NetTrends: devices add to security challenge
06:19 p.m Jan 19, 2000 Eastern
By Dick Satran
SAN JOSE, Calif. (Reuters) - Consumers handed an estimated $30 billion over to Internet sites last year, a sign that a lot of people have lost their fears about shopping online.
Most got what they ordered and didn't have their credit card hacked.
But that didn't minimize the fear that stalks the Web site operators at fast-growing virtual shops. Intense concerns over security are being underscored this week at the biggest-ever RSA Conference on computer security, as over 8,000 professionals convened this week for the San Jose, Calif. trade show.
The heavily attended event came after a big victory for the security industry in the form of the Clinton administration's plan to relax rules on the export of sophisticated encryption technology, which enables people to conceal credit card numbers and other data from prying eyes.
U.S. law enforcement and intelligence officials had opposed easing the rules, saying heavy-duty encryption technology would allow terrorists and criminals to hide their e-mail from authorities. The easing of those rules helps clear the way for establishment of a global e-commerce security infrastructure, and for international research in the field.
The need for strong measures was underscored earlier this month when hackers broke into online music retailer CD Universe (EUNI.OB) and stole 300,000 credit card numbers, threatening to use them if the company didn't pay $100,000 in ransom.
``That wouldn't have happened if the data had been encrypted,' said John Ryan, chief executive officer of Entrust Technologies Inc. (ENTU.O), one of the largest companies supplying encryption tools.
Ryan said such cases have heightened awareness of the need for security, especially among the e-commerce companies, if not with consumers. Some noted that CD Universe's Wallingford, Conn.-based parent company, EUniverse Inc., saw its stock drop sharply after the disclosure.
But security experts say some sites are forgetting about security issues in their rush to be on the Internet. In addition, some worry that putting too many security features on a site scares away some consumers and slows the transaction process, or that costly security features won't bring the same returns as other investments in marketing and customer acquisition. A recent survey by Zona Research showed that consumers who have to wait more than eight seconds will click to another site.
One of the hottest products at this year's RSA are encryption ``accelerators,' which boost the speed of the encoded security transactions.
The coded operations are basically complex math equations that require very fast machines to make real-time calculations, and at a site with millions of users, those operations can get very bogged down.
But encryption continues to be the fastest-growing part of the computer security business because it offers a way to protect data while it's in storage or while it's crossing the public internet. By scrambling messages, outsiders can't read them. The industry, meantime, has agreed on a kind of ``passport system' to hold records of the digital IDs, the so-called Public Key Infrastructure, or PKI.
``A few years ago, just a couple of us were talking about PKI; last year there were 15 or 20 and this year it's completely taken over,' said Ryan.
One reason is the explosion of Internet devices and mobile telephones with browsers. The encryption technology helps makes those devices vehicles for e-commerce by letting them carry encoded messages. Passwords are insecure and cumbersome for mobile users, and software and hardware tokens used for PCs as security devices are also difficult to use in the portable market.
RSA Security Inc.'s Derek Brink said that projections show that PKI-type security will surge in the years ahead, while passwords and tokens will remain in use but account for less of the market's total.
Passwords are still widely used as the sole security device on many sites, and consumers don't seem to mind. But Brink said, ``Passwords are problematic -- they are a relatively weak kind of security.'
Ryan sees security on Web sites getting more sophisticated, but consumers won't be the direct drivers. ``Consumers are upset if they lose their $50 (the deductible on most cards' insurance theft policies), or if their card gets canceled. But they aren't going to pay for encrypted digital certificates.'
In the future, security problems might be solved by biometric solutions like iris scanning, digital fingerprints, voice prints, face prints and retinal patterns -- which could be quicker and easier for consumers to use. All are technically possible. But don't count on seeing them anytime soon because of their high cost. ``The market buzz is not equal to the reality,' said RSA's Brink.
(The NetTrends column runs weekly. You can contact Dick Satran at dick.satran@reuters.com)
Copyright 2000 Reuters Limited. All rights reserved. Republication and redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon. |
