Saturday, January 19, 2008

E-Commerce Security

Securities: There are several areas of security that are in extreme need of attention. Any company that obtains and retains personal information is liable for that information. This being said, there are certain protocols to follow to ensure that the information provided is kept safe. Personal Information Collection. Let s look at an E-commerce Store environment. Whether you are a multi-million dollar operation, or simply a small specialty E-commerce store, you are responsible for the information that is collected from your various shoppers. Anytime information is collected, security becomes a significant factor. The Internet is not a safe place. Data is sent back and forth through various servers through which personal and non-personal information is housed. The problem with data transfer is the ability to intercept and record that data that is moving from server a to server b. Hackers have the ability to intercept and use that information, such as credit card numbers and expiry dates, to falsely do transactions. Now that being said, there is technology out there that can eliminate this serious threat. SSL - The encryption of data passed through server’s means that anyone illegally intercepting data transfers will not have the ability to read whatever data is contained there within. This is an especially important tool for any E-commerce operations. You must use SSL technologies to ensure that your consumer data is protected from fraudulent activity. Shopping Cart Technologies The shopping cart built with ASP technology is secure enough that the average user will feel safe using the systems. One of the features for keeping the site secure is identifying users through credentials typed into a login form. This system will automatically display a login from an unauthenticated user accessing a protected portion of the site. OPT-in/out Procedures Having both opt-in and opt-out measures will allow customers choose whether they want to receive various sales and advertising emails throughout the year. Some customers want the option of not receiving emails because they view them as spam. But others want to be kept up-to-date about sales and different advertisements so they can shop during those times. Another technique that can be used is a double opt-in method. Customers will get an email verifying that they have signed up to receive emails from the organization. At the end of every email will be an opt-out/unsubscribe link if the customer does not wish to receive anymore emails. This will automatically remove them from the emailing system but keep the email on file for future reference. Maintaining Privacy Your Implied Consent In some cases, your consent is implied if we ask you to provide personal information with a stated purpose. For example, we can only deliver the product you have purchased if you provide us with your address and phone number. Your Express Consent In other cases, we will ask you to give your express consent to use your personal information to advise you of products or services that may be of interest. You always have the opportunity to opt out of having your information used for this purpose. For example, when you subscribe to the Future Flash newsletter, we will also ask for your express consent to send you promotional information. Withdrawing Your Consent If you have opted in or subscribed to one of our newsletters or mailing lists, we will always provide you the opportunity to opt out or unsubscribe. For example, each e-mail we send you will tell you how to decline further e-mail.” Transaction Security This is one of the most important aspects for businesses operating online. There are always stories in the news about credit card numbers being collected by individuals online. To combat this, all transactions will go through a secure transaction line, provided through the company’s financial institution. All processes are handled by the bank, ensuring a highly secure line that will instill customers with trust. Transaction Cancellations Customers will have the options for canceling transactions within a predetermined amount of time. This enables the customer to have a grace period, or ‘cooling-off’ period, the equivalent to a retail stores grace period for returns. This will also ensure that the actual customers are making the purchases, and not a customer using pirated information. Information Divulgence What staff have the ability to view what information and for what purpose. Disclosure of Information To full-fill orders and ship orders, information collected from users may be needed by service providers to complete transactions. In this event, only information needed to complete the sale and or delivery of the purchased products will be disclosed to any service provider. Alex Simms is a content writer for Avalon Studios, a Web Design and Development firm working with small businesses.

No comments: