Securing E-commerce Transactions
The term E-commerce or electronic commerce earlier was confined to just shopping on the internet but has acquired a new realm today with people now accessing web for business purposes. Banks since long time have been making use of the web by performing transactions in the form of EFTS (Electronic Fund Tranfers).
Businesses are being conducted in the form of EDI (Electronic Data Interchange) and are taking place in open form lacking security measures. Whereas an E-commerce is an application which necessitates high security in order to protect the businesses occurring in any enterprise.
It is time now that organizations should take up the security issues seriously in order to protect their business applications and networks.
There have been various security approaches to protect the E-commerce activities lately which has provided a new lease of life to the complete information technology world. While businesses have been threatened with the expansion of both intranet and extranet, integrated approaches using a combination of encryption, authentication, firewalls, intrusion etc.   Â
 Encryption: When a user logs into his account, he sends out useful information apart from reading or surfing. When entering into a social community or for example, buying some stuff on the net from an online auction site, he has to reveal certain essential personal information. In doing so, password and even the bank account number is not hidden. In such a case, an user’s identification is prone to hacker’s attack.
It is here that encryption proves to be useful by sending out information securely. The information which when is decoded so that no person other than the user can decode it, is called as “Encryption”.Â
Authentication: The information here when comes from a trusted source is called as “authentication”. Either a person is authenticated or the information on a system is authenticated  There are several ways to authenticate a person or information on a computer by protecting the password.
The password and the email should match for this process. Another way of authenticating is by ensuring the digital signature. This signature makes sure that electronic documents like email, spreadsheet etc. is authentic. The Digital Signature Standard uses the Digital Signature Algorithm which is a public-key encryption method. This algorithm has a private key which is known only to the original signer and the  public key. If any information contained in the document is changed, the signature becomes invalid by the change in value.
The latest in authentication has been biometric system which utilizes biological information to verify the identity such as facial scan, retina scan, voice identification, fingerprint scan.
Firewall: Based upon a set of rules, a firewall which is a software, regulates some flow of traffic between computer networks of different security domains. It inspects the traffic by encrypting, decrypting and hence permits or denies the passage of network traffic.
Intrusion Detection System is a software or a hardware designed to detect the endeavor to access or operate by way of the disabling the computer system. The attacks such as unauthorized logins, malware etc. can be detected by the use of sensors, consoles, engine etc. Â
Apart from having these security approaches, other steps should be taken to protect an enterprise. The whole staff must be given proper training to ensure security in their systems. It must be remembered that security should be an essential element of every IT organization.
uk paid surveys
November 10 2009 11:07 am | Other
