Internet security is critical to conducting on-line business transactions, nationally and globally. Just as we have laws governing right and wrong, moral and ethical we should also have minimal requirements for secure web transactions.
At a minimum, all websites that permit monetary exchange should employ 128-bit encryption with a valid SSL certificate (The March Group, 3 May) and user data should be collected to a separate server behind the company or ISP’s firewall. Organizations collecting data should be required to protect personal data, store, and dispose of it in a timely and efficient manner. These requirements would be mandatory for low cash value, every day transactions. Compliant websites would be identified by certificate and listed on a register.
Large value transactions, say over $2500 (USD) would require two-way authentication though a VPN client (Virtual Private Network) or IVE (Instant Virtual Network) with an RSA token. This method requires a PIN and variable code authentication to sync with a Db on the server. VerifySmart (VerifySmart, 14 September) provides a two-part authentication using a PIN and a mobile device such as a phone or PDA to verify the account owner is aware of and approves of each transaction. Hard as it may be, inconvenient as it may appear – these steps are necessary to secure transactions over the Internet. According to TowerGroup, Research Director, George Tubin (Stopping Man, 19 February) the best approach remains to be multi-layered security with two-form authentication.
Although the VerifySmart credit and debit card solution is approved in 29 countries, (VerifySmart, 14 September) the process appears that it would be cumbersome for on-line transactions. The notion of on-line business with developing nations is still a long way off and will remain a “Buyer Beware†scenario for quite some time. In the meantime, companies like Pay Pal, eCash, and Western Union may see great opportunities in processing transactions for international customers.
Don’t mind giving you a plug if you want to provide a static address people can paste into their own browser.
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
I don’t usually reply to posts but I will in this case.
my God, i thought you were going to chip in with some decisive insght at the end there, not leave it
with ‘we leave it to you to decide’.
Hi Hub,
I was going through your blog tonight and have been meaning to comment on this particular plug. This post was right on, about the standard SSL encryption layer of transactions, the minimum of 128 bit encryption, i know that the quality of commercial grade encryption has has advanced over the past few years to be able to surpass 128 bit level ssl encryption, you wonder if it will lead to SSL 256 or 512 bit support for encryption. The ‘keymakers’ dont have an issue with expanding this functionality, but the issue is with the vendors that make the browsers like Microsoft Internet Explorer, Firefox, they only support up to 256 bit encryption. I think that since were approaching 2012 its time for the major vendors to expand the capabilities, i believe that the browser standard has been 128-256 bit for some time now. LEts see whats next.
I also thought your post of what should be done with transactions over 2500 is very interesting as well, maybe the vendors can put together some type of solution that does advanced routing in the background which would be blind to you and me. There are some neat concepts that i have been reading about. Anyway, thanks for the post. Hope to see more soon!
-M
http://www.verisign.com/ssl/ssl-information-center/strongest-ssl-encryption/
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.