechanics to their hosting company or IT staff, but it helps understand the basic principles. Any system has to meet four requirements :



  • Privacy info must be kept from unauthorized parties.
  • integrity messages must not be altered or tampered with.
  • authentication sender and recipient must prove their identities to each other.
  • non-repudiation proof is needed that the messages was indeed received.


To meet the requirements of e-commerce security, following technologies are used. 


Encryption, Digital Signatures and Certificates



Privacy is handled by encryption. Encryption is the conversion of data into form, called Cipher text (plain text encoded into non readable form) that could not be easily understood by unauthorized people.


Digital Signatures meet the the need for authentication and integrity. A Digital Signature is a digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. How does a customer know that the website receiving sensitive info is not set up by someone posing as the e-merchant? they check the digital certificate. 

This is a digital document issued by the CA (Certifying Authority : Verisign, Thawte, etc.) that uniquely identifies the merchant. Digital 
Certificates are sold for emails, e-merchants and web-servers.
Very often, the message is also time-stamped by a third party agency, which provides non-repudiation.


Secure Socket Layers 



SSL (Secure Socket Layer) is the standard security technology for establishing an encrypted link between a web server and a browser remain private and integral. SSL is an industry standard and is issued by millions of websites in the protection of their online transaction with their customers.



PCI, SET, Firewalls and Kerberos

Credit card details can be safely sent with SSL, but some stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (Peripheral Component Interconnect) a hardware card is often added for protection, therefore, or another approach altogether is adopted.


SET (Secure Electronic Transaction)

Developed by Visa and MasterCard, SET uses encryption for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive info is not seen by the merchant, and is not kept on the merchant's server. 


Firewalls

Firewalls (software or hardware) protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses form of cryptography to restrict access to authorized employees.