The Internet has changed the way companies do business, allowing a growing number of small and medium-sized firms to pay bills, conduct financial transactions with partners and sell goods and services to customers online. But the Internet has also made it more possible for sensitive company information and private customer information to be tracked and gathered and stolen online, including credit card numbers, social security numbers, bank account data, and other sensitive information that could be exploited if it ends up in the wrong hands.
The total cost of Internet-related fraud complaints from consumers rose from $206 million in 2003 to $336 million in 2005, according to the U.S. Federal Trade Commission. Internet-related complains accounted for 46 percent of all fraud complaints to the agency. For businesses with Internet related transactions, or other forms of ecommerce, encrypting sensitive data about a business or customers is essential these days.
"SMB systems may hold data that companies want to protect, such as business critical or personal information," says Dave Cole, Internet Security Expert at Symantec, the Cupertino, Calif. security software maker. "Encryption increases the security of data transmissions, reducing the risk of third-party observers being privy to content (for example, the password to your online banking services). Encryption can also be used for stored data. Encryption can help protect your Web site or e-business information assets from unauthorized access."
Basics of Encryption
To combat the threat from fraud and hackers, most major Web sites use some form of digital encryption to protect sensitive data. Encryption is the process of scrambling data in order to make it unreadable without special knowledge of steps that can lead to unscrambling the code. While in computer terms, encryption is performed today with the use of algorithms, the concept of encryption has been around for many centuries in the form of ciphers and codes. In fact, in the decades following World War II, encryption in a digital form was primarily used only by government agencies and major corporations.
Until the advent of the automatic teller machine, most banking customers didn't even have a personal identification number (PIN), and a signature was all that was required for most transactions when payment was made with a check or credit card.
How Encryption is Used
With increased online use, business is conducted where the various parties have practically no contact either face-to-face or even over the phone. Orders on a Web site can be processed with a few clicks of the mouse. The buyer often never communicates with a seller, except to enter a form, and the seller just simply processes orders much as it was done in the past via mail order.
Likewise, credit card or banking information can be accessed via a Web site, and businesses can transfer funds, make payments and even send money electronically through services like PayPal. It is because of this that encryption has become crucial, and for that reason, businesses should operate Web sites that offer a secure (i.e., encrypted) order forms in order to reassure customers that the business is a trustworthy one.
Layers of Encryption
Sites such as PayPal use some of the industry's leading encryption to keep customer information and company data highly secure, says Amanda Pires, spokesperson for PayPal. "The PayPal system was built by one of the most highly regarded cryptographers in the industry, Max Levchin. Max built PayPal's financial system from the ground up using high-level encryption."
Historically, encryptions in the form of ciphers were codes using transposition or substitution of characters. This made deciphering the information slow and tedious. But even that method could be defeated with enough time and resources. With computers, encryption and decryption can be done extremely fast, and in many ways, the encryption from most Web sites is far more advanced than any used by governments only a few decades ago.
Today, in fact, there are symmetric key algorithms that are basically private-key cryptography, where two users must share the same software to read each other's messages or information. This is used by businesses and government agencies to keep outsides from reading any of the data. Each party needs to have the common key. But if the key is compromised, a new key can be provided for future transmission of information.
The other type of encryption, one that most small businesses will likely deploy, is asymmetric key algorithm, which uses both public-key and private-key cryptography. With this method, a user can send data via the public-key that is then encrypted, while the receiver, who is only one who can decrypt the information, uses the private-key. This is how credit card information is protected when a customer orders online from your Web site. The downside to this type of key is that if a site is successfully hacked, then the user's information is compromised.
However, when you consider that credit cards regularly pass through the mail, charge slips can be lost with vital information clearly printed and cards are often stolen, encryption is actually pretty secure. It should make customers feel more secure in using your company's Web site to buy goods or services.