|
Date: 8/6/2008 3:01 pm · Subject: eCommerce solutions and SSL security. · Rating: 0
<Begin SoapBox>
As a Security Consultant, the Point to point encryption of eCommerce solutions is essential to maintaining the security and integrity of a web based eCommerce solution.
Case in point are the 40+ Million Credit Cards that the FBI (Justice Department) now has charged 11 people with Identity Fraud, and hacking of Computer Systems.
As a Security professional, I am telling you that WarDriving (the remote exploiting of Wireless communications), key stroke loggers, and network sniffing are just some of the techniques employed in gaining access to the personal information. Some, if not all, of this could have been avoided with the use of better security (wireless security certainly), and encryption technologies (like SSL).
Employing security from the design up, is significantly easier to implement than after a breach has been encountered.
</End SoapBox>
That being said, I am anxiously awaiting the release of the 7.5 WebGui code, with Shopping Carts. Having spoken with Sr. developer - Doug Black, I agree that the intent of the WebGui design is to not store the Credit Card information in the system, and permit the processing to occur (even recurring charges) at the payment gateway.
While I also employ a Fresside Billing system (design by Ivan Kohler - developer of the CPAN Business::OnlinePayments modules), which exclusively uses SSL (https connections) for all of the connections, whether it's a remote gateway, or credit card processor.
My hope is that WebGui intends to use Best Practices and employ a rigid use of SSL connectivity in anything involving the Shopping Carts, or eCommerce interfaces.
|
