Ecommerce and Payments
Electronic Transactions on the Internet are becoming commonplace. Books, software, groceries and most other things can be bought and sold with the click of a button. There are various standards around security and secure transactions.
The Internet, by it's nature, is an open system which means that information can flow freely from one computer to the next. Information transmitted through the Internet can be intercepted and copied at any point along the path. For this reason it is not a good idea to send confidential information like credit card numbers through the Internet the same way you might send a photo to a friend. In order to send confidential information you must be sure that your private information cannot be intercepted along the way.
The most common method is Transport Layer Security (SSL). A transaction computer with an order form for the product that you wish to purchase creates a secure connection which ensures that all the information that you send to it is not accessible to anyone else. If information from a secure connection is intercepted it has been encrypted making it useless to persons with malicious intent.
To setup a secure server the company must obtain a security certificate from an authorized security company or certified authority (CA). That certificate is then installed on a server and linked to a website using a dedicated IP (internet protocol) address.
Some browsers will warn you if you go to a page that is not secure. Small companies, organizations and personal website may not have a reason to purchase a commercial security certificate but will need one to avoid the warning. A non-profit CA offers free Let's Encrypt security security certificates.
To find out if your transaction is secure look for a lock icon in the top left corner of your browser (). This lock indicates that the company running the website has established a secure server and that information transferred between your computer and theirs is secure. Also the web address will begin with https:// rather than http://.
Most businesses will not find it economical to setup and maintain their own secure server and can purchase a service from third parties which offers secure transaction service. These services vary but all require a fee and/or some form of payment for transactions performed on their secure server. This payment can involve a monthly fee, a transaction fee, a percentage of the transaction, a credit card company fee or a combination of these fees.
The merchant can uses their merchant agreement with the credit card company to complete transactions, process refunds and verify the validity of the customers' credit card information. Most banks and financial institutions, as well as most large companies provide a way for their customers to pay their bills, check their account status and other online services using a secure connection.
This marks the end of the section on the Internet.
Last updated: March 4, 2021