Hkpos.com, developed by the Visualized and Interactive Education (VIEd) team of The University of Hong Kong,
recently unveiled a programme that certifies the security of online merchants.
HONG KONG - Online-shopping is still not as popular as compared to the fast growth in the usage of Internet
and the development of e-commerce.
"This is due to the fact that most people think twice before they type in their credit card numbers and other
personal details," said Dr E. Herbert Li, associate professor of the Department of Electrical and Electronic Engineering,
HKU and leader of VIEd team.
He further explained that shoppers have difficulty in recognizing whether or not a merchant has installed security
facilities. In addition, online SME merchants may not have enough technical guidance to provide a secured solution.
"Thus without knowing whether it is secure to shop from an online merchant, we would most likely give up
shopping online altogether."
In order to solve this problem, hkpos.com has recently launched its ePOS Q-Mark Programme to certify online
merchants who meet a basic set of security standards with the appropriate hardware, software and administrative
control to prevent their customers' information from being disclosed or stolen.
The checkers include Computer Associates, i-cable Communications Limited, Jade Pacific Hong Kong Company Limited,
Corpmart.com Limited, and Tech Source Limited.
Q-Mark ePOS requires a Point of Sale (POS) server that provides an interface between Cardholder software and
Acquirer payment systems, using messages that adhere to the SET protocol.
The payment system has a POS software for transaction handling of one or multiple merchants. Each merchant maintains
a smaller amount of software to interface with the server and to transfer a transaction initiated by a cardholder
to the server.
Physical requirements for non-SET online transaction should include:
128 bit valid SSL-certificate for secure communication channel must be applied in the full path on transaction
so that all communication between the cardholder and the electronic commerce merchant including cardholder identification,
authentication, account or transaction information can be transferred under strong cryptography
payment server must not be reached directly via Internet
isolated LAN segment needs to be set up for payment server and only allows trusted IP access from defined ports
in LAN environment
intrusion detection facility must be set up for security monitoring
Online merchants who meet these set of security regulations will be certified under the ePOS Q-Mark Programme,
and a ePOS Q-Mark logo will be posted on their Web sites, indicating they have met the basic requirements on security.
Internet shoppers, whenever they see the ePOS Q-Mark logo, should be reassured.
With the launch of Q-Mark Programme, hkpos.com hopes to minimise the concern of security for personal online
shopping and to boost the popularity of e-commerce by providing a more convenient and secured way for both the
shoppers and the online merchants.
William Tse is ZDNet Asia's correspondent in Hong Kong.