e-commerce

11/18/2021
Unit-3

Maze Runner
[COMPANY NAME]
Types of Payment Methods for ECommerce
Credit/Debit card payments:
Payments via cards are one of the most widely used and popular methods
not only in India but on the international level.

As a global payment solution, by enabling payment acceptance via cards

merchants can reach out to an international market.

Credit cards are simple to use and secure. The customer just has to enter
the card number, expiry date, and CVV, which has been introduced as a
precautionary measure. The CVV helps detect fraud by comparing
customer details and the CVV number.

Coming to debit cards, they can be considered the next popular method for
eCommerce payments.

Debit cards are usually preferred by customers who shop online within their
financial limits. The main difference between credit and debit card is with a
debit card one can only pay with the money that is already in the bank
account, whereas in the case of a credit card, the spent amount is billed,
and payments are made at the end of the billing period.

Prepaid card payments:

As an alternative for credit/debit cards, prepaid cards are introduced.

They usually come in different stored values and the customer has to
choose from them. Prepaid cards have virtual currency stored in them.
Though the adoption rate of prepaid cards is low, they are gradually
becoming popular for certain niche categories.

Bank transfers:
Though not popular nowadays but still bank transfer is considered as an
essential payment method for eCommerce.

It is considered as ‘if all else fails’ kind of payment method. Some of the
eCommerce stores are also keen on using bank transfer payment options.
Customers enrolled in internet banking can do bank transfers for their
online purchases. Bank transfer is the most secure method as the
transactions need to be approved and authenticated by the customers.

It is a simple way of paying for online purchases and does not require the
customer to have a card for payment purposes

E-Wallets:
E-wallet is one of the upcoming trends which gives a new shopping
experience altogether. The use of e-wallets is becoming popular at an
alarming rate.

E-Wallets require a sign up from merchants as well as customers. After

creating an e-wallet account and linking it to the bank account they can
withdraw or deposit funds.

The whole procedure with an e-wallet is easy and fast. Considered as an

advanced and instant digital payment method, e-wallets can be integrated
with mobile wallets using advanced functionalities like NFC.

Prepaid e-wallet accounts store customer information and multiple credit/

debit cards and bank accounts. It needs one-time registration and
eliminates the need for re-entering information every time while making
payments.

Cash:
Let’s face it, in India cash is the king. For eCommerce, it comes in the form
of the cash-on-delivery option.

Cash is often used for physical goods and cash-on-delivery transactions. It

does come with several risks, such as no guarantee of an actual sale
during delivery, and theft. Though nowadays, cash on delivery does not
necessarily mean customers pay with cash (they can use cards, mobile
payments as payment terminals are often available with delivery agents),
missing out on this is a strict NO.

Mobile payments:
Payment acceptance was no exception for mobile penetration.
 This digital payment solution offers a quick solution for customers. To set
up a mobile payment method, the customer just has to download software
and link it to the credit card.

As eCommerce is becoming mobile mainstreamed, customers are finding it

more convenient to use mobile payment options.

Cryptocurrencies:
Though not popular yet, cryptocurrencies are rapidly but surely gaining a
spot as a favorable payment method, particularly with genZ.

Comparison of Electronic Payment System

with Traditional Payment System:-
Compared with tradition payment systems, e-payment has the following
features:-

1. E-payment introduces digital circulation to realize information

transmission, so all means of e-payment are digitalized. But, traditional
payment is realized through physical circulation such as cash circulation, bill
transfer and bank exchange.
2. The working environment of e-payment is based on an open system
platform i.e. internet, while the traditional payment is operated in a relatively
closed system.
3. E-payment uses most advanced communication means, such as the
internet and extranet. Whereas, traditional payment uses traditional
communication media.
4. E-payment has a very high requirement for both hardware and software
facilities, generally including online terminals, relevant software and some
other supporting facilities, while traditional payment does not have such a
high requirement.
5. E-payment enjoys advantages for it is convenient, fast, efficient and
economic. As long as the user has a computer connecting to the internet, he
will be able to stay indoors and complete the whole payment within a very
short time. The cost is even less than one percent of that of the traditional
way.

Traditional Versus Modern Payment Methods

For most reading this, you can probably count on one hand the number of

paradigm changing events we’ve lived through. The advent of the internet

would be one. Though the technology may be a bit older than some know, the

major initial technological advancements came in the 1990’s and the 2000’s,

changing our collective lives forever.

Another life-altering advancement came with the quick ubiquity of mobile

devices. Roughly half the world’s population now have powerful pocket

computers, instantly connecting the world’s information, people, and services.

An ecosystem was created, a fertile ground for the breakthrough we are

experiencing now. The one pushed aside as a tech fad. The one only computer

nerds knew anything about. The one insiders have been talking about and

dealing in. Cryptocurrencies. The mysterious, shady, dirty money being passed

around on the darker side of the interwebs.

Despite lacking a proven track record, cryptocurrencies promise to be the

future of money (or at least a viable alternative). Just as the internet radically

changed the way information is generated and shared, cryptocurrencies have

good claim to be the next step in the evolution of currency.

A Moment in (Not So) Ancient History or “That’s so 90’s”

Remember going to libraries to read or research? To read the latest novel,

thick texts on some foreign country, or pour through dusty architectural

journals to gain insight on design or schematics. Remember phone books,

indexing for a local business’ phone number, or even that of your best friend?
Recall going to a store to check prices for the newest models of shoes or CD

players, going to the movie rental shop or…

Remember also, the epiphanic realization these tasks could be accomplished

at home on a computer, through the internet, in your underwear. You could

buy, watch, read, learn just about anything you could think of. That moment

was exhilarating, a mind-expanding experience with technology, the shining

beacon of the what could be. Email, Amazon, eBay, Napster, MySpace,

Facebook, Google, Apple— all these wonderful interfaces and uses for the

world wide web.

What Got Left Behind

This update was far-reachng, but missed a few key areas. One of these was the

financial field. Long overdue, cryptocurrencies are now turning upside-down

an industry that has fought to maintain their stranglehold on asset

transactions.

Previously, there was just no way an individual or company could send

currency around without incurring high fees, lag time, and potential security

breaches. But just as the internet gave businesses and people information and

open lines of communication, couldn’t cryptocurrencies allow more fluid value

exchange through the same worldwide networks?

Stuck in the Past

We are familiar with the methods of payment from our youth: cash, checks,

debit cards, and credit cards were the typical ways to pay. If you bounced a
check, overestimated your account balance, deposited your paycheck too late,

or made a late credit card payment, you would face high fees. On the other

hand, when you were waiting for funds to reach your account, the opposite

was true. You were held hostage to bank processing times along with fees. The

imposing middleman, profiteering from what they would call the cost of

business. You were at the will of the bank, lender, institution.

This still is true as of late 2019. If you need to pay a bill or another kind of

payment and you live in a developed country, you can probably do it online. It

takes a few days for your payment to clear. If you aren’t lucky, you have to mail

a check or go to a physical location to make a payment. This takes time; more

time than it should. If you want to send a relative or friend some money, you

can mail a check or cash, make a bank or wire transfer, or meet the person.

This takes time. A smart device should easily and confidently be able to settle

these issues in mere seconds.

As a merchant, you have your own set of issues with the system as it stands. If

customers pay you in any form other than cash, your are waiting for days if not

more than a month to receive your money. Chargebacks, merchant fees and

penalties, and fraud are also leaks in your ship. On top of all this, the

convenience comes at a high cost. Though these costs can mostly be explained

and justified, they are symptomatic of the bigger picture: an outdated

infrastructure.

We’ve waited long enough to have easy low-cost access to doing business with

enterprises or individuals, just as email has done for mail, and the internet has

done for information. Blockchain technology coupled with the number of

smart phones worldwide now makes it feasible for the rise of a new era in

money.

Where We’re Going

With modern digital assets, we give ourselves freedom of space, time, and a

large part of the middlemen involved with money transactions. Once set up

with an ewallet or cryptocurrency wallet, we can start making and receiving

payments to and from companies and other individuals. Depending on the

blockchain your currency or wallet is associated with, transactions could take

anywhere from 3 seconds to a few minutes. The costs could range from a few

pennies to a few dollars USD, depending on the amount transferred.

For the unscrupulous characters electronic transfers would inevitably attract,

the inherent nature of blockchain security would thwart even the most

tenacious. Each blockchain has a different protocol, or set of guiding

principles, for how it works. Each blockchain has its merits and faults in its

functions and security. For financial transactions, the Stellar blockchain is

ideal because it was created specifically to handle currencies and exchanges.

CQ was developed to help clients make the transition, to bridge the gap,

between the past and the cryptocurrency and digital asset future. We

understand merchants may not feel comfortable in this new space. Our rates

are based on monthly transaction volume, but is capped at a mere 1%.

Transactions settle in seconds. Our easy-to-use platform makes it simple to

create a new standard to move money. To find out more, visit our FAQ page or

our how-to page.

Final Thoughts

There are still obstacles to overcome when it comes to widespread adoption

and use of cryptocurrencies. Government over-regulation, impracticality, poor

perception, price instability, technological blindspots, among many other

pitfalls could all pose as dealbreakers for cryptocurrency adoption. But if these

are overcome, and the public can learn of the possibilities of cryptocurrencies,

then we are witness to the birth of the future of money. COINQVEST is here to

help you get there.

What is eCash?

In providing a simple definition of eCash, also known as electronic cash, it is

a digital money product that provides a way to pay for products and
services without resorting to paper or coin currency. Two models emerged
for e-cash transactions:

 The online form of eCash, which was introduced by the now

defunct DigiCash, worked for all types of Internet transactions.
 The offline form of e-cash involved a digitally encoded card that
replaced paper money. Mondex developed and tested this model
with different banks, but the company has now transitioned into
the development and management of smart cards also used for
financial transactions.

A Historical Context for eCash Development

eCash is an evolutionary product that has its roots in other payment

concepts. Others have noted that checks were essentially the same idea
because they have involved stating that an amount will be taken from one
account and then placed in another.

During this process, no currency is actually transferred. Instead, banks take

care of changing the amounts in both accounts to reflect the transaction.
eCash removes the bank from the payment equation but essentially does
the exact same thing as a check.
How eCash Works

An eCash user will download the electronic money from their bank account
and store this on their hard drive. When they are ready to use the electronic
cash to pay an Internet merchant or shareware provider, the same software
is then used to take the amount from their eCash “wallet” and add it to the
merchant’s “wallet.”

The e-cash goes through an e-cash bank so that the transaction can be

verified. The merchant or shareware provider can then choose to pay their
expenses with this eCashor upload it to a traditional bank account for use
later. Transactions do not incur a fee except for a small amount charged by
the e-cash company. This makes it ideal for smaller online transactions than
any other payment method.

The Benefits of Using eCash

eCash solves some issues that developed from trying to conduct

transactions across the Internet. As more discussions have emerged about
paying for content on the Internet, being charged to visit a website, or
agreeing to pay a download fee, there was no viable solution in place to
cover such small transaction amounts. Using a credit card for a ten or
twenty-five cent transaction was just not fiscally smart for businesses given
the processing fees attached to these transactions.

Another issue that emerged was that shareware providers rarely got paid
for what they offered because there was no viable way to do so unless they
wanted to receive an offline monetary payment. eCash became a solution
that was not only address this new type of transaction, but it was also
cheap, secure, and private.

eCash also responds to the globalization of the economy. Now that

companies and freelancers are doing business with others all over the
world, eCash has provided a way to receive or send any type of currency
desired.

Last, eCash also has linked offline and online payments together through
the introduction of smart card technology. Money can be loaded onto
these cards and then moved to other smart cards or electronic “wallets.”
While previously smart card technology was just used for phone calls, the
world is now using smart card technology for all types of transactions.

Changing Financial Transactions Forever

It’s clear the world of financial transactions has changed forever since the
advent of eCash. Checks and paper money could be eventually replaced
with completely digital payments. This will also alter how banks and other
financial intermediaries are involved, delegating them to a much smaller
role as just a storehouse for money, a processor and verifier, and a lender.
The personal relationship with a bank will also fall by the wayside as more
people turn to their computers, tablets, and smartphones for all their
transaction needs.

How e-payment system works?

Entities involved in an online payment system
The merchant
The customer / the cardholder
The issuing bank
The acquirer
Payment Processor
Payment Gateway

Working of e-payments can be explained in the following three steps,

Payment initiation – Customer finalizes the product/service and chooses the

payment method to initiate the transaction.

Depending on the payment method, the customer enters the required

information like card number, CVV, personal details, expiration date, PIN,
etc.

The chosen payment method either redirects the customer to an external

payment page or a bank’s payment page to continue the payment process.

Payment authentication – The information submitted by the customer along

with other details like payment information, customer’s account information
is authenticated by the operator.
The operator can be a payment gateway or any other solution involved. If
everything gets authenticated positively, the operator reports a successful
transaction.

On the contrary, if there is any problem with any of the authentication

checks, the transaction fails.

After the successful transaction, the customer gets a payment confirmation.

Payment settlement – After the successful authentication process, payment

from the customer’s bank gets transferred into the merchant’s account by
the online payment service provider.

Payment security
Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised.
Following are the essential requirements for safe e-payments/transactions −
 Confidentiality − Information should not be accessible to an unauthorized
person. It should not be intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over the
network.
 Availability − Information should be available wherever and whenever
required within a time limit specified.
 Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
 Non-Repudiability − It is the protection against the denial of order or denial
of payment. Once a sender sends a message, the sender should not be able
to deny sending the message. Similarly, the recipient of message should not
be able to deny the receipt.
 Encryption − Information should be encrypted and decrypted only by an
authorized user.
 Auditability − Data should be recorded in such a way that it can be audited
for integrity requirements.

Measures to ensure Security

Major security measures are following −
 Encryption − It is a very effective and practical way to safeguard the data
being transmitted over the network. Sender of the information encrypts the
 data using a secret code and only the specified receiver can decrypt the data
using the same or a different secret code.
 Digital Signature − Digital signature ensures the authenticity of the
information. A digital signature is an e-signature authenticated through
encryption and password.
 Security Certificates − Security certificate is a unique digital id used to verify
the identity of an individual website or user.

Security Protocols in Internet

We will discuss here some of the popular protocols used over the internet to ensure
secured online transactions.

Secure Socket Layer (SSL)

It is the most commonly used protocol and is widely used across the industry. It
meets following security requirements −

 Authentication
 Encryption
 Integrity
 Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for
HTTP urls without SSL.

Secure Hypertext Transfer Protocol (SHTTP)

SHTTP extends the HTTP internet protocol with public key encryption,
authentication, and digital signature over the internet. Secure HTTP supports
multiple security mechanism, providing security to the end-users. SHTTP works by
negotiating encryption scheme types used between the client and the server.

Secure Electronic Transaction

It is a secure protocol developed by MasterCard and Visa in collaboration.
Theoretically, it is the best security protocol. It has the following components −
 Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.
 Merchant Software − This software helps merchants to communicate with
potential customers and financial institutions in a secure manner.
 Payment Gateway Server Software − Payment gateway provides automatic
and standard payment process. It supports the process for merchant's
certificate request.
  Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and to
enable them to register their account agreements for secure electronic
commerce.

What is eCommerce or electronic commerce

security?
eCommerce security is the guidelines that ensure safe transaction through
the internet. It consists of protocols that safeguard people who engage in
online selling and buying of goods and services. You need to gain your
customers’ trust by putting in place eCommerce security basics. Such basics
include:

 Privacy
 Integrity
 Authentication
 Non-repudiation

1. Privacy

Privacy includes preventing any activity that will lead to the sharing of
customers’ data with unauthorized third parties. Apart from the online seller
that a customer has chosen, no one else should access their personal
information and account details.

A breach of confidentiality occurs when sellers let others have access to

such information. An online business should put in place at least a
necessary minimum of anti-virus, firewall, encryption, and other data
protection. It will go a long way in protecting credit card and bank details of
clients.

2. Integrity

Integrity is another crucial concept of eCommerce Security. It means

ensuring that any information that customers have shared online remains
unaltered. The principle states that the online business is utilizing the
customers’ information as given, without changing anything. Altering any
part of the data causes the buyer to lose confidence in the security and
integrity of the online enterprise.
3. Authentication

The principle of authentication in eCommerce security requires that both the

seller and the buyer should be real. They should be who they say they are.
The business should prove that it is real, deals with genuine items or
services, and delivers what it promises. The clients should also give their
proof of identity to make the seller feel secure about the online transactions.
It is possible to ensure authentication and identification. If you are unable to
do so, hiring an expert will help a lot. Among the standard solutions include
client logins information and credit card PINs.

4. Non-repudiation

Repudiation means denial. Therefore, non-repudiation is a legal principle

that instructs players not to deny their actions in a transaction. The business
and the buyer should follow through on the transaction part that they
initiated. eCommerce can feel less safe since it occurs in cyberspace with no
live video. Non-repudiation gives eCommerce security another layer. It
confirms that the communication that occurred between the two players
indeed reached the recipients. Therefore, a party in that particular
transaction cannot deny a signature, email, or a purchase.

Presentation on theme: "Cryptography in E-

CommercePresentation transcript:
Basic Concepts 
Brief IntroductionThe word “cryptography” derives from the Greek word for
“secrete writing”.Cryptography is the science of communication over untrusted
communication channels.Historically, cryptography has been associated with
spies, governments, military, and has been used in warfare for thousands of
years.Over the past 50 years, cryptography has acquired a sound
mathematical foundation, and has moved from military application to
commercial applications.This lecture attempts to give an overview of this
broad and specialized topic.CSI 5389

 A Motivating Example
Consider an e-commerce scenario where Alice, a purchasing agent, wants to
order some products from Bob, her supplier.Requirements for the
transaction:Alice wants to be sure that she is really dealing with Bob and not
an impostor (authentication).Bob wants to know that Alice is really Alice and
not an impostor (authentication), because Alice gets special prices as
negotiated.Alice wants to keep the order secret from her competitors; and Bob
does not want other customers to see Alice’s special prices (privacy).Alice and
Bob both want to be sure that crackers cannot change the price or quantity
(integrity).Bob wants to ensure that Alice cannot later claim that she did not
place the order (non-repudiation).CSI 5389

General Requirements
 

Authentication: The sender knows that the message is going to the intended
recipient; and the recipient knows that the message was sent by the proper
sender.Privacy: The message is secret: only the sender and the intended
recipient know its contents.Integrity: The message was not modified
(intentionally or accidentally) while in transit.Non-repudiation: The author of
the message cannot later deny having sent the message.Cryptographic
techniques can be used to satisfy the above requirements.CSI 5389

How Does It Work?

An ordinary message (the plaintext) is processed by an encryption algorithm
to produce a scrambled message (the ciphertext).The receiver then uses a
matching decryption algorithm to recover the plaintext from the
ciphertext.There would be no security if these algorithms were known to
everyone.Hence, there is an additional piece of input data called a key.The
key is secret, even though many people may know the algorithms.The idea is
the same as that of combination locks: Many people may use locks with the
same design, but each one chooses a different combination (i.e., a different
key).CSI 5389

Two Basic Types Secret-key (or symmetric)

cryptography:
Both encryption and decryption operations use the same key.Secret-key
systems have been around for many hundreds of years.Public-key (or
asymmetric) cryptography:Public-key systems use different keys for the
encryption and decryption operations.One key can be made public while the
other key is kept secret (and is called private key).Recent invention (dating
from mid 1970s).Can grow more easily to worldwide scale and more easily
permit unaffiliated persons to communicate securely.Can be used to provide
digital signatures (to be discussed more later).CSI 5389.

All about hacking attacks in ecommerce

Ecommerce companies are at risk of being attacked 24/7. And this situation is never
going to get better, so do what you can, to protect your business! Learn more from the
new blogpost.
Ecommerce industry is the most prone to hacking attacks because of many factors:
low level of security measures in companies, large amounts of data that can be stolen
and direct connections of e-commerce sites with payment services. Let’s analyze the
worst threats and talk about how to avoid them!

Hacker attacks are common in e commerce. How can you protect yourself? We spend
a lot of time discussing the risks related to the governmental invigilation, privacy
breaches, and fintech problems, yet somehow forget the very common issue of e-
commerce industry security. Actually, the same problems affect all services that take
part in any kind of money flow. What can a typical e-commerce service owner do to
avoid the risk?

This article is going to focus on describing the most common types of dangers that
affect e-commerce businesses. In order to learn how to secure yourself, read
our interview with TestArmy’s Head of Security.

Online thieves (later related to as hackers) rarely work solely for fun. They rather
focus on building complex enterprises and in every enterprise time is the most
important value. Thus, the try to optimize their operations. It leads to looking for
victims, who have high value and are not protected well enough. Hackers look for
targets that will allow them to make big money as fast as possible and with the least
possible effort. This is why the best target for them are e-commerce services.

Internet shops create and keep their customer base mostly thanks to their reputation,
so it may also be an obvious reason for an attack. By taking over a company’s
infrastructure, a hacker can blackmail its owners by threatening to disclose the
information about the break-in. It would obviously lead to losing the customers’ trust
and compromising the enterprise’s reputation. Such attacks happen in all kinds of
industries, not only in e-commerce. In 2017 Uber tried to bribe hackers in order to
stop them from publishing the information about their “success”. After all, the
information was disclosed and Uber had to pay high fines. Many of Uber’s board
members were forced to leave the company.

This risk does not only concern large companies – they can usually afford to survive
the difficult period just after the attack and data leak. The emerging businesses, on the
other hand, those without a strong and global brand, can be literally ruined by a
sabotage. We had a chance to observe attacks on companies of all sizes, both huge
corporations, such as Acer, Sony and eBay and small ones that went bankrupt,
because couldn’t survive the loses generated by just one single attack.

What is it that hackers keep searching for in the e commerce industry?

It all comes down to the attackers’ creativity and who gains access to the systems.
Quite often automated hacking bots, which
do not care about a particular company’s profile, and just encrypt HDDs right away in
order to execute ransomware attacks.

Precise and carefully planned attacks that are aimed at particular targets also happen,
their goal, however, is to extract data or steal tangible resources.

Data that can be stolen and used for further attacks

E commerce businesses usually own huge databases full of information about all of
their customers. They not only possess our personal details, but also credit cards data,
shopping history and other metadata, such as information regarding operating systems
and browsers that their customers use. Such information is priceless for hackers
because they make targeted attacks much easier. Knowing what type of software a
victim uses it is much easier to prepare successful attacks and exploits.

Payment redirection

Being able to modify an operating application’s source code, hackers can redirect the
users to maleficent services and make a percent of transferred money go to the
thieves’ accounts. Sometimes hackers perform small code injections that are meant to
substitute the original payment forms and the whole process goes without any
violations, but this code sends the credit card/bank details to the hackers. Then, they
can use it on their own or sell it to other thieves (so-called carders) who specialize in
credit card frauds.

Attacks on infrastructure and access monetization

By accessing the computer infrastructure of a company, it is easy to deal serious
damage both to the company and its customers. People tend to forget that security is
not only a matter of data leaks but also everything related to system’s accessibility
(so-called CIA Triad). Attackers who manage to immobilize the infrastructure and
make it unable of taking orders can expose it to losses potentially more devastating,
than the attack itself.

More on what hackers want to do to your business and what to do to protect your
business soon. Meanwhile, you can learn the most important lessons from Dawid’s
podcast, available on TestArmy YouTube Channel.

Secure Electronic Transaction :

What Is Secure Electronic Transaction (SET)?
Secure electronic transaction (SET) was an early communications protocol
used by e-commerce websites to secure electronic debit and credit card
payments. Secure electronic transaction was used to facilitate the secure
transmission of consumer card information via electronic portals on the
internet. Secure electronic transaction protocols were responsible for blocking
out the personal details of card information, thus preventing merchants,
hackers, and electronic thieves from accessing consumer information.

Understanding Secure Electronic Transaction (SET)

Secure electronic transaction protocols were supported by most of the major
providers of electronic transactions, such as Visa and MasterCard. These protocols
allowed merchants to verify their customers' card information without actually seeing
it, thus protecting the customer. The information on the cards was transferred
directly to the credit card company for verification.

The process of secure electronic transactions used digital certificates that were
assigned to provide electronic access to funds, whether it was a credit line or bank
account. Every time a purchase was made electronically, an encrypted digital
certificate was generated for participants in the transaction–the customer, merchant,
and financial institution–along with matching digital keys that allowed them to
confirm the certificates of the other party and verify the transaction. The algorithms
used would ensure that only a party with the corresponding digital key would be
able to confirm the transaction. As a result, a consumer’s credit card or bank
account information could be used to complete the transaction without revealing any
of their personal details, such as their account numbers. Secure electronic
transactions were meant to be a form of security against account theft, hacking, and
other criminal actions.

History of Secure Electronic Transactions

The development of secure electronic transaction protocols were a response to the
emergence and growth of e-commerce transactions, especially consumer-driven
purchases over the internet. Conducting business online was a new phenomenon in
the mid-1990s. Similarly, the security available to protect these transactions was still
developing and was effective in varying degrees. The protocols defined by the
secure electronic transaction standards allowed for online payment systems to be
used by retailers and financial institutions because they had the appropriate
software to decrypt and process digital transactions properly. In 1996, the SET
Consortium–a group that consisted of VISA and Mastercard in cooperation with
GTE, IBM, Microsoft, Netscape, SAIC, Terisa Systems, RSA, and VeriSign–
established the goal of combining incompatible security protocols (STT from Visa
and Microsoft; SEPP from Mastercard and IBM) into a single standard

What is SSL?
SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was
first developed by Netscape in 1995 for the purpose of ensuring privacy,
authentication, and data integrity in Internet communications. SSL is the predecessor
to the modern TLS encryption used today.
A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."

How does SSL/TLS work?

 In order to provide a high degree of privacy, SSL encrypts data that is

transmitted across the web. This means that anyone who tries to intercept
this data will only see a garbled mix of characters that is nearly impossible
to decrypt.

 SSL initiates an authentication process called a handshake between two

communicating devices to ensure that both devices are really who they
claim to be.

 SSL also digitally signs data in order to provide data integrity, verifying

that the data is not tampered with before reaching its intended recipient.

There have been several iterations of SSL, each more secure than the last. In 1999 SSL
was updated to become TLS.

Why is SSL/TLS important?

Originally, data on the Web was transmitted in plaintext that anyone could read if
they intercepted the message. For example, if a consumer visited a shopping website,
placed an order, and entered their credit card number on the website, that credit
card number would travel across the Internet unconcealed.

SSL was created to correct this problem and protect user privacy. By encrypting any
data that goes between a user and a web server, SSL ensures that anyone who
intercepts the data can only see a scrambled mess of characters. The consumer's
credit card number is now safe, only visible to the shopping website where they
entered it.

SSL also stops certain kinds of cyber attacks: It authenticates web servers, which is
important because attackers will often try to set up fake websites to trick users and
steal data. It also prevents attackers from tampering with data in transit, like a
tamper-proof seal on a medicine container.
Is SSL still up to date?

SSL has not been updated since SSL 3.0 in 1996 and is now considered to be
deprecated. There are several known vulnerabilities in the SSL protocol, and security
experts recommend discontinuing its use. In fact, most modern web browsers no
longer support SSL at all.

TLS is the up-to-date encryption protocol that is still being implemented online, even
though many people still refer to it as "SSL encryption." This can be a source of
confusion for someone shopping for security solutions. The truth is that any vendor
offering "SSL" these days is almost certainly providing TLS protection, which has
been an industry standard for over 20 years. But since many folks are still searching
for "SSL protection," the term is still featured prominently on many product pages.

What is an SSL certificate?

SSL can only be implemented by websites that have an SSL certificate (technically a
"TLS certificate"). An SSL certificate is like an ID card or a badge that proves someone
is who they say they are. SSL certificates are stored and displayed on the Web by a
website's or application's server.

One of the most important pieces of information in an SSL certificate is the website's
public key. The public key makes encryption possible. A user's device views the
public key and uses it to establish secure encryption keys with the web server.
Meanwhile the web server also has a private key that is kept secret; the private key
decrypts data encrypted with the public key.

Certificate authorities (CA) are responsible for issuing SSL certificates.

What are the types of SSL certificates?

There are several different types of SSL certificates. One certificate can apply to a
single website or several websites, depending on the type:

 Single-domain: A single-domain SSL certificate applies to only one

domain (a "domain" is the name of a website, like www.cloudflare.com).

 Wildcard: Like a single-domain certificate, a wildcard SSL certificate

applies to only one domain. However, it also includes that domain's
subdomains. For example, a wildcard certificate could cover
 www.cloudflare.com, blog.cloudflare.com, and developers.cloudflare.com,
while a single-domain certificate could only cover the first.

 Multi-domain: As the name indicates, multi-domain SSL certificates can

apply to multiple unrelated domains.

SSL certificates also come with different validation levels. A validation level is like a
background check, and the level changes depending on the thoroughness of the
check.

 Domain Validation: This is the least-stringent level of validation, and the

cheapest. All a business has to do is prove they control the domain.

 Organization Validation: This is a more hands-on process: The CA directly

contacts the person or business requesting the certificate. These
certificates are more trustworthy for users.

 Extended Validation: This requires a full background check of an

organization before the SSL certificate can be issued.