Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Security for Electronic Commerce

Security for Electronic Commerce
View Sample PDF
Author(s): Marc Pasquet (GREYC Laboratory (ENSICAEN – Université Caen Basse Normandie -­ CNRS), France), Christophe Rosenberger (GREYC Laboratory (ENSICAEN – Université Caen Basse Normandie -­ CNRS), France) and Félix Cuozzo (ENSICAEN, France)
Copyright: 2009
Pages: 9
Source title: Encyclopedia of Information Science and Technology, Second Edition
Source Author(s)/Editor(s): Mehdi Khosrow-Pour, D.B.A. (Information Resources Management Association, USA)
DOI: 10.4018/978-1-60566-026-4.ch537


View Security for Electronic Commerce on the publisher's website for pricing and purchasing information.


E-commerce permits a dematerialized financial transaction between a customer and a merchant (Schafer, Konstan, & Riedl, 2001). It uses a complex architecture involving many aspects in computer science (security, database management) and in electronics (smartcards, tokens) (Tang, Waichee, & Veijalai, 2004). E-commerce is in a constant growth (Herrmann & Herrmann, 2004). To be used by the majority of individuals, electronic transactions must be secured to increase the confidence in the e-commerce. Security is necessary in commercial relationships for many reasons. First, the customer must be sure that the goods he/she is buying will be the expected ones, and will be well delivered at his/her address. Second, the merchant must be sure to be paid. If the customer uses banknotes or electronic payment, two or more partners are involved in that transaction: the customer’s bank and the merchant’s one. The two banks must be sure of the customer’s identity and of the merchant’s one in order to avoid banking frauds. In the transaction process, many security systems are used to ensure the confidentiality, authentication, and integrity of exchanges. The security is guaranteed by using specific procedures and hardware. The objective of this chapter is to present how the classical security concepts are applied for an electronic payment and especially to limit the fraud. The background section first gives a general idea of the problem generated by the electronic commerce. Second, we present briefly the public key infrastructure approach that is generally used for authentication within this context. The main thrust introduces two protocols that have been developed: SSL (secure sockets layer) and TLS (transport layer security), to create a secure channel where all transactions are encrypted by using specific architectures and algorithms. For the payment part of the transaction process, banks have been considered that SSL and TLS are not sufficiently secure. The main reason is that the cardholder is not authenticated by the issuer bank and the responsibility stays on the merchant side. Banks have so tried to implement different architectures to meet these requirements. These different methods, use of token with SET (secure electronic transaction) or a smartcard such as C-SET developed in the last fifteen years, began to converge to the 3D-secure (three domains security) protocol. These methods to secure the distant payment was adopted together by the card scheme Visa© and MasterCard©. The last, but not the least problem, concerns the distant authentication of the client by its bank, which is described in the future trends.

Related Content

Christine Kosmopoulos. © 2022. 22 pages.
Melkamu Beyene, Solomon Mekonnen Tekle, Daniel Gelaw Alemneh. © 2022. 21 pages.
Rajkumari Sofia Devi, Ch. Ibohal Singh. © 2022. 21 pages.
Ida Fajar Priyanto. © 2022. 16 pages.
Murtala Ismail Adakawa. © 2022. 27 pages.
Shimelis Getu Assefa. © 2022. 17 pages.
Angela Y. Ford, Daniel Gelaw Alemneh. © 2022. 22 pages.
Body Bottom