5 Essential Tips to Secure Your Online Credit Card Transaction (Part 2)

December 1, 2009 by  
Filed under Credit Card

Now, lets continue our last discussion about important tips for you when making online payment using your credit card.

2 – Integrity of the components of the transaction

It is vital that the transaction between two partners is not disputed in amount, date or place of execution. The integrity checks, which are also mechanisms for encryption, can ensure that a transaction could not be altered in the transport network, either by loss of binary information which would alter the original character, or maliciously.

3 – Privacy

Encryption techniques are designed to keep secret the contents of a transaction. The most commonly used protocols on the network (SSL, HTTPS, MIME) that allow privacy.

If it is timely for the content of an exchange or transaction, it has limited value for an act of payment. Indeed, if players want to unwind the transaction, it will always reveal the consumer to the merchant the purchase amount, the nature of the medium of payment, where payment can be collected, etc..

This is one of the great mistakes of electronic commerce that reminds consumers that their transactions are “safe” because they can not be “read” on the network.

However, most of the protection is not in the confidentiality of records of payment but in the retention of personal data (given that piracy is more information on current information stored on the information in transit from one consumer and a merchant).

It can undermine the very principle of authentication for reasons of anonymity purchases and payments.

This point is also very quickly became a paradox of trade on the Internet where data protection is an important subject of international debate. It was well illustrated by American cartoonist showing a dog behind a screen with the subtitle “On the net, nobody knows you’re a dog!” (Over the net, nobody knows you’re a dog “), illustrating the strength of anonymity of the new media.

It has been known that this is not with cookies and the prospects of one to one marketing. For payment, anonymity is inconceivable.

4 – Non-repudiation

As for payment, the term “repudiation” is abusive. It is better to speak of a dispute.

We must distinguish the challenge of payment to its finality. A payment can always be challenged and doubt is raised by providing evidence, but the law requires it is always binding if made by check or credit card.

Clearly, a consumer can always, good or bad faith dispute a payment or order. But if not satisfied with the order which is delivered (delayed, undelivered, Ill), it can provided “withdraw” his request for payment and his bank not to pay. It must be reported to the merchant, then it is a commercial dispute which treatment is part of no return.

The challenge of a payment should be made impossible for the officer by the implementation of appropriate encryption techniques.

5 – Terms of archiving

Archiving is essential: it serves to search and allows for example to provide evidence of payments in case of dispute. But it poses a real security problem. The biggest risk for a trader is not to protect data relating to a payment or not to insure their protection if they are treated by one third. It must therefore be attentive to the protection of sites and, in the case of outsourcing to a third party (bank service company), the contractual clauses on this point.

A collection of card numbers can be particularly attractive to a hacker. There are identifiers of cards in circulation and not opposing it can use, or disseminate (as was the case in 1999 with a major record retailer U.S. online, CD Universe).

The data stored by providers must be preserved and replicated, if possible in two separate locations. Data retention also meets the legal requirements of time consistent with the use of different means of payment.

5 Essential Tips to Secure Your Online Credit Card Transaction (Part 1)

November 5, 2009 by  
Filed under Credit Card

Electronic money and electronic payment orders must also be based on principles and safety devices adapted to the vectors that carry them (telephone networks, protocols, operating systems, terminals, maps).

Internet is a network “open” that was not designed to trade, which exposes the intrusion and is a fallible system. The security of payment transactions and is made randomly.

The definition of security principles is essential to the establishment of a payment solution confidence.

From a technical standpoint, we can apply these principles through the use of cryptography. Complex in their foundations, encryption techniques are, in practice, often invisible to users.

These techniques rely on mechanisms of encryption and decryption of messages exchanged on the network through protocols. These are algorithms.

They perform several functions that make a secure payment act.

1 – Authentication of exchange partners
The authentication exchange partners is the key to a secure system is also more complex to implement and more expensive. In addition to the function so widespread and less well protected in the payment solutions on the market.

This function is nevertheless essential because it allows:

– The consumer to ensure that the merchant does exist behind the brand that is posted on its web pages;

– The merchant is satisfied, or guaranteed by a certification authority, identity of the consumer who places an order.

The authentication of the parties used to provide evidence of an act, namely the act of payment. In the absence of authentication mechanisms, either party may deny having ever participated in the transaction. The spread of these situations conducive to potential bad faith, may destroy confidence in trade. That is why the authentication process is so important, particularly in the sale of services or intangibles.

To provide authentication of actors, we use different techniques that result in an electronic signature. Like the manual signature, it is intended to validate a document in correspondence with one who does. The most common of these techniques is the certificate.