Increase Sales with Secure E-Commerce Payment Solutions
Feb 3, 2008

An Internet merchant account for ecommerce can help retailers, that advertise online, give their customers the convenience of paying for products immediately. Accepting debit or credit payments through a website can help increase and maintain sales levels, tapping into the marketing ideas that consumers make decisions about purchases, usually, within seconds.

Accepting credit cards is the most well known way to accept payment on the Internet. Almost everyone has a credit card and by accepting his or hers, it makes customers' ordering process much more convenient and time saving, not to mention it encourages them to purchase from you. Accepting credit cards has become a necessity to the survival of e-businesses.

An Internet merchant account for ecommerce can handle all of the financial transactions for the company's website and deposit the money paid online directly into the website owner's checking or banking accounts. In order to accept credit cards, you're going to need a merchant account. Merchant services contract with several merchant-processing banks that will actually accept and process your business transactions.

There are three ways to perform transactions: 1. Terminals/Hardware2. Point of Sale Software3. Real-Time (Automatic Online Transactions)

There are different methods that can be utilized when accepting credit card payments online. Some of the agencies providing these services will have software that actually integrates with accounting programs. The technology that is being developed for online stores and real time processing is amazing. Gateways, or virtual terminals, are utilized to securely transmit a customer's credit card information from the website to the merchant's financial business accounts. These systems are generally encrypted with a secure channel, keeping a customer's private information safe during the entire process, which is a very important feature to predetermine.

A software program that accepts online payments will need to be big enough to grow with their customers. The most affordable programs are offered to those with valid businesses and proven ethical business histories. Before a company can secure e-commerce payment solution, it may be a good idea to conduct a price-comparison campaign. Speak with several different agencies, finding more about the programs that are offered and the various costs involved. Beware of agencies that charge large set up fees and have expensive monthly charges. Also, paying an Internet merchant account for ecommerce interest on sales figures could be costly. The most reputable online credit card acceptance programs will charge a reasonable monthly fee and offer excellent customer service.

Posted bySite Admin at 7:29 AM 0 comments  

Google Analytics Secure Tracking Code

Let me guess, you are all excited to use your new Google Analytics code on your ProStores store. You take the code they gave you and now you have security warnings during checkout?! What gives? Here is the deal…

When you sign up with this service, you can request tracking code that generates all the reports. By default, Google gives you the standard (non-secure) version of the script. Then when your shoppers go to checkout, ProStores secures the browser (as it should) and now there are insecure items on your page - you guessed it, the analytics code is the problem. No worries, the fix is simple. Somewhere buried deep in the knowledge base over at Google, they show you the secure version changes - to save you the trouble, here are some samples.

Standard code:

Secure code:

Posted bySite Admin at 7:28 AM 0 comments  

Customer Security: Basic Principles

Most ecommerce merchants leave the mechanics to their hosting company or IT staff, but it helps to understand the basic principles. Any system has to meet four requirements:

  • privacy: information must be kept from unauthorized parties.

  • integrity: message must not be altered or tampered with.

  • authentication: sender and recipient must prove their identities to each other.

  • non-repudiation: proof is needed that the message was indeed received.


Privacy is handled by encryption. In PKI (public key infrastructure) a message is encrypted by a public key, and decrypted by a private key. The public key is widely distributed, but only the recipient has the private key. For authentication (proving the identity of the sender, since only the sender has the particular key) the encrypted message is encrypted again, but this time with a private key. Such procedures form the basis of RSA (used by banks and governments) and PGP (Pretty Good Privacy, used to encrypt emails).

Unfortunately, PKI is not an efficient way of sending large amounts of information, and is often used only as a first step — to allow two parties to agree upon a key for symmetric secret key encryption. Here sender and recipient use keys that are generated for the particular message by a third body: a key distribution center. The keys are not identical, but each is shared with the key distribution center, which allows the message to be read. Then the symmetric keys are encrypted in the RSA manner, and rules set under various protocols. Naturally, the private keys have to be kept secret, and most security lapses indeed arise here.

:Digital Signatures and Certificates

Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as throughout this page), a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also timestamped by a third party agency, which provides non-repudiation.

What about authentication? How does a customer know that the website receiving sensitive information is not set up by some other party posing as the e-merchant? They check the digital certificate. This is a digital document issued by the CA (certification authority: Verisign, Thawte, etc.) that uniquely identifies the merchant. Digital certificates are sold for emails, e-merchants and web-servers.

:Secure Socket Layers

Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. Individual packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.

:PCI, SET, Firewalls and Kerberos

Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted: SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server.

Firewalls (software or hardware) protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees.

Transactions

Sensitive information has to be protected through at least three transactions:

  • credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates.

  • credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway.

  • order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes).

Posted bySite Admin at 7:19 AM 0 comments  

$1.54 bln will be spent on e-commerce platforms in 2008
Feb 1, 2008

Forrester is predicting modest but significant growth in the e-commerce platform market, from the $1.3 bln spent globally in 2003 to around $1.54 bln in 2008.

Posted bySite Admin at 4:52 PM 0 comments  

E-Commerce to reach $100 bln in India

E-commerce transactions, which are currently growing at the rate of 30% to 40% in India, are expected to reach $100 bln in 2007, according to Tradeindia. Revenue from the domestic IT and outsourcing market will reach $27.9 bln in 2008, partially offsetting a slowdown in IT spending worldwide, particularly in the US.

Posted bySite Admin at 4:51 PM 0 comments  

Subscribe to: Posts (Atom)