E-commerce security
The security of card transactions is critical to public confidence. You should have some words on your site explaining how you’re protecting your customers’ interests. If you invest in online payment processing, you never need handle confidential credit card data because the payment authorisation takes place between customer and payment processor.
However, if you take orders online for offline payment processing you must be aware of the security risks. Fears that a customer’s credit card details might be stolen en route from Web browser to merchant site are a red herring.
All information, an order for example, carried on the Internet is divided into many small packets of data which may or may not travel sequentially and may even use different routes to the destination. It is extremely unlikely that anyone would succeed (or even attempt), to garner individual transactions by monitoring traffic.
Additionally, all electronic transactions should be protected by encryption, scrambling the data so that it can only be deciphered by authorised systems. Secure Socket Layers (SSL) has become the de facto standard for encryption. SSL produces the padlock or key symbol in the status line of browsers, indicating that the current operation is being made over a secure connection. But, SSL only encrypts data in transit from customer browser to merchant Web site and decrypts the data upon arrival at the Web server or other server to which it is redirected for storage or online transmission. Since multiple orders are likely to be aggregated at these points this does constitute an attraction to fraudsters and a security risk.
Encryption worries
The risk doesn’t disappear once the data arrives at your system. Gene Spafford, the author of several definitive works on Internet and e-commerce security, says, "Using encryption on the Internet is the equivalent of arranging an armoured car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."
Physical theft from systems is not the only risk. Data can be lost through hardware failure, software errors, virus attacks, or human error. If you don’t have an up-to-date backup your entire business could be in big trouble.
