|
Security Survey Objectives:
- First, investigate electronic applications and technologies currently being used on the Internet.
- Second, investigate security threats most worrying for firms in different industries and why.
- Third, investigate current security policies and security measures to formulate recommendations for future electronic commerce.
By 1997 most companies had or were planning to introduce electronic commerce initiatives, but there was little concern with security..
Indeed this survey revealed that 52% of respondents felt that it is possible to have secure transactions over the Internet and 49% believe that Internet based transactions are as secure as telephone based transactions. (click on fig.1) Previous surveys reported security to be the major reason why firms were not engaging in E-commerce.
Just over half the respondents felt that telephone based transactions are as secure as transactions via the Internet. A typical purchase transaction could be
a person booking tickets to the opera or... more appealing to the would be attacker...a manager of a small business transferring money between accounts.
In such transactions, important customer information e.g. account number and verification/access details (access codes, maiden name, place of birth, date of birth etc.) will be exchanged between the customer and merchant or bank.
However, the latest encryption technologies can frustrate would be Network sniffers, rendering intercepted data packets unreadable and allowing safe and
secure Internet transactions. The author therefore supports the view that Internet based transactions are as secure as telephone.
Ultimately, in the cases of all credit card transactions, the customer has to trust the merchant's personnel not to illegally use their sensitive information. This being the case, why are consumers and businesses more concerned about conducting credit card transactions over the Internet, compared to the telephone and point-of-sale systems? Douglas Shoupp, Vice President, Product Development, NetDox, Inc., speaking at Progress Software's recent NetGain conference in Boston Massachusetts, gives his opinion:
"The general [consumer] paranoia about security on the Internet is this lack of physical representation - the inability to reach out and touch someone
and talk to somebody face-to-face. If you buy a product via the Internet and it doesn't ship in two days like you were expecting, who do you call?"
The author suspects that the majority of people do not have adequate knowledge regarding security protocols and encryption algorithms, which allow safe and
secure electronic transmission. The results of this Survey support this. (click on fig. 2)
Many experts say that it is currently possible to have secure transactions over the net, that the latest encryption technologies and security protocols allow
for this. However, standards are not yet in place for companies to conduct guaranteed business-to-business or business-to-customer transactions. Current security protocols such as SSL and S/MIME do not permit non-repudiation of data, which is required if firms seriously want to conduct business over the net. However, the arrival of SET using smartcard technology will transform Internet business and commerce as a whole. (see fig.3) SEToffers a solution to the major secure transactions requirements, namely data integrity, user authentication and non-repudiation of data.SET also involves the appliance of third party trust relationships to the Internet. For more information on SET click link or the ‘SET Summary’ button.
Many Information Technology Managers are making decisions on security issues without adequate knowledge of the technologies involved. Greater research
should be undertaken by IT managers so that they can make sound security versus usability judgments. Resources available on the Internet are research and specialist magazines which focus on networks and electronic
commerce--e.g. LAN Times and Internet Business. Fig.5 shows the main sources of reference used by survey respondents.
Turn to Page 2 ©1998 Colin Germain, updated 2000 MediaGraphics (TM)
|
