Incorporate Credit cards into websites - must ?

[mini_0]

Accepting online credit card payments has become easier over the past decade, not only for the customer but for the merchant as well. The use of shopping cart software allows the customer to check in and out with ease, and even store their information on a secure server to use with the next purchase from your website. Secure websites that are SSL encrypted make it safer for the consumer, and eases some of the worries about their personal information being seen by hackers and others who are able to access it online. Certainly, you are still going to encounter some customers who are uneasy about putting their credit card information on the Internet, and for those, you can choose to accept a telephone payment instead of an online credit card payment. It is more difficult for you, but if it eases the worries of your customer, then it is worth it. Why lose a customer over such a trivial matter that is easily resolved?

[Thesa]

E-commerce is an online business wherein vendors and clients deal with each other in a virtual world without having met or seen each other. The clients are required to make online transactions (generally via the credit cards) and they need to feel secure doing the same.

In order to gain the trust and confidence of the clients and /or visitors, the E-commerce website needs to be secured and it can be done via SSL certificates.

Thus, SSL (Web server Certificates or Secure Server Certificates or SSL Certificates), introduced in 1994, has been the de facto standard for e-commerce transaction security.

A protocol developed by Netscape and a Web standard for encrypting communications between users and SSL enabled sites.

SSL Certificates are required to initialize an SSL session. Used on:

• Web Servers for Internet security
• Mail Servers (IMAP, POP3, SMTP) for mail transaction security.

Requirements for Running SSL on a Server

• Require a web server that is capable of running SSL.
• To be able to access the SSL configuration functions of the web server.
• Require a Certificate Signing Request (CSR).

Caution: SSL does not protect the server or the software installed in it from attacks or malicious hacks. Thus, for such protection, one requires to use other mechanisms such as firewalls, virus checkers, Apache and IIS user, and password protection for directories and files.

[Thesa]

• The clients / visitors feel safer and secure in dealing with sites that are secure and ensure the safety of their personal information. Majority of online shoppers surveyed by VeriSign (a CA issuer) emphasized the importance for an e-commerce site to include a trust mark of some kind on their site.

• If the personal data is hacked and misused in any manner, the victims can resort to the legal process, which can mean loss of face, trust, and confidence in business.

• A research suggests that having a recognizable SSL certificate can have a direct correlation to increased e-commerce sales. Customers are more comfortable shopping on those sites and have fewer abandoned shopping carts and better repeat purchases.

[Thesa]

• Based on encryption, encrypts data (like credit cards numbers), and sends it to the receiving Web site.

• Proves the security and integrity and ownership of the website

• Sits on a secure server and is used to encrypt the data and to identify the Web site.

• Uses either 256 bit or 128-bit or 40-bit encryption

• Prevents eavesdropping, tampering and hacking of information, thus businesses and consumers are assured that the private data sent to a Web site, are secure.

• Contains information about the certificate holder such as the domain to which the certificate was issued to, the name of the Certificate Authority (CA) who issued the certificate, the root and the country it was issued in (can be viewed on clicking on the padlock icon).

• A SSL secured site URL is “https://www.site.ext”, while non-secure site URL is “http://www.site.ext”. On connection, a little padlock icon is seen at the bottom of the page.

• Another protocol for secure transmission of data is Secure HTTP (S-HTTP), which is designed to transmit individual messages securely. Thus, SSL and S-HTTP complement each other.

[Thesa]

1. You can buy one from a certificate vendor (given a few with the encryption type offered):

• Verisign (www.verisign.com): 40-bit, 128-bit, 256-bit

• Comodo (aka: InstantSSL) (www.instantssl.com or www.comodogroup.com): 128-bit

• Thawte (www.thawte.com): Web Server Certificates as well as 128-bit SuperCert

• GoDaddy SSL (www.godaddyssl.com): Turbo, High-Assurance, and Wildcard

• GeoTrust (www.geotrust.com or www.freessl.com): 128-bit

• Baltimore (www.baltimore.com)

• Entrust (www.entrust.com)

• ipsCA (certs.ipsca.com) :128 bit


2. You can sign certificate via both open source and proprietary tools
This might save the time and expenses of going to certificate vendor, but not recommended. This is similar to issuing oneself a license that is neither verified nor recognized by some central authority.

Though data may be encrypted, a warning shall appear indicating that the certificate is not recognized.

3. If you own a server, you shall need to generate a CSR (Certificate Signing request), which is a block of encoded data generated by the web server and contains the necessary details about the domain and organization.

4. If you are on a shared hosting, you shall need to get the host to raise a CSR

[Thesa]

• Reputation and credibility of the CA (their business and clients)

• Whether the root is embedded (available) in all of the popular browsers

• The ownership of root (whether owned by CA and not chained to someone else's root)

o Either own or have a Trusted Root in most browsers which are expensive and recognized.

Note: In IE, Go to Tools, then Internet Options, select Content tab, click Certificates, select Trusted Root Certification Authorities tab. A dialog box presenting a list of all CAs' who own their own Trusted CA roots (can examine them on double clicking it)

o If they do not have above, they should have a Chaining Certificate that links whatever they sell to the clients with a trusted root (128 bit and as secure as above, but lesser known)

• The management of certificate (whether easy to install, renew, reinstall, revoke etc.)

• Ease of acquiring the certificate

• Who shall be doing the examination (the CA itself or do they delegate this to their resellers?)

[235615297]

isaiahangelevansaraalveolarquotajordan