How secure is the client of an on-line offshore service provider?
Encryption of data as it travels across the Internet is becoming a prerequisite. Such encryption is achieved through use of public key encryption systems. The concept is that everybody has two keys, a public key and a private key. These keys can be used to 'lock' (encrypt) or 'unlock' (decrypt) data. Although related to one another, both keys are different. Your public key can be published on a key server on the internet, or sent to another party during a transaction. It is public knowledge. Third parties can use it to 'lock' (encrypt) data which is intended for you. However, the information required to 'unlock' (decrypt) the data is contained only in the private key. You alone hold your private key, and it is unique. Once a message has been 'locked' (encrypted) using your public key, you and only you can 'unlock' (decrypt) it.
The first large scale, public key encryption system, PGP, which stands for 'pretty good privacy' was developed by Phil Zimmerman. He recognised the political nature of cryptographic technology, and its place in an increasingly digital society. His crusade to make this technology available to the public, in the face of government opposition (because government law enforcement and intelligence agencies want access to all of our communications, to catch people who break the law, and detect threats to National Security), led to criminal proceedings being brought against him. It is still the best and most secure method of securing e-mail while in transit, and can also be used to secure files on a computer. It is free for personal use, and there have been some spinoff products such as GPFoneTM , which allows encrypted voice communication across the internet. For more information visit www.pgpi.com
SSL, stands for secure socket layer, a technology developed by Netscape, for securing connections made between a browser and a web server. It is a hybrid public key encryption system. Keys and data are exchanged at the beginning of the transaction, and the browser and the web server agree on a key to use for encryption/decryption for that session. The latest SSL technology supports 128bit encryption, which is 300,000,000,000,000,000,000,000 times stronger than its 40bit predecessor. It has been calculated that it would take 1,000,000,000 years to break the encryption using current technology. The technology also facilitates authentication, through a hierarchical structure of verification. At the root of this verification structure are the CA's (certificate authorities) such as Thawte (www.thawte.com) and Verisign (www.verisign.com).
Probably the greatest security risk for companies lies in the security of the web server itself. It is all very well ensuring that the client's details are secure during transit from their browser to the web server, but if the security on the web server is not adequate, then the potential information thief can extract this information directly. Unfortunately this is often the case, particularly when the site is hosted with a third party. The intruder usually can obtain a lot more information besides credit card numbers.
The nature of e-commerce is such that the business is largely paperless, with much of the information residing in a database, and the implications of it falling into the wrong hands may well be disastrous for the on-line offshore service provider. It is therefore indispensable for the user of such on-line offshore services to ensure the chosen company has top security measures in place. Summarising such requirements are as follows: A minimum of SSL/128 bit encryption, no third party hosting, communication by encrypted email and the use of geographically carefully located proxy servers.For more information email@example.com