Wednesday, June 17, 2009

Indra's Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEo4t1gRBADQ7c0uR78x6gwQnoNeoz8CeoG5Cb3aSGzEDpjclKA8SqlsYuLE
tmPc/dm8DF1/M0u8Jg/4oNNIfXRa70nnn9fcz6LBJCGV7YjIf8jeGMPCXfafzvDp
OoXDJSdLLDZls5mqbtVIcDDbum1kPA+REn/eDjxknf7BEL64v8ykSidw+wCgtlBw
6puNaRiAeQi9VZ4KoEJJLfED/R/Uwpe50bn1emAjo+Ph9xCDLHwRorzi6hJdEc0w
AR/p31MR+dVpBE5XMdM4Rva40vsf2epch8srmVWGXaMlA5MHtEvP+BwUqtqzWo7e
kkcjpgFquNQv+spVEfPgkSx4dnxwUyseC8gnzeroUJf+YqzFIF/CPi9y5T4TyVV8
gXy0A/9xPtgPelHwqqHgiWq4V9Bjr8KOITJTDVGUAPCU2fAJBq7w+LKa6Fd+wTAk
w+N42pQCZDK46gqAiV2BQq5xsWtI0JoQoUDxucmOWARoTNkaHw78EfsHDCpKHPp1
ki0BYxDOEXQF4wbPgJzP/90HZcxpZ3AltxbhnaRSGGIS+rxBbrQpSW5kcmEgKEtv
bWVuIGFwYSB5YWgpIDxvZXJlZ2FyQGdtYWlsLmNvbT6IYAQTEQIAIAUCSji3WAIb
AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJED2TiDkKmgbB9UkAoJ+Xlc5++1NJ
8BiSGB1LZ2uWEwQUAJ95IZMPJi7X2ejKAJeeiLCKTR78v7kBDQRKOLdYEAQAm57+
RtSIA3Y6pbiWTQziunCcMnIjvF86WLdYBwJnHf4ljvR0ENcl8wsxACGXwDYtMlcP
SYE1+vXq9ZCmYoh9vO7eSE/mresiYVNFJIeD0urJyXrL+olPsGml2W1k84olQ6Bz
tXsrmUnYdoPiBAFFIz95mvswM6+gec8MCUt1yWcAAwUD/3A9Hy5OK6EX03OUPIgV
mA1TxjdGdP8AejLEFTLExGC2jMsjYI0wSgN73QGkdK1B2meQtcvzoh29KRn2a88x
/ZCLijHcceyofuzIXuwlXDPcXtZgYvQe81j7zXNyvLqYkOLVT3dQAJHZfytOkgR0
+23OEdGSv6loH+AFLpEzaKHMiEkEGBECAAkFAko4t1gCGwwACgkQPZOIOQqaBsFM
SACfcsagabmj4zFzQmSMHyTSZAciYp8AmgJzUimo9Cx6IzoIw4FPc07uC47z
=ueRc
-----END PGP PUBLIC KEY BLOCK-----

Saturday, May 2, 2009

Credit Card For Online Transaction, Is it Safe?

With tremendous popularity of the internet, more and more people now make their first online transaction. And when talking about online transaction, the most convenience tools for such transaction is credit card. Using credit card give both seller and buyer immediate settlement, the money is immediately changing hand, no need to wait clearing time, no need to wait until the next business day, etc. But how about the security of the credit card? Is it safe to make online transaction with credit card ?

A Bit of Guideline

Before we answer that question, let us explorer first the common practical security guideline for online transaction. To help you have more confidence about transacting online with credit card, here are some steps that you can consider:
If possible, only deal with the biggest name of online transaction merchant: Ebay, Amazon, PayPal, ClickBank, etc. Not that they cannot be broken, but if there is something wrong and you make a claim, at least they have more resources and tools to protect and find out what’s really happen.
Check the secure certificate. For every secure web page, there will be what so called “secure certificate” this is basically a independent third party confirmation that the website is really the one they claim they are. For example: if the logo say “Ebay”, but the secure certificate did not confirm that it is Ebay, then better stay away from it. The secure certificate is really strict. Some time your browser will complain that the secure certificate has a problem, then you need to check the content of the certificate. If it’s only a mismatch of sub-domain, for example www.shoponline.com and secure.shoponline.com, it’s not a big deal. But if the certificate mentioning different company name, you should seek explanation or just bugger off.
Transact only on secure web page. You need to make sure that on the page that you are going to enter your credit card detail you see “https and padlock” on your browser. “https” is “secure hyper text protocol”, this is the one which makes sure that the data transmission will be encrypted. the padlock is the visual confirmation that the connection is secured.

After the transaction, sometimes the shop offer to email the receipt to you. You need to make sure that the ceredit card detail will be obscured, if not, then don’t do this as you don’t know how they are going to email your receipt. What you don’t want is they will reveal the whole credit card detail on email (see scenario two above) It’s better just print it out or screen capture your monitor.

Surprisingly, It’s Up To You

Money for Online Transaction

Yes, the answer whether is it safe or not to transact online is: up to you. You are the one who make any online credit card transaction as safe as it can get or as risky as you make it. In other word, if you don’t what are you doing, you are the one jeopardize the security of your credit card. Want example ?

For example: let say you buy new digital camera online with online shop that you never deal with before. And you want to pay with credit card. The shop even provide you with secure webpage to do this transaction. So up to now, everything is okay. Now thinking twice, you’re wondering is it safe to do this transaction as you never deal with this shop:

  • Scenario one: You decide to call the phone, talk to real people and give the credit card over the phone
  • Scenario two: You decide to call the phone, talk to real people and give the credit card via email
  • Scenario three: You proceed with the web interface and conclude the transaction without talking to anybody
Which one of the three scenario is the safest and as secure as you can get ?

If you said scenario three is the safest, then you are correct. Let see why the other scenarios is a disaster to your credit card security:

  • When you talk to the a person, do you know where exactly she/he record your credit card detail. The chances are: on a piece of paper the closest that she/he can get. Why? The shop is ready for the online transaction (hence the secure interface), but not necessarily ready and have establish procedure to handle over the phone transaction. At least the one you talk to might not have been fully trained to handle phone data. So, if it’s on a piece of paper then you are exposing your credit card security.
  • Unless you use what so called “Secure email” using email to give your credit card transaction is a Big NO. That’s actually equal to go to in the middle of shopping mall and scream out your credit card number there. If any of the hacker or bad people just listening to the data transmission, they will easily capture your credit card detail. Also, while sitting on the Internet Service Provider, the admin who maintain the server can easily get a peek on the email content. Why? Because email is using plain text to communicate. Cannot be more plain that that. Everybody cansee it.
  • Now, by using the secure interface you give yourself the maximum chance of security. Anybody listen to the data transmission will not be able to see the content as it’s encrypted. What do I mean by encrypted ? Simply put: a word “John” probably transmitted as “ae62bef4589ade56219bc785d5ad45deaba54d17304bd6dbacc2c3c5c62746ba”. That’s how difficult it is. It is not it can not be broken, but it will take considerable amount of effort (months of tens of computer continuously working on it) just to break that word. And the additional problem for the hacker, they don’t know really know where the word start. So it might capture the wrong data. (But with email, it would display as clear as it can get). Furthermore, with established merchant system, the chances are that your credit card number is transacted without even a person looking at it.

So, with above illustration, I hope I convince you that the safety of your credit card is really up to you.

Source:/financebyme.com

Friday, May 1, 2009

How Secure an Online Transaction Process in E-Commerce



Figure Summary of an Online Transaction

1. User makes online purchase. (See diagram above for each numbered step.)
2. A program within the Payment Page sends data to the T.P. (Transaction Processor).
3. T.P. checks User's account to verify funds and identity.
4. T.P. gets results back.
5. T.P. returns results to webpage informing user of purchase OK'ed or denied.
6. For OK'ed purchases only, T.P. sends details to a Settlement Processor, (SP)
7. S.P. sends authorization to User's bank to send $ to Merchant's bank.
8. User's bank sends funds to Merchant's bank.
9. Merchant receives funds and accounting details of transaction.

Details of A Transaction

Transaction Processor: a company which receives data from website programs, that offer online purchasing, and performs the following service for the owner of that website:
a. verifies the identity of the purchaser;
b. verifies that the purchaser's account is active, valid and that funds are available;
c. assuming ID is valid and funds are available, purchase amount is "set aside" (frozen);
d. purchaser is informed of outcome - transaction approved or not;
e. approved purchases are then sent to a "Settlement Processor".

Settlement Processor: a company which is authorized by the banking networks to transfer funds from a purchaser's account to a merchant's account, after a Transaction Processor has verified the purchasing action.

Profit Gate is an Authorized Agent for Total Merchant Services, one of the largest Transaction Processors in the world. A global leader in credit card processing, Total Merchant Services has been a pioneer of e-commerce and non-face-to-face transaction technologies since 1991. As one of the first companies to specialize in internet start-ups, they service thousands of e-business merchants worldwide.

Total Merchant Services streamlines and automates the credit card clearing process with an all-encompassing payment program. Rather than relying on third-party processors and their associated fees, merchants can count on Total Merchant Services to speed transactions, reduce fraudulent transactions, and ultimately reduce the cost of doing business. To better understand Total Merchant Services approach to credit card processing, here's a step-by step example of how the process works.

1. Authorization
Before the credit card acceptance process begins, merchants must first have a Web site where they plan to accept credit cards as payment for goods or services. Merchants also need a merchant bank account with a financial institution. Merchants then subscribe to an online payment service (such as Total Merchant Services) and install payment-processing technology on their Web server. With Profit Gate's assistance, all of these requirements are addressed with a single program.

Once the customer submits a credit card number on the merchant’s Web site, the program contacts Total Merchant Services to request authorization.Total Merchant Services filters the information for fraud and may reject the transaction.

The transaction information is then sent to the credit card network for authorization of the charge by the Issuing Bank. If the transaction is approved, an authorization code is returned to the merchant’s Web site and the authorization is complete.

2. Settlement
Once the customer’s order is shipped (or downloaded), the authorization code is used to settle the amount of the transaction. An Internet Payment Gateway and the credit card network exchange information with the Settlement Processor to confirm the transaction.

3. Funds transfer
Finally, a Settlement Processor requests a funds transfer from the Issuing Bank, which moves money through the Settlement Authority into the merchant’s bank. The payment process is now complete.

Source: www.myecommercehosting.com/howitworks.html

Thursday, April 30, 2009

The term Computer Security

The earlier issues of the computer security have to do with computer vandalism, preserving the low operation temperature, and maintaining the electricity. While recent issues of computer security flaws engage more complex problems, including intruder attack, copyright infringement, privacy violation, natural disaster and even more extensive challenge, business continuity. Such issues will unsurprisingly elevate quantitatively and qualitatively as computer usages are increasing in numbers and in its application diversity. And so the term computer security will also shift.

The term computer security has evolved aligned with the expansion of utilization of the computer, while the pace of the growth of the computer security needs, have been multiplied by a number of factors, primarily by the advancement of hardware and software.

Though the term Computer Security has extensive coverage, but common understanding of computer security nowadays concerns mostly about;
 ensuring that the information is protected along its life span;
 maintaining 100% of data integrity, and;
 protecting the computer operation against attacker, unintended human error, or natural disruption that could lead to malfunction or system fall down.
Other concerns are access control, authenticity and non-repudiation.

Computer Security, Information Security or Information System Security are popular terms where people usually use interchangeably to refer to such common understanding, while Network Security is taken in.