About i-CS           
Planning             
Production          
Promotion           
e-Commerce       
Services              
Site Menu

i-Commerce Solutions

home page contact information send us e-mail. copyright information

Security

This is all about keeping credit card information away from prying eyes. This is no longer a must do from a customer point if view, but is now required by VISA and other providers. Encryption is the process which provides this security by changing credit card information into a meaningless jumble until it is converted back to usable information once the data is moved to a secure location. There are two techniques that are currently in wide use to provide this security.

SSL
...requires an electronic certificate from a third party who can prove that your customer is dealing with the firm they think they are. The most well known provider of certificates is Verisign, which purchased Thawte, a relative newcomer in February of 2000. Verisign certificates start at $349. Thawte's certificates start at $125 per year. There are significant differences in service.

These certificates provide proof of identity that cannot be forged, assuring users that your site is protecting valuable data from prying eyes. They also enable the encryption of all communication between you and your customers using the Secure Sockets Layer (SSL) protocol, which enables all major browsers to initiate a secure session with your site.

The main drawback to this server based method is that it is symmetric i.e. the means to decrypt is also present at the site, as all encrypted data must be decrypted before being sent to the vendor. This means that if the Web site is compromised either externally or by ISP/Web server staff, all credit cards will be freely available to the hacker. This represents a fundamentally higher risk for the provider of the e-commerce service than, say Actinic Catalog, which uses end-to-end asymmetric encryption, explained in the next paragraph.

128-bit Encryption key
… is more sophisticated and difficult to break than SSL. SSL offers only a 40-bit key in non-US implementations (although 56-bit key implementations are now becoming available). To put things in context, each additional bit of key space takes twice as long to break. So a 41-bit key is twice as strong as a 40-bit key. The 128-bit key is 4,722,366,482,869,645,213,696 times as strong as the SSL 56-bit key. Encryption occurs on the buyer's PC and decryption only occurs on the vendor's PC. At no stage is the transaction decrypted while it travels over the Internet, or while it is stored on a Web site. This is the method that is built into our e-commerce solutions. Here, access to the server gives no benefit to the hacker in decrypting credit card information.

 

About i-CS    Planning    Production    Promotion    e-Commerce       Services    Contact Us    Site Map       
 Call 1-802-659-0144 for more information and pricing for your project.

Free Merchant
Account Setup - Accept Credit Cards Online