A
system for conducting commercial transactions comprises an
application server that hosts a
software application that can be accessed by users to conduct commercial transactions thereon, an application user
database of authorised users capable of accessing the
application server, each authorised user in the application user
database being uniquely identifiable by means of corresponding
login name and
password, and a
proxy server communicable with the
application server and accessible by a plurality of registered users from respective mobile phones The
proxy server provides each one of the plurality of registered users with access to the application
server from that user's respective
mobile phone. A proxy
database is associated with the
proxy server, the proxy database containing details of authorised users in the application user database who are also registered to access the application
server through the proxy
server from their respective mobile phones. Each
registered user in the proxy database is uniquely identifiable by means of a corresponding user identification code, the proxy database also providing, for each
registered user, a mapping of that user's user identification code and the user's corresponding
user information contained in the application user database. The proxy database stores each
registered user's corresponding
user information in encrypted format, and the
system includes a
encryption engine capable of encrypting any data passed between the proxy server and the
mobile phone of each registered user. The proxy database also stores an active
encryption key for each registered user, the active
encryption key being used by the encryption engine to encrypt and decrypt data passed between the proxy server and the user's mobile access terminal. The encryption engine is dynamic, using a different encryption key during each session in which the user accesses the application server from his respective
mobile phone, the encryption engine generating, during each session, a further encryption key for the user and transferring the further encryption key to the user's mobile phone for storage therein.