Implementation Errors

According to Bruce Schneier, President of Counterpane Systems and a foremost expert in computer cryptography and security, "Many systems fail because of mistakes in implementation." In his paper Security Pitfalls in Cryptography, Schneier points out that e-commerce systems are often implemented through trade-offs in security for functionality. It''s one thing to understand the implications of choices made in implementing a system - it''s quite another if the implementor fails to possess the adequate background or knowledge to know the difference. Therein lies the major problem.

All too often, people skilled in HTML development alone declare themselves as ''programmers'' or ''system administrators'' without an inkling of knowledge in how Internet-accessible servers really work or what constitutes secure vs. insecure. In the rush to establishing an e-commerce presence, people are wrapping themselves with a false blanket of security that will only serve to strangle them to death once a breach occurs.

Small retailers often select the wrong people to help them sell their wares on the Web. "They hear that their sister-in-law''s cousin can do it, so they hire him. If you are going to put your store on the Web, you are responsible for the information that''s there. Your client is trusting you to make sure you do everything in your power to make sure that data is safe." Harris added.