In this living day of age, there are two things that run the world - Time and money. Every second another deal is being made, another million dollars is being spent, another business venture is being set up. So it only seems apt that science and technology tries its hand to revolutionize monetary transactions. This is what laid the foundation for e-commerce. According to Louis V. Gerstner Jr., Chairman and Chief Executive Officer, IBM Corporation - "It's not just about buying and selling over the Net. It's about using this powerful new technology to transform every aspect of what we do as people."
As simple as it sounds, there are so many intricate details to be taken care of. First and foremost - Confidentiality. Disclosure of information at all times should be strictly prevented. This has brought about a lot of debate with regard to personal privacy versus national security[LINK]. The next factor to be accounted for is authentication (proof of identity). The traditional username-password verification no longer provides as much security as it once did. So this is where cryptography steps in and takes charge. After a transaction has occurred, there should be no leeway to allow the parties concerned from claiming it never happened. In other words, it should be irrefutable. Apart from authentication, at times authorization also has to be provided. Authorization varies from authentication in the sense that it deals more with providing you the authority to access a certain facility. And cryptography allows this authorization without identity disclosure! Last, but not least, the integrity of the transaction has to be maintained. There should be no manipulation of any of the records.
Sometimes, the keys required for decryption are lost due to human error even though measures have been taken to guard against it, and in such cases key recovery ought to be provided. Key escrow is one such measure, where the key is entrusted in the hands of a third party and can only be retrieved by the two parties involved in the transaction, on proper authorization and authentication. However this can prove to be a potential threat since the key is in the hands of an escrow agent.
Micropayments (payment of installments) is one major facet of e-commerce. However, it leads to concern when the processing cost enforced on the buyer's payment exceeds the merchant's transaction margin. In such cases, cryptography helps in reducing the role of the online broker and delegates the processing based decisions to the merchant directly.
With the advent of e-commerce, the possibility of digital cash has been contemplated many a times. This is a system that allows payment by transmitting a unique number from one computer to another. It differs from credit cards in the sense that it is a lot like paper-money, anonymous as well as reusable. While in credit cards personal information is accessible, with digital cash, it isn't. Efforts should be taken to ensure security and integrity and this is where cryptography lends its shoulder. But of course, like everything it has its own set of side-effects. The user should be able to know whether the issuer of the cash is a legitimate authority, and what happens to it if the exchange rate changes etc. At the same time, the anonymity of digital cash could easily lead to fraud, counterfeiting and could put the current system of audit trails into risk.
Bruce Schneier has said on his site - "Most fraud against existing electronic commerce systems -- ATM machines, electronic check systems, stored value tokens -- has been low tech. No matter how bad the cryptographic and computer security safeguards, most criminals bypass them entirely and focus on procedural problems, human oversight, and old-fashioned physical theft. Why attack subtle information security systems when you can just haul an ATM machine away in a truck?" So he says that instead of devoting all attention to making the e-commerce systems more secure from a technical point of view, they should just be made better than they are now. Rather than preventing the occurrence of e-commerce crimes, they should be detected. If implemented properly, ecommerce could help make business a lot easier.
- THE INTERNET HAS COME OF AGE -Louis V. Gerstner, Jr. Chairman and Chief Executive Officer, IBM Corporation
- Encryption and Strong Authentication for Electronic Commerce, Camillo Srs
- Crypto-Gram Newsletter, Bruce Schneier
- Other Looming Issues Related to Cryptography Policyv
- Image: Courtesy University of Oulu and Metsvainio design