Table of Contents
The table of contents about my CNPA Coursework: Credit Card Security On-Line
Setting up my pages
This is a brief summary on how I set up my pages and the tools I have used to create this homepage.
More links
Links that are required in my CNPA Coursework Page
Table of Contents - Credit Card Security On-Line
Introduction
E-commerce has become very popular in our world today. The main mode of financial transaction
through the Internet is the credit card. Many consumers have expressed concerns about the security
of sending their credit card numbers and information through the Internet. Therefore, many
organisations have decided to solve these security problems by proposing security standards and
developing on-line secure credit card transaction systems.
Merchants using the SET protocol will have to undergo a software compliance test and if they are
SET-compliant, they will be able to display the SET Logo/Mark in their web-site to indicate that they
are using the SET protocol for credit card payments over the Internet.
SET is different from these protocols because SET is more like a package of security protocols that
specify the methods used to secure a payment transaction. It is designed and geared towards secure
payment transactions rather than securing any form of data that needs to be transmitted secretly over
the Internet. SET is more complicated and it requires more steps than both SSL and S-HTTP to complete a
transaction as the information sent has to go through the bank, the merchant and the consumer.
Malaysia
Security Tools and Archives
Security protocols
Security protocols are needed for secure data transactions across the Internet. There are two
security protocols that are being used now. One is called SSL and the other is S-HTTP.
SSL
SSL, which stands for Secure Socket Layer, is a security protocol that was created by Netscape.
SSL operates just above the TCP/IP transport level, but below the application-protocol level.
A web site that uses SSL will display a lock icon in your browser's status bar and the URL will
start with "https://" instead of the usual "http://". It will display "SSL secured (40bit)" when
you point your mouse on the icon.
What does it do?
It is use to encrypt transactions in higher-level protocols such as HTTP, NNTP and FTP.
The SSL protocol includes provisions for server authentication and data transit encryption.
SSL uses the public-and-private key encryption system from RSA and also includes the use
of a digital certificate.
How it works
SSL uses a security handshake to initiate the TCP/IP connection between the client and the server.
During the handshake, the client and server will agree on the security keys that they will be using
for the session. Then client authenticates the server and after that, SSL is used to encrypt and decrypt
all of the information in both the https request and the server response.
Usage
SSL is currently implemented commercially on several different browsers such as Netscape
Navigator, Secure Mosaic, and Microsoft Internet Explorer.
SHTTP
S-HTTP stands for Secure Hypertext Transfer Protocol. It is the scheme proposed by CommerceNet and
Unlike SSL, S-HTTP is a higher level protocol that only works with the HTTP protocol.
What does it do?
It allows the server to authenticate the identity of the client, and it allows the client to
authenticate the server.
How it works
With S-HTTP, both the server and any potential client must have certificates. S-HTTP uses a
security negotiation to initiate the TCP/IP connection between the client and the server. During
the negotiation, the client and server will agree on the kind of security they will use and then they
proceed accordingly. S-HTTP supports RSA and kerberos key exchange.
Usage
Currently, S-HTTP is implemented for the Open Marketplace Server marketed by Open Market Inc on
the server side, and Secure HTTP Mosaic by Enterprise Integration Technologies(EIT) on the client side.
Secure Payment Transactions
Security for credit card transactions over the Internet is very important in e-commerce.
Therefore, various systems for financial transactions are created to ensure confidentiality,
authenticity and data integrity. Until recently, an open industrial standard protocol called SET was
developed to ensure secure credit card payment transactions over the Internet.
SET
What is it?
The SET (Secure Electronic Transaction) protocol is an open industry standard develop by Visa and
MasterCard to facilitate secure credit card payment transactions over the Internet.
SET functions
Conclusion
There is no doubt that credit card on-line transactions have raised several security issues. SSL and S-HTTP
makes use of encryption and authentication to secure credit card information being transmitted over the
Internet. SSL and S-HTTP do not necessary have to transmit credit card information although a lot of e-commerce
sites make use of one of these protocols to secure consumer's credit card information. Any data that needs to
be confidential and transmitted over the Internet can make use of them.
Setting up my pages
This is a summary on how I set up my pages and the tools I used. The pages were created using 2 text editor to
write raw HTML. They are Emacs (when using Unix machines) and Notepad. I also make use of MS Word97
to do a word count check and to check for any grammar or spelling mistakes. The Unix command "chmod oug+rx . public_html"
allows access to the files in my public_html directory. These pages were then uploaded to the server through the Unix Workstations or through
ftp lawn.cs.herts.ac.uk. The other tool which I used was the scanner in the LRC. I used the scanner to scan my photograph and
then I used Adobe Photoshop to reduce the size of my image. Finally, I uploaded my image to my public_html directory and my homepage is done.
Find out more about my beautiful country, Malaysia!
Everything that you ever need to know about security. A really comprehensive site