World Telecommunication Day 1999 |
In cyberspace, as elsewhere, fools and their money are soon parted. Computer shopping provides both purchaser and purveyor with new products and services. But a third party - the criminal element - can also spot potential. Mail and phone scams are now found on-line, as technology makes possible new ways to hoodwink consumers.
Most people assume e-commerce is ruled by the same laws as its traditional predecessor. In fact, this is not so, and the system has some weak points - credit cards, for example. The ubiquitous plastic card was made for trading physical goods with actual vendors. Some banks have strong information technology and anti-fraud measures (German banks reportedly have rigorous security) while others, experts say, are overwhelmed. Many, particularly in Europe, are slow to report cyberfraud, perhaps because they are concerned about exposing their vulnerability.
Yet banks, like everyone else, want a piece of the growing pie; e-commerce revenues this year should total $180 billion; by 2002 the figure is expected to rise to $1.2 trillion.
In 1998, a $50 million swindle, distributed across 900,000 credit cards in recurrent charges ($20 - too small to draw attention) swept through 22 countries, illustrating the frailty of e-commerce, at least as charted on current technology. Stolen card numbers were apparently the means. It is not difficult for hackers to steal numbers from e-commerce sites, say industry sources.
Yet it is not easy to find many examples of cyberscams on such a major scale. Software problems have resulted in shoppers' being overcharged, but the money usually gets returned. Huge financial trading frauds are of another order altogether.
This is why some dismiss fear and warnings as overblown. Says Herman Coster, an ex-Apple technician and now chief technical officer of his own Web site (goodmorningparis.com, an on-line English-language newspaper on Paris): ''The negative wave is fed by banks and people who are scared of what the cyber-revolution means. And it's stopping the revolution from getting the boost it needs.''
Calling all transactions unsafe, Mr. Coster contends, is nonsense. ''It's more dangerous to pay with your credit card in a café,'' he says. ''Any waiter can write down your number and get your cash.''
Of course, there is no such thing as total security in either the virtual or the physical world. But where there are risks, there are also solutions. Consumers should be safe if they are careful not to give their card number to just any site - especially to a company they do not know. Public places, like cybercafés, are also chancy.
When a customer types in his or her credit card number, the information is transmitted to a server, and it is during this transmission that someone can intercept the data. Companies habitually flash messages warning customers of this. Users just as quickly click on OK to move on.
Companies doing serious e-trading will have secure sites that use encryption, or coding, which makes it harder to get the data. This includes all major enterprises, from computer makers Apple and Dell to purveyor of lingerie Victoria's Secret. Major channels or portals like Amazon.com tell customers that they guarantee shopping with them is safe and the customer will not pay any unauthorized charges.
When entering a credit card number, the user sees a lock icon on the screen, or a message saying the site is secure; meanwhile, the address changes from http to https (''s'' for secure). The user should not release the information if he does not get these signals.
What is more, companies should have a certificate proving they have a secure server, and customers can ask to see it. The certificate should be in the Web site name. Large auction sites like eBay also have insurance policies that cover shoppers. Some companies publish their privacy policy to assure that clients' personal data will not be made available to third parties.
Governments have imposed encryption standards, but they are not equal around the world. Europe, at 40 bits, is far behind the United States (128 bits). More scrambling means computers take longer to get the information. The United States may up its norms, because as computers grow more powerful, companies must stay ahead of the potential pirate.
Short of canceling one's cards and stuffing cash under the mattress, experts advise carrying as few cards as possible. Consumers can eliminate debit or other cards they use infrequently and minimize transactions so that irregularities can be more easily detected. They should also notify their bank immediately of any questionable charges. Consumers usually have 30 or 60 days to cancel, as long nothing has been signed. They can ask their bank for money back if they change their mind. Of course, this assumes they are monitoring their cash flow and that the bank is cooperative.
Conflicting national policies are obstacles to consumer protection - but help is on the way. ''The legal and regulatory framework is being put in place,'' says Alexander Ntoko, a project manager in electronic commerce at the International Telecommunication Union in Geneva. ''This will reduce the risks by providing legal protection for on-line commerce.''
Governments are also considering applying traditional advertising rules to the Internet, which will protect consumers from misrepresentation. The trick is to avoid creating restrictions that would erect barriers to trade. The European Commission, the Organization for Economic Cooperation and Development and other groups are actively seeking standards and an international charter. Cross-border diversity led to the OECD's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, released as far back as 1980.
Another reply to the call for more international coordination is the Global Business Dialogue on Electronic Commerce. Backed by companies like France Telecom, Time Warner and Bertelsmann, GBDe held its first conference Sept. 13 in Paris, where it recommended a continued moratorium on Internet taxes, doing away with restrictions on security exports, the introduction of a ''seal of approval'' for sites protecting consumer privacy and third-party arbitration of e-commerce disputes.
Joshua Jampol