Lesson 1

The primary inhibitor to the adoption of e-commerce has been fears surrounding Web-based e-commerce security. Trust in e-commerce has increased over the years as security technologies and implementation have advanced. Nevertheless, it is still a great concern, especially in the, especially the B2C arena. Even though many strides in security have been accomplished, it behooves personnel involved in e-commerce to understand the basics of e-commerce security technologies, and how to deploy those technologies in various e-commerce scenarios. This module focuses on providing a basic understanding of the essential cryptographic techniques that underpin electronic payment systems.
By the end of this module, you will be able to:

1. Identify symmetric, asymmetric, and one-way encryption schemes
2. Itemize the benefits provided by security implementations such as hashing, message digests, and digital signatures
3. Understand the certificate-related infrastructure
4. Identify the need for secure electronic transactions
5. Identify encryption schemes such symmetric, asymmetric, and one way
6. Describe the methods for authentication and identification
7. Explain the use of certificates

In the next lesson, you will learn about the need for secure electronic transactions.

There are two major approaches to credit card schemes,

1. closed loops and
2. open loops.

In a closed loop system, the issuer and the acquirer are the same organization, they manage both the cardholder and merchant relationships. Examples of closed loop systems include Discover (Novus), American Express, Japan Credit Bank (JCB), and Diner’s Club. In an open loop system, the issuer of a credit card may or may not be the same as the acquiring bank. Because the Visa and Mastercard networks consist of well over 20,000 banks worldwide, there are a tremendous number of possible combinations (4 × 108) of issued cards and acquirer processors for any given charge transaction. For example, a cardholder holding a Visa card issued by Bank A may shop at a merchant who has a merchant account at Bank B. As the charge card is swiped on the merchant’s point of sale (POS) terminal, a charge request is initiated and sent to Bank B (the acquiring bank), which places a charge authorization request on VisaNet. The Visa network then routes the request to Bank A to determine account status and sufficiency of credit for approving a new charge to the account. The response to this authorization request is an authorization response, containing an approve or decline status, along with a code for the merchant to use when the sale is completed (goods are shipped) and the merchant is ready to settle the charges.
SET provides the specifications for request-response message pairs that permits the parties involved to use open networks like the Internet to perform the same work that previously was performed using the private networks that the banks mandated for moving credit card information around. These message pairs offer the same business services that the private-network POS system offers, without the cost of dedicated network links and maintenance.