The following are answers to common questions in the Microsoft FrontPage Client Newsgroup:
Electronic Commerce - Security issues
Merchants can have the results of on-line orders processed in several ways:
Security Issues --- Orders sent via email
Unless the email is encrypted (on the server) prior to being sent, the email will travel through potentially hundreds of servers and be accessible on all of them.
The Microsoft Anti-Trust law suit has proven that email, no matter how old, can be retrieved from various servers.
So it is crucial, if the merchant chooses to have the order results handled via email, the email be encrypted using technology like PGP.
There are many development companies -- we are one such company -- which have the programming staff and experience to enable this technology for merchants.
See How to use PGP to send encrypted email if you want to tackle the process yourself.
Security Issues --- Orders stored on the server
We have seen several cases where the merchant stores the order information in a publicly accessible part on the server where anyone can browse the file.
It is crucial that all information be kept on the server only as long as necessary and in a password protected area. If the information will be kept on the server for a long time, then the information should be encrypted.
Security Issues --- Orders sent to an on-line credit card processing company
This is often the most secure way to handle on-line orders as you, the merchant, never receive the actual credit card number and the monies are automatically deposited to the merchant account.
Note: Just as care and planning should be taken when establishing a merchant account, care and planning should be taken when picking an on-line credit card processing company.
Dynamic Net, Inc. has worked with several companies, and we are willing to share our experiences with you if you ask.
Security Issues --- Digital ID
Personally, and as a company, we spend a large amount of money on-line, and will not
ever shop at a place that does not use SSL with their own digital id.
Some hosting companies put up to 2,000 domains on one server (HiWay is but one example of such a company, and also a company that accepts companies in the adult industry). If but 10% of them are sharing the id, then you have 200 people with a key to the shop (so to speak). Not very secure.