E-Commerce - Security Systems
Security is an essential part of any transaction that takes place over the internet. Customer will loose his/her faith in e-business if its security is compromised. Following are the essential requirments for safe e-payments/transactions −
Confidential − Information should not be accessible to unauthorized person. It should not be intercepted during transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever requirement within time limit specified.
Authenticity − There should be a mechanism to authenticate user before giving him/her access to required information.
Non-Repudiabiity − It is protection against denial of order or denial of payment. Once a sender sends a message, the sender should not able to deny sending the message. Similary the receipient of message should not be able to deny receipt.
Encryption − Information should be encrypted and decrypted only by authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
Measures to ensure Security
Major security measures are following −
Encryption − It is a very effective and practical way to safeguard the data being transmitted over the network. Sender of the information encrypt the data using a secret code and specified receiver only can decrypt the data using the same or different secret code.
Digital Signature − Digital signature ensures the authenticity of the information. A digital signature is a e-signature authentic authenticated through encryption and password.
Security Certificates − Security certificate is unique digital id used to verify identity of an individual website or user.
Security Protocols in Internet
Following are the popular protocols used over the internet which ensures security of transactions made over the internet.
Secure Socket Layer (SSL)
It is the most commonly used protocol and is widely used across the industry. It meets following security requirements −
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP urls without SSL.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication and digital signature over the internet. Secure HTTP supports multiple security mechanism providing security to end users. SHTTP works by negotiating encryption scheme types used between client and server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration. Thereoritically, it is the best security protocol. It has following components −
Card Holder's Digital Wallet Software − Digital Wallet allows card holder to make secure purchases online via point and click interface.
Merchant Software − This software helps merchants to communicate with potential customers and financial institutions in secure manner.
Payment Gateway Server Software − Payment gateway provides automatic and standard payment process. It supports the process for merchant's certificate request.
Certificate Authority Software − This software is used by financial institutions to issue digital certificates to card holders and merchants and to enable them to register their account agreements for secure electronic commerce.