This year, retailers are gearing up for what promises be a record season for online sales as more and more consumers cave in to the lure of 24-hour shopping, free shipping deals, and the comfort of their couch. According to industry group Shop.org's eHoliday survey, 68 percent of retailers expect to see their online sales grow 15 percent or more as compared to the 2010 holiday season. Fortunately, standards are in place to help make holiday shopping a cinch, and ensure that online transactions are performed smoothly and securely.
With wish lists in hand and budgets in mind, shoppers are sure to find numerous promotions online. But before "checking out," shoppers must first provide their credit card number, address, and other personal information in order to complete their online transaction. Thanks to INCITS/ISO/IEC 18033, Information technology - Security techniques - Encryption algorithms, consumers can rest easy, knowing that this data is being transmitted safely and securely.
INCITS/ISO/IEC 18033 is a four-part international standard that helps to ensure the confidentiality of personal information shared over the Internet using encryption and decryption algorithms. When a user inputs their personal or financial information during the checkout process, a cipher is applied to the plain text, turning it into encrypted data that can be safely transmitted. Once the data is received by the retailer, the cipher is once again applied to decrypt the data, returning it to plain text.
This standard was developed by the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) Joint Technical Committee (JTC) 1 Subcommittee (SC) 27, and has been adopted as an American National Standard. The U.S. plays a leading role in the work of ISO/IEC JTC 1, with the American National Standards Institute (ANSI) serving as secretariat, and ANSI member and accredited standards developer the InterNational Committee for Information Technology Standards (INCITS) administering the ANSI-accredited U.S. Technical Advisory Group (TAG) to JTC 1. Karen Higginbottom, director of standards at Hewlett Packard, serves as JTC1 chair.
The use of public key techniques is also an important part of data encryption. As consumers complete online transactions, the information they enter is encrypted with the retailer's public key. The retailer in turn decrypts the information with a private key, assuring that no outside sources have access to that information. An American National Standard from ANSI member and accredited standards developer IEEE sets specifications for public key cryptography to help secure electronic transactions. IEEE 1363.2-2008, Standard Specifications for Password-Based Public-Key Cryptographic Techniques, addresses these techniques for password-based authentication and key establishment.
If retailers' expectations are right, shoppers will assert a strong online presence this holiday. Thanks to standards, holiday shopping is made safe, secure, and simple - a cinch, even for the busiest grinch.