The following article was originally written for CompareItAll.com. The rights have reverted to the author.
Please visit our online store at http://store.yahoo.com/samizdat
In the wake of recent news reports, in particular about the theft of credit card numbers from online retailer CD Universe, do you need to worry about credit card security on the Internet?
If you own a credit card company or an online store, yes -- that's your responsibility; just as it would be your responsibility in a physical store to worry about shop lifting and burglary and privacy of files and information that should be made public. But if you are an online customer, there's not much to worry about; and the benefits of using credit cards far outweigh the minimal risk.
Interestingly, in this much-publicized incident, the thief's "business model" was not to use the stolen information to make fraudulent transactions, but rather to extort payment of $100,000 from the retailer. When the retailer didn't pay, the hacker reportedly posted about 25,000 stolen numbers at a Web site.
What was the result? The hacker got nothing. The credit card companies and the banks that they work with incurred the cost of issuing new cards. The customers faced the inconvenience of having their old accounts cancelled until new cards were issued. If the cards had been used for unauthorized purchases, the cardholders would have been liable for at most $50; with the retailers and credit card companies taking the rest of the loss. That doesn't seem to have happened.
Anyone taking card numbers from that Web site and trying to use them before they were cancelled, would have put him/herself in a very difficult position. To use a card number and expiration date, without a physical card, to purchase tangible goods by phone or over the Web, you need to give an address to which the merchandise will be delivered, which makes the transaction very traceable. Cash advances require PIN numbers which you never give to online retailers. So the thief would be limited to paying for on-line memberships or buying "soft goods," such as software, content, and music, that can be dowloaded directly from a Web site; and companies in that business tend to take extra precautions to prevent credit card fraud because of their unique vulnerability.
The "business model" was apparently based on the power of fear. The real damage of an incident of this kind was that it would undermine customer confidence in a particular retailer and of online shopping in general. That's what retailers or credit card companies might be willing to pay to prevent. Fortunately, the hacker gained nothing, and now is subject to an extensive investigation which could lead to his/her arrest and imprisonment -- no benefit and lots of risk: not exactly the kind of enterprise that spawns copycats.
But news reports fed on pent-up fears left over from the early days of online shopping.
The first stores appeared on the Internet in the spring of 1994, but online shopping didn't really take off until 1998 and 1999. Yes, there were a number of hurdles that had to be passed before it became a mass phenomenon. You need a computer and an Internet connection. And there's the chicken-and-egg problem that shoppers need lots of first-class stores and shopping experiences to be tempted, but entrepreneurs and investors will only create such stores when there are lots online shoppers available. But for a long time, the major holdback was psychological -- a lingering, illogical fear of using credit cards online.
It was like the introduction of ATM machines, or of the use of 800-number services for buying goods with credit card, or even the first introduction of credit cards. It takes a while to get used to the idea, then you simply take it for granted.
The $50 limit of liability online is exactly the same as the liability for physical world use of credit cards. And just as in the physical world, when you buy with a credit card, if you don't get what you ordered or you think you've been cheated, you can report the incident to the credit card company and they'll remove the charge from your bill, pending investigation, which is likely to prove costly and time-consuming to the retailer. If you are in the right, the charge will be reversed and the vendor will end up paying penalty fees to the credit card company, in addition to losing the purchase. Plus, if the credit card company gets too many complaints about a given vendor, it can take away that company's right to take credit card orders, which could seriously hurt that business. In other words, whenever you buy with a credit card, you have a way to get disputes resolved with the vendor, no matter who that vendor might be and where it might be located; and the vendor has lots of incentive to make sure that you are satisfied. In other words, you are in a much better position when you pay by credit card than when you pay by check.
Actually, the whole business of encrypted secure online credit card transactions is probably grossly over-rated, based on fears generated in the early days of the Internet by companies that wanted to sell "secure" server software. Online commerce doesn't depend on your providing your credit card information by filling out a form at a Web site. And security doesn't depend on encryption.
To put the current situation into perspective, let's look back to the spring of 1994. Back then, less than a million people worldwide had Web browsers, and that audience was concentrated in education, high tech industries, and Northern California. Hundreds of companies were already using the Web for marketing. Customers who decided to buy had to pick up the phone or use a FAX machine to place their orders, or go to a physical store in their neighborhood. Some companies, too, were using the Internet for business-to-business sales, where buyers had established relationships, identified themselves with passwords, placed orders, and were billed through standard mechanisms.
Retailers wanted to make it more convenient for visitors to buy. But fear of hackers held them back, and they waited for the great innovations that were in the works -- encryption technology for secure transmission of credit card information over the Internet and the standards and business relationships with credit card companies and banks that would make it all work smoothly.
Then the Internet Shopping Network, a little startup company with about 10 employees, started selling computers, software, and peripherals over the Web. You could become a "member" by faxing or phoning with your credit card information. They got back to you with a password. Then you could buy whatever you wanted, whenever you wanted, without worrying about encryption. They operated with no inventory. They forwarded the orders to distributors. Sales numbers were never made public. But in about four and a half months the company was bought by the billion-dollar television retailer Home Shopping Network for four and a half million dollars. Of course, with the valuations of today's Internet startups, that sounds like small change. But at the time, that was revolutionary. Online shopping had arrived, it was profitable, and it could be done without waiting for fancy technology.
We should never lose track of the fact that the Web is just one piece of the overall commercial environment. For you as a consumer, you get the same benefits with the same minimal risk when you use a credit card online as you do when you use it in a store. And you also can and should be flexible about how you place orders and provide your credit card information. Many online stores let you do it by phone or fax if you like.
And sometimes, there's a benefit to placing a phone call after checking out what's available on the Web. On numerous occasions, I've ended up getting a product that was better suited to my needs, at a better price, or even learned about and bought more similar items of interest to me because I placed a phone call and got to speak to a knowledgeable sales person. You don't get extra techno-macho points for doing everyone on the Web. Do what makes sense for you.
In any case, you should shop at stores you trust and that go out of their way to build your trust and make sure you are a satisfied customer. If you haven't used a particular store before and don't know anyone who has, check to see if it's a member of BBBonline or TRUSTe. Check its rating at BizRate. Or see what other consumers have to say about it at sites like Deja.com. Any online store, no matter how big it is and what kinds of precautions it takes, might be hit by a hacker like CD Universe was, just like any store in your town might be burglarized. But in the unlikely event that you would be directly affected by such an incident, you'd want the confidence of knowing that any issues would be handled with good customer service.
Online shopping advice
The Online Shopping Directory
This site is Published by B&R Samizdat Express, 33 Gould St., West Roxbury, MA 02132. (617) 469-2269. seltzer@samizdat.com
Please visit our online store at http://store.yahoo.com/samizdat
Return to B&R Samizdat Express
Buy Richard's book Web Business Bootcamp (published by Wiley) http://www.amazon.com/exec/obidos/ASIN/0471164194/brsamizdatexpres
.
<
| Internet Business Showcase: | ||
|
|
|