Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL. Last spring The Online Trust Alliance, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so. Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
I need my customers to send me confidential data with a payment. I work for a regulatory agency that currently collects applications in paper based form with a physical signature including a check for payment. We would like to implement a industrial strength 'e-filing' solution. Where do I start? My Google-Fu and Delicious-Fu are failing me. I need to find information on 2009 best practices for capturing data ( e-forms, rest, edi ), identity management, security ( digital certs, etc ), and payment gateways ( direct debit, credit cards ). I also need to know what vendors are leading in these spaces. I am not really looking for a 'e-commerce' solution. I am looking for a 'secure electronic forms submission with payments and non-repudiation' solution. My company would need to host this in our data center. I would like to offer my customers multiple ways to submit and pay.
Looking for a PHP e-commerce store and a decent SSL certificate [more inside]
Do consumers recognize Verisign and other 'safe to buy' references? [more inside]