In the early days of the Internet, online credit card processing was tricky at best. Sending card information through a website or email meant a risk was being taken. Anyone could intercept the information and steal it, using it for their own ill-gotten purposes. Purchasing anything over the Internet meant having to wait for business hours, and then find the time to make a phone call in order to make a purchase. Truly it wasn’t much of an improvement over shopping in a catalog. The invention of the secure socket layer, which encrypted credit card information, changed all of this, changing online buying overnight.
There is a specific protocol that must be followed for online credit card processing. The major card brands such as Visa and MasterCard allow the use of different types of security, but the security program must adhere to their stringent requirements in order to be used. This rule applies to the merchant service provider that offers online credit card processing accounts. A business owner who simply swipes card only needs to be concerned if their provider is using a questionable encryption protocol. The encryption itself may meet the standards, but has vulnerabilities that make it susceptible to being hacked a la the Sony PlayStation 3 debacle.
Encrypted credit card information follows a specific protocol in order to ensure the credit card numbers and personal identification cannot be uncovered. The process begins when the customer enters their information on the order screen that they are viewing. Only the customer can see the information, no one else. The “send” button is pressed, starting the encryption process. A secure socket layer (SSL), or a similar type of encryption, scrambles the information while transmitting it to the card processor. This prevents unauthorized parties, IE those who do not have the key to unlock the encryption, from being able to intercept the transmission. Additional security measures are also put into play at this point. An authorization request consisting of the order amount and personal information is submitted to the cardholders issuing bank for verification. Provided the information provided is correct, the bank puts an authorization hold on the funds and the merchant finalizes the transaction upon fulfillment.
The encryption itself is known as 128-bit encryption. This type of encryption is the strongest form available for online transmission of secure information. In fact, the U.S. government limits the export of 128-bit encryption outside of the United States and Canada.
Modern security measures for online credit card processing have enabled businesses to sell their products 24 hours of the day, every day of the year. Both the seller and buyer can relax, knowing their information is as secure as it can be.