It could have been the ISP industry`s worst nightmare come true: When hackers broke into one of South Africa`s leading ISP systems and pilfered client credit card details - letting on immediately what they had done - it might have been more than a nose-thumb to an industry generally confident it has all the right security checks in place.
So far, it seems, no real harm has been done. But the potential threat of fraudulent use of extremely sensitive, confidential client data has no doubt sent ISP`s scurrying to re-check their security systems and update to the latest technologies if necessary.
Certainly, the incident has underlined once again that the Internet Remains an extremely vulnerable public network.
"The problem is that access controls such as one-time or user name passwords are an extremely weak link in any security system," comments Tim Ellis, General Manager for SACA (South African Certification Agency).
"These passwords are very easily cracked, but at the time most ISP`s started setting up, there really wasn`t a more viable alternative. Now hat there is, I think we`re going to see a fairly rapid migration to digital authentication systems."
SACA was established specifically to meet this growing demand, and to set an open industry standard in digital authentication solutions in South Africa. The organisation has exclusive rights to the products and Services of VeriSign Inc., the world leader in digital authentication for Internet access and electronic commerce applications.
"Security on the Internet remains the biggest single stumbling block to global electronic commerce," says Ellis.
"Obviously there needs to be a method of determining identity and achieving the degree of trust required to engage in critical trade in such a `faceless` environment. Also, consumers need to know that personal details, like credit card numbers, will remain absolutely confidential.
"Encryption technologies might scramble data and protect it from being read as it passes over the network," he continues, "but this is of little use if the person at either end of the message is not who they say they are.
"Digital authentication overcomes this problem by providing irrefutable evidence of identity in cyberspace."
Put simply, VeriSign`s Digital ID certificates as issued by SACA are electronic credentials that establish the bona fide identities of sites and site visitors in order to ensure legal, private and confidential communication sessions that cannot be penetrated by external parties.
A server secured with a Digital ID ensures visitors of a site`s authenticity and allows the session with the client to be encrypted, thus safeguarding companies marketing over the Internet from impostors, and Internet users from hoax sites wanting access to confidential banking details.
Exchanges between the client and server are performed using the Secure Sockets Layer (SSL) which is adopted by all vendors producing Web-related software. This negotiates the essential functions of mutual authentication, data encryption and data integrity for secure transactions.
The technology provides the latest state-of-the-art security. Nevertheless it is easy to harness, and at around R1 800 for the first application certification and a R600 annual renewal fee thereafter, is also extremely affordable.
Small wonder then that demand should be increasing so sharply. Ellis points out that, worldwide, VeriSign has issued more than 750 000 Digital ID certificates since July 1996, whilst in South Africa, SACA already has more than 500 registered clients using Digital IDs.
ISP`s are a major target market.
"With security such a high-focus issue, the ability to offer digitised protection is likely to become a differentiating factor in this increasingly competitive industry," he claims.
"It`s also going to be critical in getting electronic commerce adopted globally," he concludes.
Share