Electronic commerce is a strategic
imperative for most competitive organizations today. It is a key to finding
new sources of revenue, expanding into new markets, reducing costs, and
creating breakaway business strategies.
Yet the risks of electronic commerce sometimes seem almost as large as
the rewards. The infrastructure that supports electronic commerce can be
susceptible to abuse, misuse, and failure, causinga number of business
problems--including financial loss due to fraud, lost business
opportunities due to service disruption, a tarnished reputation for
service, and loss of customer confidence.
Reports of attacks on computer networks or electronic services are
abundant--from the 1995 hacking attack on Citibank's cash management
system, to the 1995 arrest of computer hacker Kevin Milnick, to the series
of hacker attacks on U.S. military research facilities.
Independent estimates of the extent of electronic fraud are staggering.
For example:
- Online information theft, including pirated software, stolen credit
card numbers, and unauthorized access to corporate secrets, is estimated to
be in excess of $10 billion annually in the U.S. alone
- Nearly half of organizations suffered the consequences of an
information-security-related financial loss in the last two years
- Credit card fraud is estimated at $5 billion annually
It is clear that businesses that conduct electronic commerce must
protect themselves. It is not always clear how they should do so.
VeriSign, Inc., the world's leading certification authority and a leader
in digital certificate technology, has prepared this paper to help you
assess the various alternatives that currently exist for creating a secure
infrastructure for electronic commerce. The paper provides a high-level
summary of the key security techniques that are available and discusses
their underlying technologies.
