Boston - Purchasing items on the Internet is becoming hip, but security shortfalls will continue to bedevil merchants and consumers alike, according to speakers and attendees at the Internet Commerce Expo taking place here this week.
Privacy, access control and authentication of purchases are major electronic-commerce concerns, according to Tom Carty, vice president of marketing and business development at GTE CyberTrust Solutions Inc. in Needham, Massachusetts, which offers certification products and services. The dangers are both real and perceived, he said.
Worries about security tend to drop away once a company has proven that it can be trusted online, Carty said. "It's a learned experience," he said. "Some companies are not doing a good job of educating (consumers)."
It is up to merchants, not consumers, to take the lead in making the online experience a familiar one, said Andrea Mulligan of Online Development Corp., a Waltham, Massachusetts, provider of Internet catalogs and tools for direct marketers. "Companies doing commerce must do the education."
Only when that has been accomplished will online shopping become something that consumers do regularly. "Once people get over the learning curve and the fear and privacy part, it will be a common occurrence," she said.
Other technologies also went through a period of distrust before entering mainstream use, one person said. "It took a while for debit cards to come into vogue," said Frank Trotter, former managing director of new product development and marketing at Mercantile Bank N.A. Capital Markets in St. Louis.
The transition has to be something that participants are prepared for, he said. "The naysayers who said that the 'Net won't work early on weren't ready to be on the 'Net."
Barnes & Noble Inc., which launched its Web site last May, discovered that 70% of those who surfed the site were concerned about privacy and did not register to buy anything, according to Susan Boster, director of marketing for the online venture.
As a response, the bookseller gave greater prominence on its site to its privacy policy, and with help from Firefly Network Inc., a provider of filtering services, it allowed its customers to choose whether their personal information could be forwarded to the Barnes & Noble affiliates such as Disney.
This option did not comfort one attendee, a manager at a New Jersey-based Internet service provider. "What if someone gets hold of the information?" she said. "There's no way to prevent" that sort of intrusion into one's privacy.
But she acknowledged that such uncertainty exists outside cyberspace as well. "Then again, when you go to a restaurant and give your credit card to a waiter, you don't know," she said.
Even some established security measures aren't as reassuring as they could be. Passwords, for instance, can easily they can be broken through tools, guesses, system cracking and falsified identities, according to Marc Fastiggi, director of technical marketing at Security Dynamics Technologies Inc. in Bedford, Massachusetts.
"They're not strong enough," Fastiggi said. "When you use passwords, you have to keep your eyes open." Given the effort and equipment needed to make them effective, he said, they are "more expensive than originally thought."
To address the problem of security, companies and organizations such as Beth Israel Hospital in Boston and a leading Italian telecommunications carrier are taking a two-pronged approach to ensuring a user's identity, Fastiggi said. They are using not one, but two forms of identification, from a list that includes tokens, smart cards and biometric devices such as retina or fingerprint scanners.
Carty pointed out that digital certificates - electronic documents that verify a user's identity - are one tool that companies can employ now. The certificates can authenticate purchases, provide greater access control, and offer "consistent security and trust," he said. As the telecommunications industry went through its deregulation, he said, GTE used digital certificates to share customer information with their competitors, including Sprint Corp., and AT&T Corp.
A long-term solution, according to Fastiggi, lies in smart cards, which are more flexible and offer greater storage and management options.
The move toward trustworthy systems also has been stymied by the slow rollout of systems based on the Secure Electronic Transaction (SET) protocol, which is forcing companies such as MasterCard International Inc. to ease their rules about tracking credit card payments over the Internet, so that security is not yet as robust as some had hoped, Carty said.
RELATED LINKS
Network World, 3/23/98.
HP's Platt warns of 'Net's potential for damage
Network World Fusion, 3/11/98.
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
Request a reprint or permission to use this article.
