The site must include features that make customers feel comfortable with the online shopping experience including clear policies on security, privacy, shipping, and returns.

Types of online businesses

• storefront model
• auction model
• portal model

Online payment types

• Credit Cards - CyberCash, debit-it
  • In order to process an online credit card transaction, the buyer and seller rely on a third party company like VeriSign (http://www.verisign.com ) to verify the buyer’s credit information. The third party company interacts with the consumer and merchant accounts to verify the sale and make the transfer of funds. Third party companies such as debit-it! (http://www.debit-it.com/ ) provide similar services for online debit card transactions. While this method is the most common, it requires the most sophisticated technology on the site to ensure that the customers’ credit card numbers are transmitted securely.
• digital currency - InternetCash
  • offers an electronic payment alternative for individuals without a credit card and for buyers with fears about providing their credit card information online. One digital currency provider, internetcash.com, allows individuals to purchase pre-paid InternetCash™ Cards in physical stores (much like pre-paid phone cards) and then use the cards on sites accepting this form of currency.
• peer-to-peer - paypal

Three Tier Model

See Fig 7.1

Security Concerns with Online Transactions
When sensitive information such as credit card information, pins, or passwords are transmitted across the Internet, the information must be protected from unauthorized individuals.

Encryption
Encryption is the process of encoding information so that it is hidden from unintended recipients. Without encryption, intermediate devices can intercept packets sent on the Internet and a person with appropriate computer and network knowledge can read the contents of the message.

Public Key Cryptography
The main encryption scheme used on the Internet to protect sensitive information is called public key cryptography. When using public key cryptography, each party must have two numbers called keys. For each user, one key is publicly available and is called the public key the other key is known only by the user and is called the private key. An intricate algorithm is used to select the public and private key to ensure that the numbers work in tandem to encrypt and decrypt messages using the public key encryption algorithm.

See Figures 7.2 and 7.3. We can have a problem with authentication.

Signed Ciphertext, Figure 7.4

Digital Signature, Figures 7.5 and 7.6

Security Protocols
SSL: Client contacts server. Server responds with certificate to very its identity. Client and server generate session keys for two-key encryption. Then transmit.
SET: customer, merchant, and bank must all have a certificate

Shopping Cart Example

Homework Assignment

• Oral presentation that discusses some technical aspect of the project.
• Exercises 3 and 5 in the Short Answer section, and write an essay (1-2 pages, Times Roman 12 pt, double spaced) that explains how SSL works. Some resources you may want to consider for the essay are
  • http://www.ourshop.com/resources/ssl_step1.html
  • http://www.verisign.com/products-services/security-services/ssl/ssl-information-center/index.html

This work is licensed under a Creative Commons License.