Online shopping, more hype than reality. Related story:
=============================
Online shopping fear based on myths
There are no known cases of credit card numbers
being intercepted
Determining browser security
BY STEPHEN BUEL
Mercury News Staff Writer
Leslie Dixon of Salinas is an online merchant's dream. A devoted
catalog customer, she also owns a computer with Internet access.
So why is she at the Great Mall of the Bay Area on a 14-hour
holiday shopping spree? Doesn't she know it's e-Christmas?
''I enjoy the Internet but I'm
not confident at all,'' Dixon
said. ''Maybe it's something
I've watched in a movie -- the
fear of your credit card
number getting out there. You
work all your life to get good
credit.''
Dixon, 51, may be an
extraordinary shopper, but
she's a typical computer user.
Insecurity about credit card
usage remains the leading
impediment to online
shopping's growth. Nine of 10
people who don't shop online
cite qualms like hers,
according to surveys.
Yet their fears are
unwarranted. Using a credit
card online may actually be
safer than using one by phone
or in person, experts say.
''There are no confirmed
instances of a consumer's card
being stolen in flight,'' said
banker Joe Vause, a vice
president at Visa USA. ''I'm
not aware of anyone cracking
an encryption code and
thereby getting access to a
credit card number,'' agreed
browser inventor Marc
Andreessen of Netscape
Communications Corp.
''We've not seen it,'' added
Sgt. Don Brister of the San
Jose Police Department.
''This is really a non-issue,''
said businessman Russell
Gillam, a vice president at
Disney's Buena Vista Internet
Group.
In interviews with 30 such
experts, no one could point to
even one case in which a
credit card was pilfered online
by someone other than a store
employee -- and employees
pose an equal risk to cards
used in person. The list of
skeptics includes law
enforcement officials,
observers of the credit card industry, privacy activists, debt
counselors, security experts, business analysts and finally -- no
surprise here -- Web merchants themselves.
''People are more scared than they should be,'' said detective
Ted Rogers of the Mountain View Police Department.
That's not to say consumers shouldn't be wary. Caution is as
warranted online as it is in all financial matters. And criminals are
plenty likely to use the Web to con consumers into divulging
financial secrets.
Use common sense
But most of the appropriate warnings amount to common sense:
Do business with merchants you trust, don't give personal
information to strangers and always report suspected fraud to the
authorities. Computer users also should never send their credit
card number via e-mail and only buy online using secure Web
browsing software.
Despite the widespread fear, more and more consumers are
beginning to buy online. San Jose nurse Peggy Religa has used the
Internet to buy books and contact lenses. But like most other
consumers, she too doesn't really trust the security.
''I usually fax them my credit card,'' said Religa, 49. ''I don't
usually tell them online. . . . I don't have privacy concerns about
the people I'm buying from, I just don't want it to get out to
anyone else.''
Where have consumers such as Religa and Dixon gotten the
impression that their credit card numbers can be abducted online
if there's no truth to the rumor?
Part of the blame, as Dixon suggested, lies with the film industry.
Hollywood generally has portrayed the Internet as a dark, lawless
frontier where hackers, con artists and technological conspiracies
lie in wait to confiscate and change people's electronic identities.
''It is media-driven hype,'' said William Anderson, publisher of
Bank Rate Monitor, a newsletter that follows the credit card
industry. ''If there's someone in the world who knows how to do
that, they can make far more money out there in Silicon Valley
than they can stealing from people.''
Preying on rumors
Some responsibility lies with people who should know better,
Anderson said. ''Bank security officers make their money trying
to scare people; you don't need security officers unless there's
risk out there.''
Yet the myth of Internet credit card theft also was fed by true
stories about credit card fraud that involved computers and the
Internet but not both at the same time.
Consider the so-called Belmont ''cyber bandit'' who obtained
card numbers by stealing loan applications and only used the
Internet to spend his ill-gotten gains. Or the national credit bureau
that merely used the Web as a vehicle to erroneously ship data to
the wrong people.
''A lot of the articles that have trumpeted the dangers of the
environment -- once you read through them, they have very few
facts in them,'' said Tim Knowlton, a vice president at Wells
Fargo Bank, which has been urging its customers to bank on the
Internet.
The truth is, just owning a credit card exposes a consumer to risk.
Any card user runs the risk that a business will unwisely expose
their number to unauthorized eyes. But this can happen to anyone;
it is hardly unique to the Internet.
Watch the waiters
''The waiter scam is pretty hot,'' said Steve Rhode, host of the
Internet call-in show ''Get out of Debt'' and president and
co-founder of the Debt Counselors of America. ''Where does
the waiter go when you give him your card?''
But even this risk is minimal for consumers, since under federal
law card holders are limited to $50 exposure in cases of fraud.
Some banks and merchants even cover that.
The Internet has given old-fashioned swindlers a few new ways to
con a mark. Most simply update the old bank-examiner ploy, in
which a fake bank employee approaches a stranger and asks for
their credit card number or account information. Within the
Internet industry, this sort of thing is known as ''social
engineering.''
In the most popular high-tech variation, the swindler sends a
consumer e-mail or uses a pop-up menu in which they pretend to
be an agent of the consumer's Internet service provider. America
Online chief executive Steve Case seems to be the most popular
name for these con artists to hide behind. This is why AOL posts
the following warning prominently throughout its service:
''Reminder: AOL staff will never ask for your password or billing
information.''
A good standard
Though specific to AOL, this standard should apply to the entire
Internet, experts agree.
Another thing for online shoppers to consider is who they're doing
business with. Some companies may be well-known, such as a
neighborhood merchant or the online arms of giant retail chains.
Others could be popular Internet brands.
But consumers who aren't familiar with the business or person at
the other end of the transaction have options too. There's always
the recommendations of friends, or trusted third parties.
Consumers also can rely upon a growing number of Internet
middlemen, which have made a business out of serving as
intermediaries that ensure that the buyers get merchandise and
sellers get paid. Not only does this provide assurance -- at a fee,
of course -- but it can allow buyers to inspect in person goods
they've only read about online.
''You may buy a Rolex watch which is indeed a Rolex watch
which happens to have a small scratch that you didn't see in the
picture on the Web site,'' said Sanjay Bajaj, vice president of
business development for iEscrow.com. At his San Mateo
company, buyers have 48 hours before a deal is consummated in
which to raise such issues.
These services also can help merchants, by screening out
customers with bad checks or overtaxed credit cards, iEscrow
president Sherman Kwok said.
After the purchase
There is one threat that consumers are largely powerless to
respond to. This involves the security practices in place at the
other end of any credit card transaction. Any time a consumer
patronizes a business that uses a computer to store account
information, he or she runs the risk that employees or hackers will
break into the computer where the numbers are stored. This type
of crime is growing rapidly and threatens all types of credit card
users.
''You can't run away from it,'' said Jeffrey Johnson, national
director of Internet Security Systems, a consulting firm. ''You
have to do business that way.''
So you might as well shop online. That's the conclusion that a
number of major Internet companies hope to encourage with
holiday advertising campaigns stressing the safety and security of
electronic commerce.
''Visa right now is very actively encouraging consumers and
talking about the benefits of going online,'' said Vause. ''We very
much believe that the channel is ready and consumers can shop
with confidence using their Visa card.''
His message is being heard by a small but growing army of
shoppers. The industry analysts at Jupiter Communications
predict that consumers will spend $2.3 billion online this holiday
season. Still, that's just barely more than 1 percent of overall
holiday spending.
The steady growth in online spending stems from a number of
factors: advertising campaigns, word of mouth and news about
merchants such as Cisco Systems Inc., which expects to sell
almost $3.8 billion of products online this year. The movement of
banks and other financial institutions onto the Web also has
encouraged consumers to get into the act.
Kim Azevedo shops with confidence of a sort. But aside from
relying on the services of iEscrow to guarantee that she receives
the Barbie dolls she orders for her daughter, she admits that she
isn't quite sure why she's confident.
''I go through the secure lines, hoping that helps, and I haven't
had any problems with that yet,'' she said. ''Knock on wood.''
|
