Security With
WebTrust can allow enterprises to ensure that access to its electronic commerce system and data is restricted only to authorized individuals in conformity with its disclosed security policies. The
WebTrust Program's Security standards provide a comprehensive solution for e-businesses by independently verifying a web site's compliance with online security best practices. The
WebTrust Security Principle sets out an overall objective for the security of data transmitted over the Internet and stored on an e-commerce system.
Certification Authority (CA) is the body given the license to operate as a trusted third party in the issuance of digital certificates. One of the famous applications of 3rd party certification program in Malaysia is the
MSC Trustgate com Sdn Bhd. It is a licensed Certificate Authority under the operation of the Multimedia Super Corridor which incorporated in 1999, under the Digital Signature Act 1997 (DSA). MSC Trustgate was state-of-the-art data center located in Cyberjaya is one of the most advanced in ASEAN and conforms to IT security standard, Orange Book Tier 4. All of the consultants carry out a stringent certification process and continuous training programs and are well experienced in deploying large-scale projects. At present, MSC Trust gate has 12 million of paid up capital.
The
projects MSC Trustgate have implemented are E-banking Security Deployment and E-procurement Integration, User Authentication and Customer Clearance Approval System, and Public Key Infrastructure (PKI) to assist all type of companies and institution conducting their business over the internet. MSC Trust gate offers complete security solutions and trusted services for individuals, organizations, government, and e-commerce service providers by digital certificates, encryption and decryption. It could help companies build a secure network and application infrastructure for their electronic transactions and communications over the network.
The
objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provide digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, MyKAD ID, MyTRUST, Managed PKI, SSL VPN, Personal ID, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.
helps companies and consumers all over the world to engage in trusted communications and commerce.
VeriSign is the most trusted mark on the Internet, the seal of verisign is an instant proof that your web site is genuine because you have been verified by the Certification Authority, and your customers can conduct business with you free of worry. It offers the strongest SSL encryption, and VeriSign is the leading
Secure Sockets Layer (SSL) Certificate Authority.
SSL is a protocol originally developed by Netscape in 1996 as a way of ensuring the security of e-commerce transactions, communications, and interactions for Web sites, intranets, and extranets.
Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely,
Security HTTP is designed to transmit individual messages securely. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger.
Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data. Furthermore, the digital certificates can assist the development of greater internet based activities.
Why is the 3rd party certification needed? The reason is there are threats of internet security spreading over the net nowadays. For example, customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients and is safe.
Moreover, it can provide e-mail protection and validation, secure online shopping carts and more services in order to avoid being spammed, hacked and attacked by the malicious software such as virus, trojan horse and worms.
Lastly, by applying 3rd party certification, there are more safeguard for online shopping, which means the customers can shop safely. In addition, the confidentiality of customers towards the internet will also be enhanced and hence the organizations will be able to earn more profits.
References:
http://youthdew.blogspot.com/2008/06/application-of-3rd-party-certification.html
http://milkteablog.blogspot.com/2008/06/application-of-3rd-party-certification.html
http://littleangele-commerce.blogspot.com/2009/02/application-of-3rd-party-certification.html
http://focus.ti.com/lit/ml/szzq009a/szzq009a.pdf
http://www.rhb.com.my/insurance/en/join-rhbi/business-development-opportunities/the-requirements/Default.aspx
http://ecomworld.wordpress.com/2008/06/25/the-application-of-3rd-party-certification-programme-in-malaysia-2/
http://e-noll.blogspot.com/2009/02/application-of-3rd-party-certification.html
http://www.bnm.gov.my/files/doc/forex_online_application_userguide.pdf