We are continually hearing about e-commerce, e-business and e-services. Forrester research estimates that in the US alone, $350 billion will be spent on goods and services over the Net by the year 2002.The real thrust for online as well as billing on the Net has happened because of two reasons. One is the access to huge potential customers who can be reached via Web and the second reason is the cost. As per the Forrester research, if you compare the average cost of processing a bill via traditional means ($1.5 per bill) to the average cost of delivering electronically ($0.5 per bill), e-billing becomes an extremely appealing proposition. In theory, business can improve through customer access, reduced costs and maximising profits. Today the talk of the world is e-business applications to meet the B2B and B2C areas. Every day, hundreds of sites are added to the Internet world. Of late, we hear about flight hijacks, but Internet world intrusion has started hijacking browser software on the site. We have probably noticed several times in the news recently about the spoofing of e-mail addresses to hijack domain names. As we do more of our work online, we are increasingly using simple things such as an e-mailaddress to verify the identity.
One of the major challenges for successful operation of e-business applications and infrastructure is to detect intrusions, how to react to them and how to avoid hijacking in Internet world. Being connected to the Web brings it share of challenges that were not apparent in the client-server days when servers rested more securely within corporate walls.
As we go for more sophistication, enterprise-level e-business applications, security becomes very important. Instead of being concerned with simple Web servers and mail servers, we are dealing more and more with distributed systems where Web Servers are connected to application servers and to legacy systems and so forth. We have business to business integration where we are dealing with machine to machine integration. These servers require a level of security that are as high, if not higher than human to machine systems. E-business architectures are getting more complex, and security standards and procedures for these enterprise-wide architectures are of utmost importance.
We talk of big business on the Net, but the great concern on this business is the security aspect. What happens when you scan the credit card number over the Net? Maybe you imagine the numbers go directly to a dank apartment or a restaurant where a team of attenders are donut-fed, or where hackers collect and post them on a secret Web site for no one to see and use?Not likely. Yet using a credit card on the Net is a new concept and consumers need reassurance. So, it is up to the merchants who sell products, technologists who create the tools with power, the commercial site and credit card companies. This is to make sure that Internet credit card transaction is ultra secure. In fact, it is expected to be more secure than a face-to-face transaction. This is going to be the greatest challenge.There are four necessary ingredients to secure e-commerce sites:
Access control
Privacy
Authentication
IntegrityWith Access Control, you can set a policy to determine who can and cannot get in. Privacy controls guarantee that unauthorised person cannot see the contents of the message such as credit card numbers. Authentication provides re-assurance to the respondent that he or she can be sure that the content has not been tampered in transit.
There are many protocols available for secure transactions like Secure Stock Layers (SSL), Secure Electronics Transaction (SET). However the security protocols have developed and standards have been set, many frauds are taking place. Without a fool proof method of identifying buyers in cyber space, a company cannot be sure if an order for say 5000 computers, for next day delivery, is received from a valid purchaser.
To tackle these problems more than the said protocols, fire walls additional securities can also emerge in Bio-metrics technology as a cost effective deal to combat international and external fraud. Bio-metrics technology breaks down into 7 categories viz., finger scanning, retina scanning, hand geometry, face recognition, palm print recognition, voice recognition and signature recognition. This Bio-metrics system can be used as Consumer Stand-alone Security device that replaces password-based systems to log on to the work stations. This technology is coming up in a big way and could be part of the future hardware shipments from the vendors in the years to come.
-- The author is the director of Pentasoft Technologies Ltd, Chennai
Copyright © 2000 Indian Express Newspapers (Bombay) Ltd.