Security measures created to quell unfounded fear

By Published on .

Consumers say they're concerned about security when buying online, but they can't identify the source of their unease, and they keep hitting the buy button, according to industry reports.

To Jupiter Communications analyst Ken Cassar, this is a consumer psychology problem.

"What the merchants need to do is educate consumers and let them know they have no liability," Mr. Cassar says, pointing to a recent Jupiter consumer survey on electronic commerce in which security was identified as the No. 1 concern.

"Even if there is a fraud, the liability is on the part of the merchant and card company," he adds. (If a purchase is fraudulent, the bank makes up the loss; if a user is unsatisfied with his or her purchase, the merchant pays; and if a credit card is lost or stolen, the bank issuing the credit card is liable and the most the cardholder pays is $50.)


In addition, anti-fraud offerings from security companies such as CyberSource are helping to ease security concerns by screening online transactions for possible fraudulent activity.

CyberSource, San Jose, Calif., charges companies between 25 cents and 45 cents per transaction to match the credit card activity against fraud patterns. It charges merchants an additional upfront fee of between $500 and $1,000. CyberSource examines a number of markers that indicate fraud and ranks them. Red flags include things such as a delivery address that's different from the billing address or a name on a credit card that differs from that of the person placing the order.

Another important security measure is the implementation of Secure Electronic Transactions, a specification for secure electronic commerce being developed by a consortium of credit card and software companies.

With SET, buyers and sellers will have digital IDs, or personal encryption keys. When users make a purchase online, they give their digital ID to the store, which functions like a signature on a credit card slip.


The store's key, meanwhile, can be verified by a certifying third-party authority, such as Hewlett-Packard Co.'s Verisign unit, to authenticate merchants. So far, a few trials of SET have begun in Europe and the U.S., but there has not been widespread implementation of the standard.

"Our studies indicate that many consumers and businesses look to SET as a solution to security concerns," says Chris Anne Wheeler, director of information for ActivMedia, a market research company.

"It gives people an additional layer of comfort," she adds. "We see that as a major step forward in terms of alleviating the concerns of consumers."

The problem is getting the long SET encryption keys into the hands of consumers, says Tom Arnold, VP-engineering of CyberSource.

SET will become a reality when the Digital IDs it's based on are as ubiquitous as ATM cards, Mr. Arnold predicts.

In the meantime, trade groups that represent online merchants are preparing to educate consumers about safety in electronic commerce.


A spokeswoman for the Direct Marketing Association of New York says the group's Shop at Home program, originally crafted to help direct marketers, adapts well to electronic commerce.

"Anything companies and associations can do to get information to consumers about the safety of credit card numbers over the Internet is valuable," she says.

Russ Bodoff, general manager for BBBOnline, Arlington, Va., the online unit of the Better Business Bureau, is adding his group's credibility to online security efforts.

"We would agree the credit card issue is the No. 1 concern consumers have, but it's the least they need to have," he say


Mr. Bodoff says 1,900 companies have joined BBBOnline's self-policing program since it was launched last October, and the program is being expanded with a relaunch of the site this month.

"We plan a lot more education and awareness in this area. The credit card companies would also like to get out appropriate information," he says.

Bob Smith, executive director of Shop.Org, a trade group for online merchants, says the holiday shopping season would be the ideal time for a marketing push that emphasizes the security of online transactions and e-commerce.

"It's clear all online retailers are looking forward to great things happening during this holiday season, and that might be the appropriate time to launch a communications campaign," he says.

Copyright October 1998, Crain Communications Inc.

Most Popular
In this article: