by Julia Olsen (2015 cohort)
How do you order your college textbooks? I highly doubt you actually trek all the way to a bookstore, especially when cognizant of the risk that the books will be out of stock. What’s a more convenient, faster, and oftentimes cheaper method? Online shopping. Instead of combing through bookstore after bookstore for that Cory Doctorow novel you need for your cryptography course, with a few clicks of a mouse, the book will be on its way to your dorm room. Pretty amazing, huh?
Online shopping has revolutionized the college experience. Need hangers? Did you run out of shampoo? Perfume? Finding a way to get to the nearest Target or shopping mall can be a hassle; the simpler solution is to order your necessities through Amazon. They will arrive in two days, thanks to Amazon Prime’s free two-day shipping, a popular service amongst college students.
Can you imagine a world without the option to shop online? The chaotic nature of a typical college student’s schedule complicates efforts to go off-campus shopping. Consequently, many students turn to the Internet. Since its inception, the Internet has evolved into a virtual marketplace where you can buy just about anything. However, the explosion of e-commerce has not come without risk. As the number of online transactions has increased, so has the number of e-commerce hackers attempting to steal credit card information (Fernandez & Miyazaki, 2006). Due to the serious threat of fraudulent online retailers and third parties, the Internet has many safeguards in place (Fernandez & Miyazaki, 2006). Encryption is a major protection mechanism employed to ensure the security of personal information during online transactions. Thus, the most critical, and often underappreciated, aspect of online shopping is cryptography.
What Type of Cryptography Do E-commerce Retailers Employ?
Nordstrom had a terrific online Black Friday sale this year, and you were able to snag the boots your girlfriend has been ogling for weeks at a great price. During the online transaction, as you entered in your name, address, credit card information, and phone number, did you ever pause and ponder how the privacy of your information was going to be preserved? Did you recognize the security risks associated with providing all of this important information?
Cryptography is the process of masking the meaning of data so that only specified parties are able to understand a transmission’s contents (Shoretel, n.d.). It plays an extremely important role during online shopping. Secure e-commerce is made possible by a type of encryption known as public key encryption. This method relies on two mathematically related, yet different, keys: a public key and a private key (Proffitt, 2013). Public key encryption is an asymmetric key algorithm, meaning that the key used to encrypt the message does not have the ability to decrypt it as well. The public key is used to encrypt messages, while the private key is used to decrypt messages. In contrast, symmetric key algorithms employ one key that both encrypts and decrypts messages.
Public key encryption’s level of security relies on the randomness of the keys used. The keys have to be large prime numbers and need to be generated randomly in order to ensure that no machines can efficiently deduce the identity of the keys (Proffitt, 2013). Public keys are freely shared, while private keys are kept private. In order to send an encrypted message to a particular party, all one has to do is encrypt the message using the intended recipient’s public key, and send it. The encrypted message is only decryptable by the recipient’s private key; thus, only that individual can decrypt it, since only he or she possesses the required private key. It is impossible to deduce one’s private key from one’s public key in a reasonable amount of time, which explains why public keys can be common knowledge. On the other hand, the secrecy of private keys is essential, as anyone with the intended recipient’s private key has the ability to decrypt the message.
How Does Encryption Keep your Personal Information Private?
Encryption enables e-commerce. Transport Layer Security (TLS) is the most common cryptographic protocol used to ensure security during an e-commerce transaction (Proffitt, 2013). Secure Sockets Layer (SSL) is an older, yet still fairly common, cryptographic protocol as well (Proffitt, 2013). Through a combination of both asymmetric and symmetric key cryptography, TLS is able to create a substantial level of security for online consumers.
So how exactly was your credit card information kept private when you ordered those boots from Nordstrom.com? Communication between your browser and Nordstrom’s Web server accomplished this feat. At the start of the transaction, your browser requested a secure page from Nordstrom’s Web server; the browser was able to recognize the security of the page through the “https://” in the Web address (Proffitt, 2013). Then, the Nordstrom server sent your browser its public key and a digital certificate (Proffitt, 2013). Digital certificates are issued by certificate authorities, which are organizations that establish the legitimacy of a website by verifying that the transmitted public key does indeed correspond to the particular company (Singh, 312). These certificates typically contain the owner’s public key, the owner’s name, the certificate’s expiration date, and other information about the public key owner (Rouse, 2007). After your browser confirmed the authenticity of the site, it used Nordstrom’s public key to encrypt a randomly generated one-time key of its own (Proffitt, 2013). This new key was a symmetric key, and was used to encrypt other data that needed to be sent to the Nordstrom server from the browser. Then, this key, encrypted with Nordstrom’s public key, was sent to the Nordstrom server along with the newly encrypted data.
Following the reception of this information, the Nordstrom server decrypted the encrypted symmetric key by using its private key (Proffitt, 2013). Next, the decrypted symmetric key was employed to decrypt the other data sent by the browser (Proffitt, 2013). At this point, both the browser and the Nordstrom server had a copy of the symmetric key that was used. This symmetric key encrypted all of the remaining data that needed to be exchanged between your browser and Nordstrom until the transaction was completed (Proffitt, 2013).
Benefits of Encryption
Without encryption, e-commerce would not be sustainable. A risk of financial or identify theft accompanies every online transaction, and if credit card information was not encrypted, then it could fall right into the hands of fraudulent third parties (Shoretel, n.d.).
Encryption protects data by preventing unwanted individuals from reading the information. Without encryption, your confidential data could easily by read by hackers if they intercepted the communication between your browser and the retailer’s Web server.
How would you feel if your credit card information was stolen? Would you feel angry? Violated? Endangered? Thus, the importance of encryption cannot be stressed enough. In the collegiate world, online shopping is widespread, and the privacy of your information depends on cryptography. As long as encryption is in place, it is unnecessary to constantly worry about the security of your online shopping.
Important Advice for all Online Shoppers
To achieve a high level of protection during online transactions, only make purchases on websites that are encrypted. How can you tell if a website is encrypted or not? Encrypted sites start with “https://” and have either a green lock or green-colored URL on their browser (Wasik, 2015). The “s” in “https://” stands for secure (Proffitt, 2013). These features indicate that security software encryption is operative during the transaction (Williams, 2015). If neither of these features is present, then the information you enter during the transaction is at risk, and you should not make a purchase from that retailer.
Also, decline requests to create an account on a website if you do not plan to be a regular shopper on that site. It is safer to check out as a guest (Williams, 2015). If you create an account, it could be hacked, especially if you choose a simple password, or if the security of the website is compromised (Williams, 2015). Either way, if you have personal information, like your credit card data, saved in your account, then a hacker could access this information. Needless to say, this would not be an ideal situation. Yes, the creation of an account could result in a more effortless shopping experience on that site. However, the inconvenience of remaining a ‘guest’ is negligible compared to the potential dangers of creating an account containing valuable personal information. Another trade-off of not creating an account is that you may be unable to participate in companies’ rewards programs. Most of these programs offer slight discounts and advantages to their members, yet obtaining these benefits does not justify risking credit card data.
Beware of phishing. Cybercriminals create official-looking websites as bait for naïve, unsuspecting Internet users (GCF, 2015). Their intent is to get you to fall into their trap and share your credit card information (GCF, 2015). Phishing scams also take the form of emails. These emails are typically crafted to look like official messages from your credit card company or bank in order to appear legitimate and deceive you into giving up valuable personal information (GCF, 2015). Similarly, clever hackers often target consumers by sending post-e-commerce transaction emails regarding fabricated issues with completed online orders as a ploy to obtain personal information from gullible shoppers (Williams, 2015). It is advisable to never respond to emails, pop-up messages, or any other form of contact from your bank or credit card company asking for personal data without verifying the message’s legitimacy first (GCF, 2015).
In the digital age, the popularity of online shopping is expanding due to its convenience and accessibility. Thanks to cryptography, the security risks when shopping online are highly reduced. However, always be sure to practice these precautions in order to reduce your risk of encountering credit card data theft. Furthermore, you should regularly monitor your financial accounts to identify any fraudulent transactions in an efficient manner.
The prosperity of the Digital Age depends on the power to protect data during its journey around the world, and this relies on cryptography (Singh, 293). Online shopping, one of the major uses of the Internet, employs encryption in order to enhance the privacy of personal information transmitted during transactions. College students depend on online shopping. Thus, college students rely on cryptography, and should acknowledge its serious importance in the realm of privacy.
Fernandez, A. & Miyazaki, A. D. (2006). Consumer perceptions of privacy and security risks for online shopping.
Proffitt, B. (2013). Understanding encryption: Here’s the key.
Rouse, M. (2007). Certificate authority (CA) definition.
Shoretel. (n.d.) Web communication: Cryptography and network security.
Singh, S. (1999). The code book: The science of secrecy from ancient Egypt to quantum cryptography. New York: Random House, Inc.
Wasik, J. (2015). Three secure holiday shopping moves.
Williams, G. L. (2015). Buyer beware: Protect yourself while holiday shopping.
[Image of phishing websites] Retrieved December 4, 2015 from http://www.jwag.biz/newsletters/2014/04/02/smartphones-make-you-more-vulnerable-to-phishing-scams.html.