What is eBusiness?

The concept behind eBusiness is simple. At one end of the wire is someone who wants to buy something. At the other end is the people who sell it. An eBusiness site provides a way for the customer to see what products are available, order the products, provide shipping information, and pay for those products. This has to be done in a "secure" way so that criminals can't steal confidential information, money, or products. 

top

What about eBusiness and Security?

It is very important that confidential information (like credit card numbers) remain confidential. If you do not adequately protect this confidential information, then you could be open to legal action if this information ever gets into the wrong hands. 

top

What are some ways to use eBusiness on my web site?

There are many levels of "eBusiness" solutions. Some are simple to implement, others require very expensive specialized programming and databases. One simple eBusiness solution is to use the web just for advertising the products, then provide a telephone number to do the rest (ordering, obtaining payment information, getting shipping information, etc.). This is especially useful if the organization already supports telephone ordering. It also avoids many of the security issues, as all the confidential information (like credit card numbers) would be received over the phone, not the web. The next step up from this is to provide an on-line order form that gathers together the information, then e-mails it to the person responsible for filling the orders. This would then be handled the same way as the telephone processing. 

top

What is a typical configuration?

A typical configuration for a secure eBusiness web site would look something like this: 

a customer would use a web browser with a SSL connection to place an order. (so the order is protected).This order would be stored in the database on the server, with important information encrypted. (so hackers couldn't use it even if they break into the system) 

An e-mail message would go to the person who handles the order saying a new order has arrived, but not containing any confidential information. (still get the e-mail notification, without any security problems) 

The person who processes the order would log into the "Order processing web site" using a web browser and SSL to view the order in a secure manner. (this secures the employee's ability to view the order and process it) 

If this person needs to print the orders, it would be printed on a local printer that is connected directly to their microcomputer, not a network printer. (This prevents snooping of the printed documents by hackers) 

top

How are credit cards handled?

Some eBusiness solutions provide the ability to automatically handle credit-card transactions online. A customer provides credit-card information, and the credit-card transaction is automatically processed. This requires a way for you to verify and charge credit card transactions over the web. 

top

What are the areas ebusiness security should include ?

All communications over the network containing confidential information must be encrypted. This includes communications between customers and the web site, communications between the web site and company employees, and communications internally in the system (such as communications between two databases over the network). 

The best way of doing this is by using "Secure Socket Layers" (SSL). This encrypts all communication happening between the web server, and the web browsers. If SSL is set up on your web server, you should be able to turn it on by using "https://" instead of "http://" in the URLs to your web pages. If this doesn't work, you have to talk to your sevice provider to find out how to use SSL at your institution. 

top