Securing Information Using SSL

At core of any e-commerce operation is financial transaction between Web site and consumer. One of most common methods for accepting payment from your customers is accepting submission of credit card information online. But by accepting your customers’ credit card information through your Web site, you are also accepting responsibility for security of that information.

The standard protocol for securing communications on Web is Secure Sockets Layer (SSL). Developed by Netscape Communications Corporation, SSL security protocol provides data encryption, server authentication, message integrity and client authentication for TCP/IP connections, allowing client/server applications to communicate in a way that prevents eavesdropping, tampering or message forgery.

SSL is built into all major web-browsing software, so simply installing a digital certificate on server side of communication will turn on browser’s SSL capabilities. The protocol is available in both 40-bit and 128-bit strengths, referring to length of “session key” generated by each encrypted transaction.

In order to establish an SSL session with a customer’s browser, your server has to be able to generate a public key and a private key and have them authenticated by a certificate authority, such as VeriSign (www.VeriSign.com), Thawte (www.Thawte.com), Tucows (www.Tucows.com) or InstantSSL (www.InstantSSL.com). Your Web host may include an arrangement with one if these authorities, or may allow you to use its certificate.

Processing Transactions

Once your customer is willing and able to give you his or her credit card information, you still have to make arrangements to be able to process transaction and receive your payment. Obviously, credit card processing is a complicated process, and a number of organizations can be involved, from both your bank and user’s bank to a credit card processing company and credit card communications network.

Your involvement in processing operation will vary according to how much of responsibility you want to outsource. It can be as simple as employing a “buy button” solution hosted by a third party provider, where all you have to do is include a piece of HTML code on your site and processing company will send you a check. But keep in mind that more responsibility you take on yourself, smaller percentage of your profits you'll have to hand over to service providers.

In a more hands-on solution, many of storefront-building software solutions include tools and ongoing support services to handle payment processing functions. Your Web host may have already set up this sort of pre-arranged processing option. For storefronts not equipped to provide payment processing, there are service providers, such as IBill (www.IBill.com) or CCBill (www.CCBill.com), designed to do just that. These providers charge a scaling service that can reach as high as 15 percent, for their services. And these charges can be avoided by setting up your own merchant account.

If you decide to handle most of processing yourself, saving many of fees associated with outsourced payment processing, you’ll have to enable your Web server and applications to send and receive information from credit card network. In order to do this, you’ll have to obtain your own merchant ID and terminal ID, numbers that will identify you and source of your transactions. These IDs can be obtained from a merchant bank by applying for a merchant account enabled to receive payments by credit card. The merchant bank will have relationships with acquiring banks that can handle both credit card processing and Internet payments. Once merchant bank supplies you with merchant and terminal IDs, you’ll use these numbers to configure your payment software or provide them to your outsourced processor.

There are plenty of responsibilities beyond security involved in running an e-commerce Web site, not including managing supply chain relationships and inventory and, of course, fulfilling your customers’ orders. But, when dealing with sensitive data involved in processing customers’ credit card information, there can be no question that earning trust of your customers through a comprehensive and responsible approach to security should be a primary concern.

Please refer following web sites for useful resources related to web site hosting:

http://www.vipwh.com

http://www.vippowernet.com

http://www.thehostingguide.com

Few service providers are equipped to fully do either #1 or #2, let alone both. That’s reason so many providers have more partners than organically developed features. Partnerships allow companies to offer additional products and services at a fraction of cost of in-house development thereby making enhancements affordable for customer.

As to second point, SME marketplace remains key battleground because of its size. Of millions of small businesses in US, there is a sizeable percentage with no web presence and among companies that are online, plenty have sites that are little more than digital brochures. As those businesses grasp value of having an online component, service providers grapple to introduce features that are relevant, features that reflect what customer wants.

The struggle to create value is key to question being posed here. Economic signs say this should be a good year. Companies are spending more on IT, particularly on hosted applications that improve office efficiency. That efficiency, however, means fewer jobs so people pushed out of corporate world have turned to self-employment. That, in turn, means more businesses with online components that demand servicing as they, like their former bosses, try to do a lot for relatively little. Companies that can offer bolt-on products that improve productivity certainly provide one thing customers want.

Bottom line is, customers want service, however providers choose to define that. There is personal tough that regionally-based companies can offer through their closer connection to customers. There is feature-focused approach, giving people what their businesses need in order to be successful. There is value-based proposition and its ever-lowering prices. There is also reverse – premium provider – which charges more but has burden of proving its worth. And there is universal imperative of being accessible to customers, ready to listen to them, willing to respond to concerns, and able to implement necessary changes that answer question that drives their business.