Authentication and Encryption systems

1.Visit an e-commerce website and survey the mode of payment allowed. Would you trust the site with your business?

I have purchased goods from a few different e-commerce. Nearly all of them require me to settle the payments by a credit card. Just one or two can offer me an alternate payment method (e.g. paypal). To a great extent, I trust those e-commerce websites. Normally, I only purchase goods from the well-known companies such as Amazon, Symantec and other software distributors. Besies, I tend to use a virtual credit card with very low credit limit to make the payments because it would minimise the possible loss in case of fraud.

2.What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

Most of e-commerce websites have enabled SSL encryption to secure the communications between the websites and the clients. If the customer is able to view the web address begins with 'https' and the 'lock' image as illustrated below.

The website should have enabled the SSL encryption.


3.Visit the Verisign web site - what solutions does it offer for e-commerce?

Verisign offers a number of products and services to various types of customers. There are four main categories of its products.

• Consumer Authentication - protect consumer online identities and accounts with a trusted, convenient authentication experience and behind-the-scenes, real-time fraud detection.
• Enterprise Authentication - address business challenges and regulations around strong authentication, encryption, and digital signatures with secure and scalable PKI and OTP solutions.
• Government Authentication - PKI and OTP solutions for Federal, state, and local agencies and government contractors.
• Authentication for individuals - Digital signing, digital certificates and credentials for individuals and organizations to secure and protect online identities.
  

Not all of above are applicable to the e-commerce practice. Consumer Authentication would be designed for B2C e-commerce transactions and Enterprise Authentication is more for B2B e-commerce transactions.

4.Visit the TRUSTe web site. Describe what services and solutions are offered.

TRUSTe is an independent, privately held organisation which certifies the businesses with its Web Privacy Seal .and Email Privacy Seal. The following is the mission statement of TRUSTe.

TRUSTe helps consumers and businesses identify trustworthy online organizations through its Web Privacy Seal, Email Privacy Seal and Trusted Download Programs. TRUSTe resolves thousands of individual privacy disputes every year (TRUSTe n.d.).

In order to acquire a seal from TRUSTe, the busniesses need to meet the privacy rules set by TRUSTe as well as the legal requirements. However, some people just treat it as a marketinh tool rather a security benchmark (Cline 2003).

References

Cline J 2003, 'Web site privacy seals: Are they worth it?', Computerworld, network & internet, posted 8 May 2003, viewed 13 June 2009, <http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=81041>.

Truste n.d., Advancing Privacy and Trust for a Networked World, mission statement, viewed 13 June 2009, <http://www.truste.org/>.

VeriSign n.d., Products and Services, Verisign Inc., viewed 13 June 2009, <http://www.verisign.com/products-services/index.html>.