Information Security Awareness Training – E-Commerce And Security
More and more peoples in there daily life use computer to make things that previously they do without computer, for example, buy and sell! Of course, its takes less time and can be done from home, but not so offten peoples thinking about: how safe it is! And from other side seller invent, that he want to start e-commerce, but he not sure what it is and how its works!
This article is for both side…For understanding, how e-commerce mechanism works and how do this cooperation safer!
What is E-commerce?
Electronic commerce or ecommerce is a term for any type of business, or commercial transaction, that involves the transfer of information across the Internet or other network.(monstercommerce.com)
Different types of E-commerce.
*B2B (Business-to-Business) is a from of electronic commerce in which companies doing business with each other such as manufacturers selling to distributors and wholesalers selling to retailers. Pricing is based on quantity of order and is often negotiable.
*B2C (Business-to-Consumer) is a form of electronic commerce in which products or services are sold from a firm or company to a consumer. This selling usually happened through catalogs, e-shops!
*B2E (Business to Employee) is a form of electronic commerce which is more commonly known as an “Intranet”. A basic focus of business is the employee, rather than the consumer! Usually it is some kind of portal for everyone within an organization. This portal is designed to include not only everything that an employee might hope to find on an intranet, but also any personal information and links that the employee might want.
*C2C (Consumer-to-Consumer) is a form of electronic commerce in which involves the electronically-facilitated transactions between consumers through some third party. A common example is the online auctio, in which a consumer posts an item for sale and other consumers bid to purchase it; the third party generally charges a flat fee or commission.
There are also other types of E-commerce, for example, G2G (Goverment-to-Goverment), G2B (Goverment-to-Bussines) and other which are connected to government, but these four are the main.
E-commerce and security
How we already know that to make e-commerce we need computer and of course – systems. Any system which provide any type of e-commerce need to answer four requirements:
*privacy: information must be kept from unauthorized parties.
*integrity: message must not be altered or tampered with.
*authentication: sender and recipient must prove their identities to each other.
*non-repudiation: proof is needed that the message was indeed received.
These requirements is needed to make safe cooperation between service provider and customer, and, of course, prevent third side interference!
How execute these requirements?
To execute these requirements you can choose one or some of the different suggestions:
*PKI – Public Key Infrastructure – to provide privacy and authentication.
*Digital Signature – to provide authentication and integrity.
*SSL – Secure Socket Layer – to provide privacy and authentication.
*Time Stamp and others.
For now, most popular solution in e-commerce security is Secure Socket Layer or SSL. It is so because its merge the best attributes from PKI. SSL uses PKI and Digital Certificates to ensure privacy and authentication.
The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates. (ecommerce-digest.com)
To known that this page is secure with SSL, you need just look to the address bar: if the address begins with “https” and there is padlock icon at the bottom of the page, than you can be sure that this page is safer than other! Why safer,but not totally safe? Because totally safe web pages didn’t exist!
Most of e-commerce provider leave the mechanics of security to hosting company or IT staff, but for each who want to start e-commerce, is important known how it works and whats responsibilities are asked from this side!
To find out more information about e-commerce and security the best way is make special information security awareness training information security awareness trainingfor e-commerce providers and users!