Capabilities Needed for Transactions

All businesses conducting transactions need to have the following capabilities in place.  Note differences between conventional retail stores and electronic commerce:

• authentication:  verifying the identity of the other party.  Like a store asking to see ID when you write a check.  On-line can be done with digital signatures or certificates (created with encryption) and by verifying submitted data.  For example, the shipping address can be compared to the credit card address.
  

• authorization:  verifying access rights.  Like cashiers having to have a key or password to get into the register.  Pretty easy to do in most networks once ID is verified, but hackers can sometimes get into things they aren't supposed to!
  

• confidentiality:  keeping transactions secret from everyone except parties involved.  Can be hard to do in retail stores!  Easy on-line with encryption, so long as the server isn't hacked!

• integrity (of the transaction):  ensuring that the transaction has not been changed or damaged.   Not usually an issue in stores but could happen if the price marked is different from what rings up.   Automatically ensured when encryption is used.

• non-repudiation:  preventing denial of a completed transaction ("I didn't order that...").  Not usually an issue in stores.  Goes along with authentication--need procedures in place to prove that the customer is who he/she says.