|
It
appears that a proper direction in which to move in
attacking the secrecy problem in large military and
commercial communication systems, is to design the
cryptographic provisions as an integral part of the
digital switching system.
- Paul
Baran, On
Distributed Communications, Volume XI, 1964.
|
It
is likely that commercializing the Net would have a
negative effect on its open, free-wheeling nature which
is certainly its charm and possibly its reason for
success. The Net was started on a noncommercial basis
and continues that way to this day; it has grown and
matured in that atmosphere, showing innovation and
growth without the profit motive... If the high-speed
network must be experimented with, why not let the
commercial interests take over that work and leave
unfixed that which is not broken.
-
Lee Hauser; The
Net Works; Amateur Computerist; 1992. |
The Internet is now used for commercial
transactions of all kinds, and is often more convenient,
less expensive, and
more secure than off-line purchases.
In general, buying things on the Internet is as safe as buying
something by any other means. The risk of interception of your
credit card number in transit over the net is low, and almost
impossible when it is properly encrypted.
And once it gets to the destination site it is usually as secure
as with any other business that processes credit card
numbers. There have been few reports of widespread problems
using credit cards with well known, trustworthy sites, although
there have been a disconcerting number of reports of companies
financial databases being hacked with potential disclosure
of previously
recorded transactions.
Of course, never give your credit card number or other personal
information to a site sent to you in spam
email or to a site you don't know anything else about
before searching for independent
information about it.
If you buy a lot of things over the net, you might want to
get a separate credit card for all of your Internet transactions,
which makes it easier to keep track of your virtual finances.
The Secure Electronic Transactions (SET)
standard was widely promoted in the late 1990's as the best
architecture for secure Internet commerce, had the support
of many major industry players, and has influenced the development
of subsequent efforts. A key feature of SET was the hiding
of a buyer's credit card number from the organization they
are buying from, so that a central organization would authenticate
your credit card number, provide the seller with confirmation,
and forward the funds, without revealing personal information
to every online shop and store you wanted to buy something
from. The industry has now implemented many of the SET features
in practice, if not quite as the overarching architecture originally
envisioned, with the financial aspects of many online sales
taking place through large and increasingly trusted online
merchants like Yahoo Stores, Paypal, and others.
Most sites that accept your credit card number also use encryption
with the Secure
Sockets Layer (SSL)
protocol to hide your financial data as it is sent from your
computer to the web server. You can tell when a site is using
SSL when the URL contains the prefix "https:", often with
a picture of a closed lock or key shown on the bottom border
of the browser window. The latest update to SSL is the Transport
Layer Security (TLS)
protocol.
One efficient way to manage your web transactions is described
below:
- Folder. Create a folder called "Transactions".
- Document. Create a document for each web site you perform
a transaction with, named after the site for easy identification,
e.g. "Yahoo.doc".
- Information. For each transaction, enter the following
in the document:
- Date and time of the transaction.
- The item you brought.
- The method of payment - credit card, etc.
- Confirmation number.
Whenever possible, select and copy this information from the confirmation
web page. Otherwise, you can type it or capture the web page as follows:
Mac: Press <Apple><Shift>3,
which will sound like a camera shutter and take a picture of the
screen, usually stored in a file with a name starting with "Picture" in
your hard drive.
PC: Press <Alt><Print Screen>, which copies
the current window into the clipboard, which you can then paste into
the tracking document as a picture.
Unix: Use the built-in window snapshot capability, or a utility like XV.
Resources. Several companies worked on virtual electronic
cash technologies over the years, including Cybercash.com,
Ecashtechnologies.com, Millicent.com, and Mondex.com, although
the rising acceptance of credit card use has largely displaced
their efforts. The following references list work done on Internet
commercial standards:
- RFC
2246; T. Dierks, C. Allen; The TLS Protocol Version
1.0; January 1999
- RFC
2801; D. Burdett; Internet Open Trading Protocol;
April 2000
- RFC
3106; D. Eastlake, T. Goldstein; ECML v1.1: Field
Specifications for E-Commerce; April 2001
- RFC
3506; D. Eastlake; Requirements and Design for
Voucher Trading System; March 2003
- RFC
3538; Y. Kawatsura; Secure Electronic Transaction
(SET) Supplement for the v1.0 Internet Open Trading Protocol
(IOTP); June 2003
- RFC
3867; Y. Kawatsura; M. Hiroya; H. Beykirch; Payment
Application Programmers Interface (API) for v1.0 Internet
Open Trading Protocol (IOTP); November 2004.
