Dynamic SSL Case Study 1:
Securing credit card information in an ecommerce transaction
with a personal payment device
In a typical online shopping scenario, an end user navigates to an online shopping website using the HTTPS prefix in the address bar of their browser. When a lock icon appears in the browser, this signifies that the ecommerce server and the end user's browser are using the SSL protocol to encrypt and secure all communications between the two endpoints.
But when the end user types his credit card number into the computer to make a purchase, the number, along with other sensitive data, is not yet encrypted at this point. Hackers, using a keylogging application installed on the computer, or a Man in the Browser attack masquerading as a 'free utility' are able to steal the user's unencrypted credit card number and use it to make thousands of dollars of fraudulent purchases and cash advances.
Virtually every commerce website expects that the users credit card number will be keyed into a web form in plain text. Any deviation from this process on the client side will break the transaction in an unexpected format. Any deviation from this process on the server end will eliminate the possibility of attracting new customers that don't use their 'proprietary' system. Therefore, implementing endpoint security using any approach that fundamentally changes the process is unfeasible.
The Solution: The SmartSwipe Personal Card Reader
In the scenario above, instead of typing the credit card number on the keyboard, the end user swipes his credit card using the SmartSwipe Personal Card Reader connected to the personal computer.
Dynamic SSL software, running on the computer and within the SmartSwipe device, encrypts the credit card information before it even gets to the computer. In this scenario, any hacking tools residing on the computer will never have access to unencrypted credit card information - keeping the transaction completely safe and secure from endpoint to endpoint.
The SmartSwipe Personal Card Reader makes use of the Dynamic SSL's variable-based encryption process to ensure that no changes are required to the traditional purchase process.
The online merchant receives all transactions from the end user in the expected SSL encrypted format and no changes are needed to the merchants infrastructure to enable this extra layer of security. Therefore, the user may use the SmartSwipe Card Reader on any website, enjoying complete protection of their personal information from endpoint attacks, without limiting their choice of merchant.