Get the most out of your Inc. online experience by registering and joining the Inc. community today. Get access to all Inc.com content and priority invites to free Inc. networking events in your area.

Login using:


Or login directly through Inc.com

Safe Passage

How to make financial transactions secure on your Web site. A look at the technology, registering with certification authorities, and digital cash as an alternate payment method.

By Alan Joch | 
 

Techniques: On-line Entrepreneur

How to make financial transactions as secure on-line as they are in the real world

Every new technology has its bogeyman. "Electricity had Frankenstein. Nuclear power had Godzilla. And the Web has hackers," says Jason Olim, the 28-year-old president of CDnow, an on-line retailer based in Jenkintown, Pa. Hackers are an evil Olim can't afford to ignore: his three-year-old company sells approximately $6 million worth of CDs and cassettes a year over the World Wide Web.

Of course electricity and nuclear power are still very much with us, so perhaps it's not surprising that the number of companies doing business on the Web increases every day. Forrester Research, of Cambridge, Mass., reports that within the next five years, revenue from on-line shopping in this country is expected to balloon from $518 million to $6.6 billion.

Still the question remains: Can a business's on-line transactions be as safe as conventional sales? Yes, say the half-dozen Internet-based retailers we interviewed. Every one of those companies--which have been doing business on-line for one to three years and have annual sales of up to $24 million--reported zero incidence of electronic-transaction theft. And all agreed, based on their front-line experiences, that the threat of Jolt-eyed hackers intercepting credit-card numbers via network "sniffer" software is way overblown.

It used to be that many security-minded consumers would shop on-line and then go off-line when it came time to make the purchase. But that practice is changing. For example, when on-line computer retailer Cyberian Outpost, based in Kent, Conn., opened for business in 1995, roughly 20 percent of its customers phoned in their credit-card numbers rather than run the risk of sending them over the Internet. Today only about 1 percent of the company's sales are made over the phone, says company president Darryl Peck.

One reason customers feel more confident buying goods on-line is the growing use of new technology designed to make Web-based transactions more secure. Practically all major on-line retailers now use a protocol called secure sockets layer (SSL), which scrambles credit-card numbers and other electronic data so that they're useless to un- authorized recipients. SSL, developed by Netscape Communications, comes built into most Web-site-development software, including Microsoft's Internet Information Server and Netscape's own Enterprise Server. And most browsers, including Microsoft's Internet Explorer and Netscape's Navigator and Communicator, also "speak" SSL.

SSL's main job is to encrypt words and numbers into a jumble of alpha-numeric characters that can be "unlocked" only by the computer at the merchant's end of the transaction. Each SSL-enabled server is installed with both a coder and a decoder, and the encryption code they generate is unique to that system. When a consumer using an SSL-compatible browser gets ready to buy something from a retailer's Web site, he or she sees a message (like "You have requested a secure document") or an icon (perhaps a lock in the corner of the screen). The user then enters a credit-card number, and the server's coder automatically scrambles it. In theory, hackers could get at that code, but the numbers can't be unscrambled without the decoder that comes with the server licensed to the seller.

Prices for SSL-enabled Web-server software range from zero for Microsoft's Internet Information Server 3.0 (free distribution is part of the company's strategy to solidify its position as an Internet player) to $1,295 for Netscape's Enterprise Server 2.01. An advantage of Netscape's software is that it supports both Unix and Windows NT; Microsoft's product does not. If your current Web site doesn't support SSL, you can retrofit it with a product like SecureWeb Toolkit, from Terisa Systems, in Los Altos, Calif. If you don't have an in-house technology manager who can install the server software, enlist the help of a reseller or systems integrator. The Computer Security Institute, in San Francisco (415-905-2626), can provide references for security experts.

Just because you're using SSL doesn't mean you're ready to hang out your electronic shingle. Your financial institution will want you to register your company with a certification authority so that your on-line banking transactions are secure. Certification authorities are the notaries public of the Internet; you may have heard of VeriSign, of Mountain View, Calif., which is one of the largest. These organizations require you to complete a series of forms establishing your identity; afterward they assign your company an electronic signature, a coded paragraph of numbers and letters that works much like a password or handwritten bank-card signature. Whenever you conduct a Web transaction, the bank contacts the certification authority to verify your electronic signature.

 1 | 2  NEXT 

Read more:

  • 9 Most Common Start-up Mistakes
  • Accelerator vs. Incubator: What's the Difference?
  • How Pinterest Really Makes Money

    • Sign-up for our Technology Newsletter