Secure Sockets Layer (SSL)
Nearly all web users are familiar with "secure" sites where the
browser's security indicator comes on (Internet Explorer's broken
key is made whole or the Netscape's lock is closed) when a Secure
Sockets Layer (SSL) connection has been established.
Knowledgeable web users know that the information they are
sending to the web server is encrypted. It's imperative that all
organizations that have SSL enabled web sites understand that this only
provides protection for the transmissions between the web browser
and the web server by encrypting the information that is being
passed between them.
Use of SSL has the effect of raising the web user's expectations
that their information will be handled in a responsible manner
once it is received by the web server. The user can not and
should not know how his or her sensitive information is being
handled; if they did, intruders would also know. Though the user
cannot know how their data is being handled, organizations that
use SSL have a greater responsibility to handle data collected
via SSL connections in a responsible manner wherever that data is
stored and however it is transmitted between systems.
Once the information, including credit card information is
transmitted to the web server, it is entirely up to the
organization that runs the web site to ensure that this
information is handled in an appropriate manner. Most small
organizations, and the large majority of associations are small
organizations, do not host their own web sites but rather use a
web hosting service.
At best it's misleading to use SSL between a browser and a web
server and then to transfer or store the same data at any
subsequent step in a less secure manner. This is a point that
is often overlooked when considering outsourcing services. If
you process data collected via SSL connections, then the
outsourcing web provider (or your own site if you self host), any
systems that this data is passed to and the connections between
them should implement security commensurate with that provided by
SSL.
A common feature provided by web hosting services is a simple
standard interface that allows any web form to be turned into an
e-mail. This makes it very simple to create web forms whose
contents are e-mailed to association staff who then key the
information into the appropriate system. It is almost guaranteed
that such e-mail transmissions will not be encrypted and the
contents of the web form, including credit card numbers, will be
transmitted across the Internet in plain text.
Though the odds of this information actually falling into the
wrong hands is fairly small, technically this information is
available to the network staff of any mail servers the e-mail
message passes through as well as to anyone who can put a sniffer
on any network segment through which the e-mail passes. The original
browser to web site transmission would have been only slightly more
secure without the SSL encryption. Don't put a security facade
over the part of the system the customer or member sees and
neglect the rest of the system.
Besides e-mail, responsible handling of data collected via SSL
would rule out using FTP transfers to move that data back to your
systems, unless the data were encrypted prior to the FTP, as
standard FTP includes no encryption. If you are sure that the e-
mail is encrypted with PGP or SMIME using a key length no shorter
than SSL (typically 128 bits for domestic transmissions and 40
bits for international transmissions) this should be an
acceptable delivery method. Likewise if data is encrypted by a
third party product at least as strong as SSL and subsequently
decrypted after being delivered to a secure part of your LAN,
then FTP transfers are probably acceptable. Such a tranfer
is probably secure but the use of ordinary FTP raises the question
or whether the site itself is secure. Transmissions through
Secure FTP or tunneled SSH (Secure Shell) should be adequate.
Sensitive data such as credit card numbers should be stored
as well as transmitted in a secure fashion. Systems on which
such data is stored should be behind a firewall and make use of
strong passwords. Access to files, directories and application
systems that use this data should be restricted to those staff
who need access to do their jobs. Backups and other administrative
procedures should not expose such data to unauthorized access;
for example unencrypted backups should not be stored at insecure
off-site facilities. At a hosted site, an association is implicitly
applying the same level of trust to the hosting staff as they do
to their own technology staff. Unless all data is encrypted using
keys to which the association and not the hosting staff have access
to, the hosting staff, as system administrators, have unlimited
access to all data stored on the hosted servers.
Unless precautions such as those described above are used, if any
user's credit card information or other sensitive data does
happen to be compromised, that user could reasonably claim that
the organization with the SSL web site used deceptive practices
because they knew or should have known that subsequent
transmissions and data handling were not comparably protected.
The damage to your reputation is likely to be greater than if
your site had made no pretense at being secure. Establishing an
SSL web site and then subsequently transmitting information
collected at that site via less secure methods might also
increase your legal liabilities.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|