E-Commerence Guide: http://sbdcnet.utsa.edu/sbic/e-com.htm

brickborderΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

149 εμφανίσεις

E
-
Commerence Guide:
http://sbdcnet.utsa.edu/sbic/e
-
com.htm




Security:
(
http://encarta.msn.com/encnet/refpa
ges/RefArticle.aspx?refid=701509010&pn=2
)

Established
encryption

methods such as Secure Sockets Layer (SSL), a protocol
developed by Netscape Communications Corporation, encode
credit card numbers
and other information to foil would
-
be thieves. Shoppers can determine if the site
they are using is secure by noting the “secure” icon at the bottom of their browser
window. Also, the address bar of Internet browsers will carry the “ht
tps” prefix
instead of the standard “http” prefix when the site is secured. Nevertheless, some
consumers are reluctant to divulge credit card information over the Internet, and this
reluctance has hindered the growth of e
-
commerce.

An alternative to credi
t card information is digital cash, or e
-
cash. In this
arrangement, shoppers pay for a number of virtual credits through a single source,
then use those credits as dollars when shopping. After checkout, the online retailer
ships the goods to the buyer and
adds shipping costs to the purchase price. Few e
-
commerce sites, however, offer e
-
cash.

Privacy:

(
http://encarta.msn.com/encyclopedia_701509010_3/Electronic_Commerce.html
)

In addition to credit card security, many shoppers worry about privacy. To put them
at ease, many Internet stores post “privacy statements” that explain their policy of
sharing or not sharing customer information with other businesses. This privacy
policy may include refusing to give the customer’s name and e
-
mail address to
companies tha
t send unsolicited and unwanted commercial e
-
mail messages, often
known as junk mail or spam.

In 2003 the U.S. Congress passed legislation designed to curb spam. The new law
made it illegal for senders of unsolicited commercial e
-
mail to disguise their id
entity
by using false return addresses or misleading subject lines. Violators were subject to
steep fines and possible prison terms. The law also prohibited the gathering of e
-
mail
addresses from Web sites. Sponsors of the legislation estimated that the in
credible
growth in spam, representing about half of all e
-
mails, cost Internet access providers
$9 billion annually in technology
-
related expenses necessary to handle the increased
volume of mail. Clogged in
-
boxes also annoyed consumers and made it difficu
lt to
distinguish between solicited and unsolicited commercial e
-
mail messages.


Developing Privacy and Security Policies

(
http://www.ecomresourcecenter.com/build/developprivacy.html
)

To stay competitive on the web, it’s imperative to establish customer l
oyalty, trust,
and confidence. However, privacy and security issues loom as serious obstacles to
reaching these important goals. Though the actual risk of credit
-
card data being
compromised on the net is about nil
-

and properly executed online transaction
s are
exceedingly secure
-

many customers are still a bit hesitant to type in their credit
card numbers. Similarly, online shoppers voice
very

legitimate worries about how
web sites will use their personal information, their demographic ‘identities’, and t
heir
e
-
mail addresses.

In order to successfully carry out business, it’s your job to reassure the public of
your company’s integrity and honorable intentions. Obtaining personal information
and payment data is a big part of transacting e
-
commerce, but in d
oing this you
must both allay irrational customer fears as well as deal with valid client concerns.
The key is to turn a potential obstacle to consumer confidence into an positive
marketing tool that can promote your website. Here, boldly advertising your
privacy
and security policies is the means to transform customer anxiety into a sustainable
client relationship based on trust.

A
privacy policy

is a document that explains how your company uses the
information it collects. A well
-
defined privacy policy is

a clear symbol of your
company’s honesty; it should tell customers how you use their data, it should outline
your mail policy, and it should explain that you
always

consult the customer and ask
permission before taking any action that involves them or the
ir personal data. A
privacy policy signals that your business is an honorable one


one the consumer can
trust, can work with long term.

A
security policy

outlines the precautions your company takes in order to ensure
safe transactions. Outline your securi
ty protocols and advertise your policy on your
web site. Reassure the customer that you use state
-
of
-
the
-
art security measures and
fail
-
safe technology. If you use a payment gateway service that authorizes
transactions through an up
-
to
-
date fraud screen, l
et your customers know that you
do so. Put it in plain English and explain your guarantees.

So don’t think about your security and privacy policies as simply pieces of necessary
information. View them as a means to establish the trust and loyalty of custom
ers.
Advertise your policies boldly. Creating and clearly posting these two documents will
bolster your online credibility


and build a bridge to customer confidence.


Sample Privacy Policy:
http://www.allbusiness.com/forms/asp/373835p.asp
Consumers Fear for Their Online Privacy

(
http://www.clickz.com/stats/sectors/retailing/article.php/6061_228341
)

By
Michael P
astore

| November 1, 1999


A report from
Forrester Research

confirms what most people already believed to be
true: privacy fears are holding back Web shopping.

While privacy issues may be stopping some Internet us
ers from shopping online,
Internet users with more experience recognize data collection, and have embraced it
in some respects. The "e
-
Customer 2000 Internet Consumer Survey" from
Primary
Knowledge

and
Greenfield Online

found that online consumers are more receptive to
basic data collection requests at Web sites, and are increasingly willing to share
personal information with e
-
marketers.

Consumers are not the
unwilling victims of targeting and Internet technology, the
Greenfield study also found. Sixty
-
four percent of online consumers choose to
comparison shop at multiple sites, evaluating factors such as price, instead of
returning to a small group of sites. W
hen asked whether the government should step
in to regulate data collection, 59 percent said no. Rather, similar to the Forrester
study, the Greenfield study found that new online consumers would prefer to have
control over their personal data, such as the

ability to remove their name from a
Web site customer list (80 percent), or the ability to view a secure page containing
the exact information the site has collected about them (77 percent).

One reason customers share personal information about themselve
s with Web sites
is to allow for personalization. According to the Greenfield study, 71 percent of the
respondents have personalized a Web site, and two
-
thirds of that group believe
personalization is important or very important. Consumers are more likely
to supply
data such as birthday, household composition, or phone numbers when the data is
used to create personalized content and pages.

More than three
-
quarters (76 percent) of the respondents would provide additional
personal information in exchange for

participation in incentive programs such as miles or
points; 73 percent proved responsive to members
-
only discounts; 62 percent believed the
data was worth inclusion in giveaways or sweepstakes; and 54 percent would deliver
information in exchange for cou
pons.


Web Site Security
(http://www.workz.com/content/view_content.html?content_id=6283)

By WorkZ Staff


There seems to be no end to the threats that menace your online business. It might be a hacker
vandalizing your home page, a competitor prying into
your marketing plans, a thief stealing your
credit
-
card files, a disgruntled employee sabotaging your customer database, or a malicious kid
sending you a virus.

It is important to realize that the very nature of the Internet will always make your business
vulnerable. The medium's accessibility and openness are what make it such a powerful new place to
conduct business. Unfortunately, accessibility and openness often conflict with your need to secure
your money, your sensitive customer information, and your
other important business data.

The threats are real, but they can be thwarted. Just as you protect your data by backing it up, you
can protect your site's integrity by establishing security procedures.

Limit Access

The first way to secure your site is to
restrict access to it. Obviously, you don't want to restrict
access to your Web pages, but you do need to prevent malicious intruders from getting access to
your databases, your programs, your Common Gateway Interface (CGI) or Active Server Pages
(ASP) scr
ipts, and so on.

Passwords

Your first line of defense is password protection of the directories and files where your sensitive data
and programs are stored. Your Internet service provider's (ISP) technical support staff or your
systems administrator can h
elp you decide which files and directories you should restrict access to,
and implement your password protection. You will certainly want to password protect your programs,
scripts, databases, and log files, but you may also want to restrict access to some

of your Web
pages (for example, "members only" pages). For an example of how to do this on a UNIX server,
see Builder.com's
Password Please

article.

Here are some tips for password securit
y:



Use at least 1 non
-
alphanumeric character
(such as ";" or "=") in your password



Change your password

frequently



Don't share your password

(if someone legitimately needs access, then they need their
own password)

Firewalls

Another kind of web site secur
ity is provided by a firewall. A firewall is a suite of programs (along
with a set of procedures) that a private network (an intranet or local area network [LAN], as
opposed to a public network like the internet) can use to control access to and from its c
omputers.
If your site is hosted by an ISP, you probably aren't a candidate for using a firewall. But if you want
to learn more about firewalls, see whatis.com'sdefinitionor the Internet Firewalls Frequently Asked
Questions page.

Physical Access

An importa
nt but often overlooked aspect of Web site security is controlling physical access to your
Web server and its programs and data. For a determined saboteur or thief, it is often easier to
simply abscond with a floppy disk ? or, worse yet, with your whole co
mputer ? which holds the data
your password system protects so well. As Eric Swanson, a long
-
time UNIX and NT systems
administrator says, "In the end, your critical data is only as secure as the lock on the door to the
machine room." So it might be worth y
our while to pay a visit to your ISP to ensure that they have
good physical security measures in place.

None of the above practices can guarantee that virus
-
infected files won't show up on your system,
so you should always augment your security procedures
with a good virus checker.

Authenticate Users

In addition to
what

your users access, which you can control with the measures above, you may
want to verify
who
is accessing your site. This is especially crucial for e
-
commerce sites or sites
that handle sens
itive information like medical or financial records.

Firms like
Thawte

and
VeriSign

issue certificates that serve as shoppers' and merchants' virtual
identification cards. These

certificate
-
issuing authorities take measures to confirm that online
shoppers or merchants are actually who they say they are, and then issue a digital ID they can use
to securely interact with each other.

If you conduct e
-
commerce at your site, your vir
tual storefront software likely includes some sort of
authentication mechanism. If you need to verify identity at your site for some other reason, you will
need to install certificate software on your server. For more information on how to do this, see thi
s
book excerpt on
Creating and Installing Web Server Certificates
.

The issue of identity in cyberspace raises some interesting philosophical and legal questions. A
Builder.com column
ist explores this in
The Other Side of Web Security
.

Encrypt Sensitive Data

Secret decoder rings rarely show up in your Cracker Jacks box anymore, but encryption is alive and
well on t
he Internet.

Many of the security schemes above rely on public
-
key encryption schemes. See
Pretty Good
Privacy

(PGP) for an example. Public
-
key encryption is an ingenious method

of securing sensitive
information. It uses public and private keys to lock and unlock sensitive files. For example, if you
wanted to have a secure e
-
mail exchange with someone, you would give him or her your public key,
with which he or she would encrypt
the message to you. You would then open his or her e
-
mail with
your private key, which only you have access to, and which is the only way to get at information
encrypted with your public key.

Perhaps the most common public
-
key encryption method in use on
the internet is Netscape's Secure
Sockets Layer (SSL).
SSL

uses encryption to create a private, secure way to transmit documents
over the internet. Many e
-
commerce programs rely on SSL to secure

the transmission of credit card
information and other sensitive data. For a detailed (if occasionally mind
-
bending) look at the logic
that underlies SSL, see Netscape's page on
How SSL Works
.

Keep Up with the Bad Guys

One final note. There is no area more dynamic and fluid than Internet security. Every week there is
another story about an e
-
mail program with a security flaw or a teenage hacker cracking an
"uncrackable" encryptio
n scheme. So make sure that you and your ISP or your systems
administrator stay current with emerging security issues. Read the technology section in your local
newspaper, and check out sites like Web Developer's
security

page on a regular basis.