Privacy and Security
Usba Baklava places great importance on the safety of its customers. All personal and confidential information belonging to the user is stored in accordance with the standards in safe electronic systems. Our company is protected by state-of-the-art security systems and shoppers are providing high level security. No third party, including our company’s personnel, can access the personal information of our Company members, credit card data and all other sensitive information without permission or permission. It uses SSL and SET methods, which are the latest security technologies in this framework. With SET and SSL you can find more detailed information below.
Electronic Commerce is the online processing of commercial transactions involving the sale and purchase of products, services or information. Every payment system has some security requirements that must be met to prevent fraudulent information circulating in public environments, such as the Internet, from being compromised by malicious people.
These are mainly;
Confidentiality: Process information can only be seen by the right person or organization, not by third parties. Example: Prevent credit card number from being taken by others.
Integrity of data: To ensure that information arrives at the receiver unchanged as it is produced at the source. Example: The payment information for the received product or service is not changed, such as the purchase price.
Authentication: Proof of validity of credit card, card holder and identity of the store. Example: Verifying that the person who sent credit card information is card holder.
SSL (Secure Sockets Layer): SSL is a security protocol that is used for communication security on the web and provides the confidentiality and integrity of information transfer. Commonly supported by Web sites and browsers, SSL ensures that messages between the customer and the store are encrypted and decrypted only in the correct address.
SSL technology, developed by Netscape Communications Corporation, uses a mechanism of authentication (authentication, mutual recognition of two computers) in both client (information field) and server (information sender).
SSL uses digital certificates to prove the authenticity of parties involved in an internet transaction. The digital certificate holder sends the encryption key along with the other party certificate to encrypt the message to be sent to it. The message encrypted with the key sent with the certificate can be deciphered by the certificate holder so that the message can be read by the correct person.
SSL uses Public Key Cryptography as the encryption system. With this method, SSL provides confidentiality and integrity of both transferred information on the web, and confirms the identities of the client and the server. SSL, however, can not prove that the person making the transaction owns the credit card and can not prevent the merchant from entering credit card information.
SET (Secure Electronic Transaction): SET protocol, the most secure standard accepted by the whole world, is developed by a consortium of Visa and MasterCard to provide security in electronic commerce and has become an industry standard.
The SET protocol uses a combination of Public Key Cryptography (DES), Data Encryption Standard (DES), RSA (Rivest, Shamir, Adleman) encryption methods and is implemented in a more secure environment through shopping, virtual wallets and certificates.
SET guarantees the confidentiality and integrity of payment information during shopping, that the card user is the real card holder, and that the business is a business with the bank.
The SET, which is considered as an end-to-end payment protocol since it includes the issuer bank and the acquirer bank as well as the credit card holder and store, prove the validity of all parties involved in online transactions. At the same time credit card and order information is encrypted differently, so credit card information is blocked from being seen by the store.
Protection of data privacy: Data privacy is provided by encryption using public key cryptography. The party reading the message sends the public key to encrypt the message. The message encrypted with the public key of the party to which the message is sent can only be decrypted with the corresponding private key that the receiving party has.
Protection of data integrity: The message is hashed and encrypted in a fixed length previously determined for message digest. The party receiving the message decrypts the original message and compares it with the message digest it decrypted after processing it on the same fixed length. If both abstracts are identical, it is proven that the integrity of the data is preserved.
Verification of identities of other parties involved in the transaction
Verification of the identities of the other parties involved in the transaction requires a “trust hierarchy”. The SET protocol defines this trust hierarchy to support certificate management. A digital certificate is a digital signature produced by an authority at a higher level of the trust chain. Digital certificates are used to prove the authenticity of parties.