5 Essential Tips to Secure Your Online Credit Card Transaction (Part 2)

December 1, 2009 by  
Filed under Credit Card

Now, lets continue our last discussion about important tips for you when making online payment using your credit card.

2 – Integrity of the components of the transaction

It is vital that the transaction between two partners is not disputed in amount, date or place of execution. The integrity checks, which are also mechanisms for encryption, can ensure that a transaction could not be altered in the transport network, either by loss of binary information which would alter the original character, or maliciously.

3 – Privacy

Encryption techniques are designed to keep secret the contents of a transaction. The most commonly used protocols on the network (SSL, HTTPS, MIME) that allow privacy.

If it is timely for the content of an exchange or transaction, it has limited value for an act of payment. Indeed, if players want to unwind the transaction, it will always reveal the consumer to the merchant the purchase amount, the nature of the medium of payment, where payment can be collected, etc..

This is one of the great mistakes of electronic commerce that reminds consumers that their transactions are “safe” because they can not be “read” on the network.

However, most of the protection is not in the confidentiality of records of payment but in the retention of personal data (given that piracy is more information on current information stored on the information in transit from one consumer and a merchant).

It can undermine the very principle of authentication for reasons of anonymity purchases and payments.

This point is also very quickly became a paradox of trade on the Internet where data protection is an important subject of international debate. It was well illustrated by American cartoonist showing a dog behind a screen with the subtitle “On the net, nobody knows you’re a dog!” (Over the net, nobody knows you’re a dog “), illustrating the strength of anonymity of the new media.

It has been known that this is not with cookies and the prospects of one to one marketing. For payment, anonymity is inconceivable.

4 – Non-repudiation

As for payment, the term “repudiation” is abusive. It is better to speak of a dispute.

We must distinguish the challenge of payment to its finality. A payment can always be challenged and doubt is raised by providing evidence, but the law requires it is always binding if made by check or credit card.

Clearly, a consumer can always, good or bad faith dispute a payment or order. But if not satisfied with the order which is delivered (delayed, undelivered, Ill), it can provided “withdraw” his request for payment and his bank not to pay. It must be reported to the merchant, then it is a commercial dispute which treatment is part of no return.

The challenge of a payment should be made impossible for the officer by the implementation of appropriate encryption techniques.

5 – Terms of archiving

Archiving is essential: it serves to search and allows for example to provide evidence of payments in case of dispute. But it poses a real security problem. The biggest risk for a trader is not to protect data relating to a payment or not to insure their protection if they are treated by one third. It must therefore be attentive to the protection of sites and, in the case of outsourcing to a third party (bank service company), the contractual clauses on this point.

A collection of card numbers can be particularly attractive to a hacker. There are identifiers of cards in circulation and not opposing it can use, or disseminate (as was the case in 1999 with a major record retailer U.S. online, CD Universe).

The data stored by providers must be preserved and replicated, if possible in two separate locations. Data retention also meets the legal requirements of time consistent with the use of different means of payment.

Comments

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!