Autos
Autos Articles
 
Health
Health Home
Medical Products
Medical Claim
Health Articles
Panel Hospital / Clinic Locator
Hospital Events
BMI Calculator
Specified Illness Definition
Glossary of Terms
Useful Links
 
Living
Living Home
Living Articles
KAA Merchant Locator
KAA Highlights
You are here: Skip Navigation LinksHome > Lifestyle > Living > Living Articles > e-Commerce Security
E-COMMERCE SECURITY
Print Print   Email to Friend Email to Friend



 
As we already know, companies that implement e-Commerce face various security issues. These problems have to be addressed in order to protect consumers' personal information (protect their privacy), the company's sensitive information and minimize risks.
"Encryption is the process of encoding information into unintelligible codes"


Encryption
To protect the privacy of customer information and to ensure the security of credit card payments, different kinds of encryption programs are used. Encryption is the process of encoding information into unintelligible codes that only the person (or computer) with the key can decode it. Think of the key as a password. A simple example of an encryption is where each letter of the message is substituted by the letter that is second from it. So "A" becomes "C" and "B" becomes "D". Only by having a key that understands this secret code can the receiver decrypt the message. Anyone else who sees the message will only see nonsense.
 
In most cases, public key cryptosystem is used to guarantee the authenticity (know who created the document and ensure that it has not been altered since creation) of a set of data sent the same way a written signature verifies a printed document. Public key cryptosystem is a way of encrypting and decrypting data that relies on two keys: a public key that is available for everyone and a private key that is known only by its holder. For example, Dan is an online merchant and Jay is his customer. When a transaction is made, Jay's credit card number and other personal information need to be transferred electronically from her to Dan for payment. Therefore, Dan creates a public key and sends it to Jay. Jay places the information needed in the email and encrypts it using this public key. When Dan receives this email, he decrypts the message using his own private key. He then can get the information and fulfill the order.
 
In this case, it does not matter even if someone gets Dan's public key because this key can only encrypt a message and has no value in decrypting it. And the private key, which is known only to Dan, does not have to be transmitted. Consequently, this ensures privacy, integrity, and authentication of the data sent by Jay. In reality, when you are in a secured site, the padlock at the bottom right corner of the window shows you that encryption is used.
 
Digital Signature
Digital Signature is used to guarantee the authenticity (know who created the document and know that it has not been altered since creation) of electronic documents (email, text file etc). Suppose Dan wants to send Jay a contract and Jay needs a digital certificate to verify Dan's authenticity. Hence, Dan uses a hash algorithm to produce a "fingerprint" for the document and encrypts the produced hash value together with the document using his private key. This is sent to Jay and is known as Dan's digital signature. The hash algorithm is basically a program to summarize the original contents of the document into a summary of digits using a formula. For example, the original value of the document is 500 read by the hashing algorithm. By using a formula of multiplying this original value by 200, the hash value produced would be 100,000. When Jay receives this document, she decrypts the document using Dan's public key and uses the same hash algorithm to check the hash value. If the two hash values match, then Jay not only knows that the document sent is authentic, be she also knows that Dan's signature is real. Conducting electronic transactions using digital signatures are more secured than using paper signatures as they cannot be forged.
 
Digital Certificates
As for digital certificates, they serve as validation that a company is who they claim to be and not an imposter. These certificates contain information such as the company's name, email, country and their public key. They are issued by the Certificate Authority (CA), which is a trusted third party that issues, archives and revokes digital certificates. In other words, a digital certificate is an electronic equivalent of a business license or passport. To view a company's digital certificate when transmitting your personal information through its website, all you have to do is click on the small padlock at the bottom right hand corner of the window.
 
SSL (Secure Sockets Layer)
SSL uses public key encryption and digital certificates to set up a secured connection between a web server (server) and the user's web browser (client) and verify that the parties are who they say they are. A special session key is used to encrypt the data being transmitted. This session key is discarded after each individual transaction.
 
The above basic security measures introduced are used to ensure the smooth operations of electronic transactions and to increase the consumers' confidence and readiness in e-Commerce. Of course, there are many more rules and security standards set both by the government and organizations to eliminate the danger of fraud, eavesdropping etc. It is hoped that by reading this article, you would understand more about e-Commerce and therefore utilize it for more daily convenience.


Print Print   Email to Friend Email to Friend