I am a student with a project that as to do with online money transaction and the main aim is to create a secure website that can tract fraud transaction and a means of securing every bit of the website information secure from being hacked. The base of this project is all about programming/websites/security etc i have some step that i think i should take but i really need your view and comment and various measns to assure me that at the end of the project the website security will be secure against hacker
1. i intent traping the using ip address and store it then when the using using another computer different from the previous one i could send a pin to the mail of the real owner of the account for account verification
2. The uses of captcha techque to seperate human and robust access
3. Account alert with the use of sms
4. Encrpting the database info
And what are your possible contribution on these project of mine
pls do tell me other means that will be helpful to secure my site and database from been hacked or away that any harm could not be done on the site. Any contribution will be greatly appreciated

I don't know much about security but let us discuss
1- we use dynamic IPs, not all ISPs provide static IPs for their client.
2- OK
3- What's user reaction, how you'll handle it??
4- It's default.

I think there're sites manage and secure financial transactions.

For the issue of the IP Addr i want to include that to make sure that it the owner of the account that is really accessing it since Thanks for your contribution.
Plz i stil need more help!

Well right, you want to associate the IP with the account, but you can't. If I reboot my router/modem for example.... my provider will give me a new IP. So, now I can't access my account, and I am seen as a thief because I restarted my router?

not reaaly this will be implemented on your first login to your account which will accept your IP Address and store it but when you login again the program will have to compare the previous IP that you use to access the account if it is different it have to send you an sms or mail of a pin that u will have to use to login successfull as the real owner of the account.
Plz i need to help if you have another suggestion on how this could be done as a means of security.

This article has been dead for over six months. Start a new discussion instead.