Security Methods for E-commerce
In 1990. WWW was established to share distributed information amongst individuals. The main technology of Web consists of URLs, HTML and HTTP. URL is a method to identify the location of the information available on the Internet. HTML is the language with which information on the Internet is represented, whereas HTTP is the language used for communication between Web servers and Web browsers.
Security is the most important part of E-commerce application for an organization because many Internet users access E-commerce applications. Therefore, an organization should be concerned about the security of its confidential information while conducting its business through E-commerce Developers of an E-commerce application always try to build such an application in a cost-effective manner. There are methods, such as digital signatures and encryption, which can be used to secure the important information in an E-commerce application.
Secure Transport Protocols
Secure Hyper Text Transfer Protocol (S-HTTP) and SSL are two secure transport protocols that are required for exchanging information between the buyer and the J merchant on the Internet in a secure and safe way. Both S-HTTP as well as SSL protocols are .responsible for transferring data between a browner and a server in an encrypted form. So, when you submit your credit card number through their WWW form, it travels to the server in an encrypted format.
Secure Hyper Text Transfer Protocol:
S-HTTP is a secure extension of HTTP that is developed by the CommerceNet consortium. It is a protocol, which is used for sending information on the Internet by ensuring confidentiality, authenticity and integrity of the information. S-HTTP is executed at the application layer and provides services such as firewalls and validation of electronic signatures. S-HTTP maintains end-to-end secure transactions encompassing cryptographic enhancements that is used for the transfer of data at an application layer. It also includes the public-key cryptography from the RSA data security cipher to support shared secret password and Kerberos-based security systems. S-HTTP allows the Internet users to access the merchant's Website and provides the user's credit card number to their Web browsers. When S-HTTP encrypts the user's card number, the encrypted files are sent to the merchant. After decrypting the files, SHTTP transmits the file to the user's browser to confirm the digital signatures.
Secure Socket Layers:
The protocol, SSL is used to provide privacy and confirmation with the help of SSL and electronic certificates, which are also known as digital certificates. In this procedure, a client, that is generally an on-line user, sends a request to the server and the server then acknowledges to the client by sending a digital certificate. Both the server and the client should agree on the symmetric keys before starting the actual transmission. These symmetric keys are used to encrypt the message that follows between the communicating parties. Therefore, the information related with the credit card can be sent to the server safely with the help of SSL. However, a separate card known as Peripheral Component Interconnect(PCI) can also be used with SSL to provide security in electronic transactions. This card uses PKI and digital certificates for the privacy and authentication purposes. The authentication can be related with the parties involved in the electronic transaction who can either be a merchant, a customer or a bank. The different types of information that need to be protected while performing electro tic transactions are as follows:
• The credit card details presented by the cardholder to the merchant.
• The credit card details passed to the bank for processing.
• The details of the order and the customer details supplied to the merchant either directly or from the payment gateway credit card processing company.
Secure Transactions:
S-HTTP and SSL protocols provide secure transactions by transferring money from one location to another location in a secure and safe way. Netscape Communications Corporation and Microsoft Corporation have promoted three methods of payment protocols and installed them in WWW browsers and servers.
These three methods are as follows:
• MasterCard and Netscape have supported Secure Electronic Payment Protocol (SEPP) which is one of the methods for securing transactions. ANSI is a fast-tracking SEPP as a standard for the industry.
• Secure Transaction Technology (STT) is a secure payment protocol developed by Visa International and Microsoft. It uses cryptography in order to secure confidential transfer of information, payment information integrity and authenticate both the cardholders and the merchants.
• SET is a special protocol, which is used to handle the various electronic transactions. It provides more efficient security technologies, which reduce the chances of information loss. It also uses the encryptography technique to make the application more secure.
Secure Electronic Payment protocol:
SEPP is an open, vendor-neutral, license free specification that secures on-line transactions. It provides a standard for presenting credit card transactions on the Internet. Some of the companies that have developed SEPP are IBM, Netscape, CyberCash and MasterCard. SEPP helps in fulfilling some of the business requirements, which are stated as follows:
• It enables confidentially of payment information.
• It ensures integrity of all the payment data that is transmitted.
• It provides the authentication that the card holder is the legitimated owner of the card account.
• It provides the authentication that the merchant can receive MasterCard branded card payments along with an acquiring member financial institution.
You May Also Like
