In order to address the concern that many users have in entering Private or secure information over a network, many WWW technology companies have introduced a whole range of secure server and browser products. These products attempt to make the Internet far more secure for cash, cheque, membership and credit card transactions.

While the world currently needs and waits for more secure servers, there is currently no uniform standard to perform a secure transaction. It’ still unclear as to which company and products will win the secure Server / Browser battle. Interestingly you should be aware, that even when secure transactions are commonplace, you should assume that your data is not breakable.

One of the simple ways to ensure security is Membership Systems.

Many cash handlers rely on membership systems to make the handler mote convenient as well as secure for the user. There are two types of membership systems.

Users can sign up to become members and are instantly granted the membership. You have the ability to review their application in your own time, but during that time, users are allowed to place orders based on their preliminary membership. This is the most convenient mechanism for users because there is no delay and they are able to make their first order instantly.

Users can sign up interactively but are not given access until you review the application they submitted. When you decide to accept their account (either based on your credit card check or some other clearance method), you then activate their account and notify users of their acceptance.

In Pune, Infotech India has got a very good membership System, with Facilities to buy goods on the site. It also provides an Email ID and the best part is that you can go to the site even if you do not have an Internet connection. You just have to dial their number through your modem and get connected to Indiaco.com. When last discussed, the scheme was available for a mere 300 Rupees. In the absence of Cyberlaws in our country, this system is very reliable and only member can buy goods, avoiding fraudulent deals.

The next major issue is who is handling your credit card transaction. Many services exist which allow you to clear a credit card for a fee. Some of these services are now located on the Internet, in the form of Servers. These servers will be more than happy to clear credit card transactions for you, for a percentage of the transaction. Often the percentage will differ depending on whether you already do or not do have the merchant’s account.

Many times it is not possible to determine the status of a credit card number instantaneously. This is because credit handling is done in different manners, some requiring periodic modem transfers to clearing houses. In these cases the credit information may actually clear several minutes after the transaction has been completed by the user. Anyway it is always better that users should always receive a confirmation via Email. This helps to ensure that they received verification and are aware of the status of the order.

SET stands for Secure Electronic Transaction (SET) protocol that is being developed jointly by Microsoft and VISA International among others. This protocol involves a Digital Certificate that is issued to both the Customer and the Merchant (Seller). Each certificate is a guarantee that the persons involved in the transaction are who they say they are. The certificates are guaranteed by a third party who is trusted. Verisign is an example of such a third party. Digital Certificates have been covered in the article series by FANDS, but for more information you can visit Verisign’s Web site.

When a transaction is initiated by the customer, the customer’s browser requests a public key from the merchant and another from the payment processor (usually a bank). The SET software then encrypts the transaction data using these two keys. The order information is sent in encrypted form to the merchant, and the payment information is sent in encrypted form to the payment processor. After the payment processor verifies payment, a key is sent to the merchant so that the order can be decrypted.

The beauty of the system is that the merchant never sees the customer’s credit card information, and the payment processor never sees the order information.

Some of the Key security points that are covered with SET are

• Shoppers can be authenticated using customer – defined name and password pairs that can be stored in either a database or in the client browser using cookies.
• A unique shopper ID is created and assigned when the shopper first enters your site.
• A secure port is used for Transactions. Port 443 is assigned by default
• Secure Socket layer is used for additional security.

The Secure Socket Layer, or SSL is a method of Data Encryption that operates as a layer between the TCP/IP network protocol and the HTTP applications. Server authentication, encryption and data integrity are provided through SSL utilization. Authentication ensures the client side that its data is sent to the correct server and the server is secured. Encryption ensures the privacy of the data transferred. Data Integrity ensures that the data that has been transferred has not been altered.