Skip to content

Securing Internet Transactions

internet securityInternet security is critical to conducting on-line business transactions, nationally and globally. Just as we have laws governing right and wrong, moral and ethical we should also have minimal requirements for secure web transactions.

At a minimum, all websites that permit monetary exchange should employ 128-bit encryption with a valid SSL certificate (The March Group, 3 May) and user data should be collected to a separate server behind the company or ISP’s firewall. Organizations collecting data should be required to protect personal data, store, and dispose of it in a timely and efficient manner. These requirements would be mandatory for low cash value, every day transactions. Compliant websites would be identified by certificate and listed on a register.

Large value transactions, say over $2500 (USD) would require two-way authentication though a VPN client (Virtual Private Network) or IVE (Instant Virtual Network) with an RSA token. This method requires a PIN and variable code authentication to sync with a Db on the server. VerifySmart (VerifySmart, 14 September) provides a two-part authentication using a PIN and a mobile device such as a phone or PDA to verify the account owner is aware of and approves of each transaction. Hard as it may be, inconvenient as it may appear – these steps are necessary to secure transactions over the Internet. According to TowerGroup, Research Director, George Tubin (Stopping Man, 19 February) the best approach remains to be multi-layered security with two-form authentication.

Although the VerifySmart credit and debit card solution is approved in 29 countries, (VerifySmart, 14 September) the process appears that it would be cumbersome for on-line transactions. The notion of on-line business with developing nations is still a long way off and will remain a “Buyer Beware” scenario for quite some time. In the meantime, companies like Pay Pal, eCash, and Western Union may see great opportunities in processing transactions for international customers.

Stopping Man-in-the-Browser — Entrust, TowerGroup Explore Critical Threats, Solutions :Man-in-the-browser the malware of choice for today’s online criminals. (19 February). PR Newswire. Retrieved May 17, 2010, from ABI/INFORM Dateline. (Document ID: 1966185841).
The March Group Scam Prevention Program Cautions Business Owners to Preserve Client Relations with Secure Online Transactions. (3 May). Business Wire. Retrieved May 17, 2010, from ABI/INFORM Dateline. (Document ID: 2024112641).
VerifySmart(TM) Corp. Enhanced Credit Debit Card Security Solution Provides Next Generation, Near Real-Time Identity Fraud Protection Far Superior to Chip PIN. (14 September). PR Newswire. Retrieved May 17, 2010, from ABI/INFORM Dateline. (Document ID: 1858668281).

Posted in Security.

Tagged with , , , , .