Continued from page 1
Securing Information Using SSL
At core of any e-commerce operation is financial transaction between Web site and consumer. One of most common methods for accepting payment from your customers is accepting submission of credit card information online. But by accepting your customers’ credit card information through your Web site, you are also accepting responsibility for security of that information.
The standard protocol for securing communications on Web is Secure Sockets Layer (SSL). Developed by Netscape Communications Corporation, SSL security protocol provides data encryption, server authentication, message integrity and client authentication for TCP/IP connections, allowing client/server applications to communicate in a way that prevents eavesdropping, tampering or message forgery.
SSL is built into all major web-browsing software, so simply installing a digital certificate on server side of communication will turn on browser’s SSL capabilities. The protocol is available in both 40-bit and 128-bit strengths, referring to length of “session key” generated by each encrypted transaction.
In order to establish an SSL session with a customer’s browser, your server has to be able to generate a public key and a private key and have them authenticated by a certificate authority, such as VeriSign (www.VeriSign.com), Thawte (www.Thawte.com), Tucows (www.Tucows.com) or InstantSSL (www.InstantSSL.com). Your Web host may include an arrangement with one if these authorities, or may allow you to use its certificate.
Once your customer is willing and able to give you his or her credit card information, you still have to make arrangements to be able to process transaction and receive your payment. Obviously, credit card processing is a complicated process, and a number of organizations can be involved, from both your bank and user’s bank to a credit card processing company and credit card communications network.
Your involvement in processing operation will vary according to how much of responsibility you want to outsource. It can be as simple as employing a “buy button” solution hosted by a third party provider, where all you have to do is include a piece of HTML code on your site and processing company will send you a check. But keep in mind that more responsibility you take on yourself, smaller percentage of your profits you'll have to hand over to service providers.
In a more hands-on solution, many of storefront-building software solutions include tools and ongoing support services to handle payment processing functions. Your Web host may have already set up this sort of pre-arranged processing option. For storefronts not equipped to provide payment processing, there are service providers, such as IBill (www.IBill.com) or CCBill (www.CCBill.com), designed to do just that. These providers charge a scaling service that can reach as high as 15 percent, for their services. And these charges can be avoided by setting up your own merchant account.
If you decide to handle most of processing yourself, saving many of fees associated with outsourced payment processing, you’ll have to enable your Web server and applications to send and receive information from credit card network. In order to do this, you’ll have to obtain your own merchant ID and terminal ID, numbers that will identify you and source of your transactions. These IDs can be obtained from a merchant bank by applying for a merchant account enabled to receive payments by credit card. The merchant bank will have relationships with acquiring banks that can handle both credit card processing and Internet payments. Once merchant bank supplies you with merchant and terminal IDs, you’ll use these numbers to configure your payment software or provide them to your outsourced processor.
There are plenty of responsibilities beyond security involved in running an e-commerce Web site, not including managing supply chain relationships and inventory and, of course, fulfilling your customers’ orders. But, when dealing with sensitive data involved in processing customers’ credit card information, there can be no question that earning trust of your customers through a comprehensive and responsible approach to security should be a primary concern.
Please refer following web sites for useful resources related to web site hosting:
Paras Shah Chief Technology Officer VIP PowerNet, Inc. Phone: (713)787-6501 Email: email@example.com http://www.vipwh.com