Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

311

312

313

314

315

316

317

318

319

320

An alliance between VISA, a number of financial organizations, and software companies, has

been promoting a standard called Secure Electronic Transaction since 1997. One component of

the SET system is that cardholders can obtain digital certificates from their card issuers. If SET

takes off, it could reduce the risk of repudiation and other credit card fraud in Internet transac-

tions.

Unfortunately, although the specification has existed for many years, there seems to be little

push from banks to issue SET-compliant certificates to their cardholders. No retailers seem

willing to reject all customers without SET software, and there is little enthusiasm from con-

sumers to adopt the software. There is very little reason for consumers to queue up at their

local bank and spend time installing digital wallet software on their machines unless retailers

are going to reject their customers without such software.

Balancing Usability, Performance, Cost, and

Security

By its very nature, the Web is risky. It is designed to allow numerous anonymous users to

request services from your machines. Most of those requests will be perfectly legitimate

requests for Web pages, but connecting your machines to the Internet will allow people to

attempt other types of connections.

Although it can be tempting to assume that the highest possible level of security is appropriate,

this is rarely the case. If you wanted to be really secure, you would keep all your computers

turned off, disconnected from all networks, in a locked safe. In order to make your computers

available and usable, some relaxation of security is required.

There is a trade-off to be made between security, usability, cost, and performance. Making a

service more secure can reduce usability by, for instance, limiting what people can do or

requiring them to identify themselves. Increasing security can also reduce the level of perfor-

mance of your machines. Running software to make your system more secure—such as

encryption, intrusion detection systems, virus scanners, and extensive logging—uses resources.

It takes a lot more processing power to provide an encrypted session, such as an SSL connec-

tion to a Web site, than to provide a normal one. These performance losses can be countered by

spending more money on faster machines or hardware specifically designed for encryption.

You can view performance, usability, cost, and security as competing goals. You need to exam-

ine the trade-offs required and make sensible decisions to come up with a compromise.

Depending on the value of your information, your budget, how many visitors you expect to

serve, and what obstacles you think legitimate users will be willing to put up with, you can

come up with a compromise position.

E-commerce and Security

ART III

290

17 7842 CH13 3/6/01 3:36 PM Page 290