E-commerce is alive and well. Holiday shopping sales were through the virtual roof last season and analysts predict continued growth in the online channel in 2006.
There’s only one problem: Security threats seem to be rising almost as quickly as e-shopping revenues. From phishing to pharming to hacking and cracking, electronic fraudsters are stealing identities from customers and credit card processing databases, and all parties are more than a little concerned.
Data points from Internet performance firm Keynote Systems are telling. For example, even at the best online banking sites, up to a third of online consumers are not fully satisfied with the privacy and security of the site. When booking hotel accommodations online, trust and security issues are almost as important as price satisfaction.
“Establishing trust online has become essential to the e-business experience. After all, consumers have no way of knowing whom they are giving their personal information to, even if the site looks familiar. These ‘familiar’ sites can actually be phony sites looking for personal information,” Melih Abdulhayoglu, president and CEO of trust assurance services provider Comodo, told the E-Commerce Times.
With so much risk and new threats arising all the time, how can consumers and e-merchants protect themselves, and establish trust online? How can consumers truly protect their identities, and how can e-merchants utilize tools to ensure users that their business is a trusted source so that relationships may be sustainable, positive and secure?
These are some tough questions; questions to which every stakeholder in the e-commerce game craves an answer. There are two sides of the equation — consumers and merchants — both play critical roles in keeping the Internet a safe place to work, shop and play.
Consumer Best Practices
A recent Federal Trade Commission report found that 37 percent of all Internet Fraud complaints filed dealt with identity theft. Additionally, Gartner research vice president Avivah Litan noted in her report “Credit Report and Internet Data Theft Results in More Fraud in 2005” that of those surveyed, financial losses resulting from information stolen off the Internet was US$2.7 billion.
Consumers have a part to play in the fight against identity theft. Specifically, consumers need to implement best practices to protect their banking, credit card and even social security numbers. If stolen, fraudsters will use this information for fraudulent purchases, fraudulent financial transactions and as false IDs for criminals.
“It used to be that people stole wallets to get this information. Now, unfortunately, fraudsters hack into Web sites, computers, or pretend to be legitimate businesses to get private identity details,” Abdulhayoglu said.
EDS security and privacy expert Peter Reid offers eight consumer best practices out of the gates:
- Know the business you are dealing with.
- Ensure you are shopping at a secure Web site.
- Beware of phishing e-mails that appear to be from trusted businesses.
- Review privacy and security policies of the companies you do business with.
- Do not use personal information for passwords.
- Be proactive in protecting your security by keeping antivirus and firewall software updated.
- Be aware that international security and privacy standards may be different.
- Check your credit report regularly.
“A secure Web site uses encryption technology to scramble the information you send, such as your credit card number, in order to prevent identity thieves from gaining access to it. Secure Web sites addresses also include https:// at the beginning of the address — the ‘s’ indicates the Web site is secure,” Reid told the E-Commerce Times. “Also, look for a closed padlock displayed at the bottom of your screen, it that lock is open, this may be a sign that the sight is not secure.”
The Merchant’s Responsibility
Even if consumers take these steps, this is only half of the security equation. For their part, merchants need to make identity trust and assurance their business strategy rather than just deploying point security solutions to address a specific vulnerability, Abdulhayoglu noted.
His company’s certification authority product is designed to allow e-merchants and consumers to confirm identity and site safely from surfing through to the final transaction. Comodo is one of many springing up in this competitive Identity Trust and Assurance market.
“With the increase in both the frequency and sophistication of malicious online activities such as phishing and identity theft, a fresh approach is needed to protect consumers as they conduct business online,” said Judy Lin, executive vice president and general manager, VeriSign Security Services.
VeriSign Identity Protection launched in February, hoping to be viewed as that “fresh approach” to combating digital identity theft targeted for both consumers and online services. VIP allows consumers to use a single security device to authenticate themselves across any member site, like PayPal, eBay or Yahoo.
The truth is, the major online merchants have strong systems in place. Banks spend millions of dollars on IT security, hardware, software and human resources to keep data safe. ISPs have run to the battle line with solutions designed to protect their subscribers. Merchants are pursuing authentication technologies.
Putting trust back online is more than just putting security measures in place. It’s communicating that you have done so, according to Robert Scaliano, a personal security and identity theft expert in Boston. His clients include British Petroleum, GMAC and KPMG Peat Marwick.
Scaliano looks at security as a journey, not a destination. Like a bank vault, thieves will always target IT systems. It is an evolving and never ending game of cat and mouse. Merchants and banks need to inform consumers of their dedication to winning that game to maintain healthy e-commerce, he told the E-Commerce Times.
“AOL has made online security their entire sales and marketing campaign,” Scaliano noted. “Citibank launched those funny commercials to show their clients and potential clients they’re watching your back. The sooner banks and retailers incorporate security into their marketing plans the better.”