Unit Code: - DV6G34

Unit Title: - e-commerce: Publishing Websites

Name: - R.J.M. Chanika Rupasinghe
Index No: - 18S07031
Batch No: - CS08
Assessment: - 01
Outcome- 1
 1) A domain name and web hosting services

2) SSC (Secure Server Certificate)

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s
details. When installed on a web server, it activates the padlock and the https protocol and allows
secure connections from a web server to a browser. Typically, SSL is used to secure credit card
transactions, data transfer and logins, and more recently is becoming the norm when securing
browsing of social media sites.

How Does an SSL Certificate Work?

SSL Certificates use something called public key cryptography.

This particular kind of cryptography harnesses the power of two keys which are long strings of
randomly generated numbers. One is called a private key and one is called a public key. A public
key is known to your server and available in the public domain. It can be used to encrypt any
message. If Alice is sending a message to Bob she will lock it with Bob’s public key but the only
way it can be decrypted is to unlock it with Bob’s private key. Bob is the only one who has his
private key so Bob is the only one who can use this to unlock Alice’s message. If a hacker
intercepts the message before Bob unlocks it, all they will get is a cryptographic code that they
cannot break, even with the power of a computer.

If we look at this in terms of a website, the communication is happening between a website and a
server. Your website and server are Alice and Bob.

3) SSL (Secure Socket Layer)

Secure Sockets Layer (SSL) is “a protocol developed by Netscape for transmitting private
documents via the Internet". SSL uses a cryptographic system that uses two keys to encrypt data
a public key known to everyone and a private or secret key known only to the recipient of the
message.
SSL URLs
Most Web browsers support SSL, and many websites use the protocol to obtain confidential user
information, including credit card numbers. By convention, URLs that require an SSL
connection start with https: instead of http.
Secure HTTP (S-HTTP)
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP
(SHTTP). Whereas SSL creates a secure connection between a client and a server, over which
any amount of data can be sent securely, S-HTTP is designed to transmit individual messages
securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing
technologies. Both protocols were approved by the Internet Engineering Task Force (IETF) as a
standard.

SSL 3.0 Vulnerable and Obsolete

SSL version 3.0 is based on the 1996 draft. In 2014, the 3.0 version of SSL was considered
vulnerable due to POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks. These
attacks allowed secure HTTP cookies or HTTP Authorization header contents to be stolen from
downgraded communications. Today, SSL 3.0 is considered obsolete and has been succeeded by
Transport Layer Security (TLS), but it is still widely deployed.

4) A merchant account

A merchant account is a type of bank account that allows businesses to accept payments by debit
or credit cards. So a merchant account is an agreement between a retailer, a merchant bank and
payment processor for the settlement of credit card and/or debit card transactions.

When a customer pays for a product or service with a credit card, the funds are first deposited
into the merchant account and from there eventually transferred to the business bank account.
Transfers to the business account are normally done on a daily or weekly basis.

If you are going to operate an e-commerce business and want to accept credit card payments
online, you need at least one internet merchant account (even if you already have a merchant
account, in many cases).
 5) A Payment gateway

A payment gateway is a merchant service provided by an e-commerce application service

provider that authorizes credit card or direct payments processing for e-businesses, online
retailers, bricks and clicks, or traditional brick and mortar.[1] The payment gateway may be
provided by a bank to its customers, but can be provided by a specialised financial service
provider as a separate service, such as a payment service provider.
A payment gateway facilitates a payment transaction by the transfer of information between a
payment portal (such as a website, mobile phone or interactive voice response service) and the
front end processor or acquiring bank.

White label payment gateway

Some payment gateways offer white label services, which allow payment service providers,
ecommerce platforms, ISOs, resellers, or acquiring banks to fully brand the payment gateway’s
technology as their own. This means PSPs or other third parties can own the end-to-end user
experience without bringing payments operations and additional risk management and
compliance responsibility in house.
References

https://en.wikipedia.org/wiki/Payment_gateway
https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate