Minimize the Risks of E-Commerce
With your Internet identity established and your site built, it’s time to turn your online storefront into a thriving e-commerce business. To do that, you must win your customers’ trust. Eighty-five percent of Web users surveyed reported that a lack of security made them uncomfortable sending credit card numbers over the Internet. Merchants who can prove the security of their Web site and win the confidence of these customers will gain their business and loyalty-and an enormous opportunity for grabbing market share and expanding sales.
The Risks of E-Commerce
In traditional retail business, consumers accept the risks of using credit cards in “brick and mortar” stores because they can see and touch the merchandise and make judgments about the store. On the Internet, without those physical cues, it is more difficult for customers to assess the safety of your business. Also, serious security threats have emerged:
Spoofing-The low cost of Web site creation and the ease of copying existing pages makes it all too easy to create illegitimate sites that appear to be operated by established organizations. In fact, con artists have illegally obtained credit card numbers by setting up professional-looking Web sites that mimic legitimate businesses.
Unauthorized disclosure-When transaction information is transmitted “in the clear,” without proper security and encryption, hackers can intercept the transmissions to obtain customers’ sensitive information-like personal information and/or credit card numbers.
Unauthorized action-A competitor or disgruntled customer can alter a Web site so that it malfunctions or refuses service to potential clients.
Data alteration-The content of a transaction can be not only intercepted, but also altered en route, either maliciously or accidentally. User names, credit card numbers, and dollar amounts sent without proper security and encryption are all vulnerable to such alteration. The Trust Solution: Authenticated SSL Certificates
In the age of e-business, authenticated Secure Sockets Layer (SSL) digital certificates provide crucial online identity and security to help establish trust between parties involved in online transactions over digital networks. Customers must be assured that the Web site they are communicating with is genuine and that the information they send via Web browsers stays private and confidential.
There are three key elements to inspiring the confidence of your customers and ensuring a truly secure online transaction:
Encryption – businesses that are serious about e-commerce must implement a complete e-commerce trust infrastructure based on encryption technology. Encryption, the process of transforming information to make it unintelligible to all but the intended recipient, forms the basis of data integrity and privacy necessary for e-commerce.
Authentication – although some Certificate Authorities (CAs, or the “signers” of digital certificates), believe that encryption is enough, it is imperative that your Web site is also authenticated. This will improve your visitor’s trust in you and your site. Authentication means that a trusted authority can prove that you are who you say you are. To prove that your business is authentic, your Web site needs to be secured by the best-of-breed encryption technology and authentication practices.
Digital Certificates – a digital certificate is an electronic file the uniquely identifies individuals and Web sites on the Internet and enables secure, confidential communications. They serve as sort of a digital passport or credential. The practice of providing unauthenticated SSL certificates exposes online users to the risks of false online storefronts operating on the Internet.
Fully authenticated SSL certificates enable a visitor to your Web site to:
- Securely communicate with you such that information they provide cannot be intercepted in transit (confidentiality) or altered without detection (integrity)
- Verify that they are actually doing business with you and not an imposter’s site (authentication)
How Authenticated SSL Certificates Work
An authenticated SSL certificate allows the receiver of a digital message to be confident of both the identity of the sender and the integrity of the message. Fundamental to the process of issuing high-assurance SSL certificates to an organization for use on its Web site are three basic, and very important, authentication and verification steps:
- Confirmation that the organization named in the certificate has the right to use the domain name included in the certificate
- Confirmation that the organization named in the certificate is a legal entity
- Confirmation that the individual who requested the SSL certificate on behalf of the organization was authorized to do so
When Web visitors connect to Web sites, they reach one of two kinds of servers. If they reach servers that are secure, they will get messages indicating that fact (a closed padlock icon and “https” in the URL). Similarly, if they reach servers that are not secure, there will be warnings to that effect. A truly secure Web server is one that has an authenticated SSL certificate. The authenticated certificate tells users that an independent, trustworthy third party has verified that the server belongs to the company it claims to belong to. A valid authenticated certificate means that users can have confidence that they are sending confidential information to the place to which they think they are sending it.
A Webmaster generates a certificate request, which in turn creates two encrypted keys: one private, one public. The Webmaster sends the public one off to a Certificate Authority (CA), such as VeriSign. CAs should then make certain that they are issuing certificates to the “correct” company. CAs must ensure:
- That the company they are certifying is the registrant of the Internet domain name they have certified
- That it is registered as a company in one or more countries
- That its registered name is the same as that on the certificate the CA is signing
- That the person requesting the certificate is an employee of that company
Once the verification and background check has been done, the CA signs off on the public key. The public key comes back to the Webmaster, who loads it into the server. As soon as both the private and public keys, a matching pair, align perfectly, the SSL will start functioning. SSL ensures that the information sent by a server is identical to the information received by a Web visitor and that no modifications have taken place.