There has been a great deal of excitement in the media over the significant commercial potential of the internet. Many commercial enterprises are viewing the internet as a significant element of their business operations. They see it as a means of advertising, selling and supporting their product globally.However, there are certain critical area such as security that if not adequately addressed could cause the usefulness of the internet to erode rapidly. Brian Hurley & Peter Birkwood in Doing Business on the Internet said that there are three main areas of security relevant to the internet business:Fradulent use of credit card information related to on-line financial transactions, General site and security and Information security. Some companies claimed that they offer their customers a secure gateway that cannot be access by hackers.
The purpose of this paper is to discuss the issue of secure payment. In so doing, I will explore how secure is secure.
Commerce on the internet consists mainly of passing credit card numbers and expiry date information electronically between the merchant and the customers. When commerce is conducted over the internet, a network is open to milions of potentially prying eyes. Moreover, there is no one to verify the validity of the credit card. To ensure that the person using the card is actually the card holder. The buyer might have exceeded the limit or can be using a stolen card. Likewise, the buyer has no assurance that the vendor on the other end is who he/she claim to be. Richard E. Smith in Internet cryptography says that data travels from one computer to another leaving the safety of its protected surroundings.
Once the data is out of the sender’s hand it can fall into the hands of people with bad intention. they could modify the data for their amusement or for their own benefit. To protect the data moving across the network, encryption has been introduced. The crypto device has several essential elements that determine how it works.
First the crypto algorithm, which specifies the mathematical transformation that is performed on data to encrypt or decrypt. the crypto algorithm is a procedure that takes the plain text data and transform it into ciphertext in a reversible way. William R. Cheswick ; Steven M. Bellovin in Firewalls and Internet Security assert that encryption is often touted as the ultimate weapon in the computer war but it is not. They claim that encryption is a valuable tool, but like everything else it is a tool towards an ultiminate goal. They continue to assert that if encryption is used improperly, it can hurt the real goal of the organization. pg14.
According to an article published in the General Media and Daily Newsfeeds hackers are geting better at breaking computer codes. The article states that a computer hacker was found guilty on five counts for hacking systems to gather credit card information which he intended to sell on the black market.when the computer hacker was arrested, he had in his possession an encrypted cd-rom containing roughly one hundred thousand credit card numbers stolen from companies doing business over the internet.
Another article published in the same magazine claims that a computer hacker broke into a San Diego Internet provider’s computer and stole one hundred credit card numbers. According to the article, the hacker used a “packet sniffer” program to gather the information from a dozen companies selling products over the internet.
A survey conducted by the American Bar Association revealed that forty five percent of the companies surveyed claimed that they suffered from computer crimes. The article states that some companies do not report computer crimes because they do not want to alarm customers. They believe that to publicized such information would only cause substantial damage to other systems because the bad guys would use the information to penetrate other similar systems. Vendors and banks do not want to inform the public of computer crimes because they are concerned that customers will loose confident in their ability to protect their assets.
Currently, there are a wide variety of goods and services available intended to enhance internet security. These range from accessory devices for physical security, identification, authentication and encryption. However, the slow growth of the market for secure software and systems do not give vendors any incentives to engage in this venture. The high development cost and the preceived small market made security software appear as a risk to vendors. Moreover, vendors who introduces a security before his competitors only have at least one year before the technology become obsolete. Also, some retailors avoid offering security products because they fear that the issue may dampens customers enthusiasm of doing business on the internet.
Attempting to secure a network is a very tough problem. One that requires a tremendous amount of technical understanding, political sawy and patience.Moreover, security normally implies limited coperation, confinement of users, processes,reduction in communication and limitation placed on access to network resources. In addition, networking technology is changing so fast that computer programs do not stay the same for more than 18-24 months.
Networks are crossing organizational boundaries.In order for organizations to stay competitive they must be able to communicate effectively with customers.
The internet has grown dramatically in the past two years as firms rushed to connect to the internet to comunicate with their customers and suppliers. By the turn of the century, the internet will change the way that companies do business. However, the infrastructure to support commerce over the net is lacking. Commerce over the net is more than just buying and selling of goods. It includes the passing of credit card numbers. Most people do not think of trust when they engage in a transaction. They take it for granted that the the parties are who they claim to be. However, in this case the buyer can see the product and the vendor can validate the credit card. On the internet this authentication is not posible. The internet is a public network with traffic passing in thev clear. It is quite to an experience computer hacker to listen in on a conversation or retreive a credit card number as it pass from sender to receiver. As more companies do business on the internet, it will become more lucrative for hackers to listen in to the traffic, and the potential for break ins will increase. Even though there is a wide variety of security products available, there are computer hackers who spend all of their time trying to break computer codes. No security technology remains effective forever. It is just a matter of time before someone breach the system.
William R. Cheswick & Steven M. Bellovin,Firewalls and Internet Security Repelling the Wily Hacker, Addison-Wesley Publishing Company, New York,1994.
Mary J. Cronin, Doing Big Business on the Internet How the Electronic Highway is transforming American companies, VanNostrand Reinhold, New York, 1994.
P.C. Magazins, 03/10/97, vol.159 Issue 5, p170
Sarah Schafer; P.C. Magazins, May96, vol. 18 9126
Steven Levy, Newsweek Magazine, 2/6/95, vol. 125 Issue 6, p39.
EDGE: Work-Group Computing Report, July 7, 1997 v8
PCWEEK July7, 1997 v14 8. Basic Flaw in Internet Security, http://http.cs.berkeley.edu/gauthier/endpoint-security.html