
	Home
	E-Commerce Services
	E-Commerce Solutions
	CRE Loaded Open Source Ecommerce Software
	osCommerce Solutions
	Yahoo Merchant Solutions
	PayPal Free Shopping Cart
	PDG ECommerce Shopping Cart Software
	Payment Gateway Integration
	E-Commerce Articles

Ecommerce Technologies Presentation To Start Online Business

Guideline of eCommerce Audit

Our comprehensive eCommerce Audit services can help your company accomplish the following:

Every eCommerce service provider should identify and assess potential security weaknesses.
Your should make certain that existing security measures are implemented effectively.
Give detailed information that can be used to qualify for information protection insurance, meet customer contractual obligations, and meet your customers' service level expectations.
Make sure that the fundamental code of your company's web application meets its functional requirements and specifications, and does not contain common security vulnerabilities.
Make sure changes to your company's Internet infrastructure are detected and reported even after the audit is complete

eCommerce Security

eCommerce Security is the first issue that clicks to mind when transaction with Credit Card payments over the Internet, though it is one where the perceived threat is far greater than the reality of the situation. Most eCommerce merchants leave the mechanics to their hosting company or IT staff, but it helps to understand the basic principles. Any system has to meet four requirements:

Privacy: Transaction information must be kept from unauthorized parties.
Itegrity: Message must not be altered or tampered with.
Authentication: Sender and recipient must prove their identities to each other.
Non-repudiation: Proof is needed that the message was indeed received.

Transaction Security

Transaction Security is one of the most important aspects for businesses operating online. There are always stories in the news about credit card numbers being collected by individuals online. To combat this, all transactions will go through a secure transaction line, provided through the company's financial institution. All processes are handled by the bank, ensuring a highly secure line that will instill customers with trust.

Digital Signatures and Certificates

To immensely a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also timestamped by a third party agency, which provides non-repudiation.

Secure Socket Layers

Information sent over the Internet usually uses the set of rules called TCP/IP. The information is broken into packets, numbered sequentially, and an error control attached. Individual packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.

Information Disclosure

To full-fill orders and ship orders, information collected from users may be needed by service providers to complete transactions. In this event, only information needed to complete the sale and or delivery of the purchased products will be disclosed to any service provider.

Security Hints

If you put into practice the following measures, you can ensure that your exposure to fraud and criminal activity risk is manageable:

You should change your passwords to your cart control panel and your gateway at least once a week.
You should log in to your gateway daily to check for unexpected activity.
Use AVS and CVV to ensure cards are being used by legitimate cardholders.
You should never email credit card numbers.