Internet Security and the Consumer 
by Bill Mcgaw

Is it safe?

 That famous line from The Marathon Man with Dustin Hoffman (circa 1976) is one of the most frequently asked questions I encounter every day when working with Internet novices. We put new customers online every week and with so much negative press about the Internet they are justified to ask the question "Is it safe?" Is it safe to log on? Is it safe to download? Is it safe to make an online purchase? Is it safe to keep my checking account on the same computer? The questions, the Internet fears are endless. In this article we will attempt to expose some of the danger, disprove a few misconceptions; and give you, the user, confidence when making purchases on The Net. 

In the real world security risks abound -- waiters walk away with your credit card and consumers disclose credit card numbers on the phone. Yet, there is little to no resistance to purchasing in these manners; although perhaps there should be. A good friend of mine informed me of charges illegally made on his credit card in South America after a trip made three months prior. My friend had purchased a meal, and it was at that time the waiter took the opportunity to write down his credit card number and then use it to purchase airline tickets to Florida. There are risks in any financial transactions including the Internet, but the risks are a lot less than many people think. 

One of the Internet's greatest advantages is also a cause of great concern-- anonymity. The ability to remain anonymous on the Net removes barriers to communication and allows frank discussion on myriad topics, but that sort of freedom comes with a price. In this case it removes some of the protection consumers expect when making a purchase from a company. On the Internet, the same transactions customers make every day without hesitation can cause worry. Fear of misuse or fraud of information, fueled by the media portrayal of Internet security as anything but secure, runs high in the public especially when there are so many unknown companies doing business on the Net. According to Scott Cook, chairman of Intuit Inc., "The missing element is trust, you are not going to send off your life savings to the First Bank of Nowhere." 

The first tip to shopping online is to check the Universal Resource Locator or URL (also called address or location) to ensure you know whom you are buying from. Most legitimate businesses will have their own URL. For example, http://www.pepsi.com would indicate the official Pepsi website; whereas http://www.isp.com/directory/pepsi.htm would be somewhat suspect. 

A second item to look for is a phone number where you can call and purchase a product. Most scams will not give you a valid phone number, let alone a toll-free 800 or 888 number. Remember that the rules of traditional business still apply, so check references whenever you can. In many fraud cases a victim receives references but fails to check them out. Another good tip: visit the Internic domain registry to verify a URL by using the "whois" toolbox, http://rs.internic.net/cgi-bin/whois. This tool will tell you who owns a particular domain and how to contact them. 

If you are using either Netscape or Microsoft's Internet browsers (version 3.0 or above), merchants can offer increased security through SSL (Secure Socket Layer) protection. SSL adds a layer of protection in the transfer of data by encrypting the information as it passes from a forms page to the server (see Verisign's home page at http://www.verisign.com for more information). To verify you are visiting a site with SSL security in Navigator, look for a picture of a solid key in the lower left©hand corner (broken key indicates non-secure). For an example, visit https://www.imall.com (be sure to include the "s" in https). In Explorer look for a "padlock" in the lower right-hand corner. 

Thankfully, higher levels of security are becoming more prevalent, and the future of Internet commerce depends on this type of protection for consumers. Companies such as First Virtual (www.fv.com) and cybercash ((www.cybercash.com) not only encrypt the data passing through to the server, they also pass through a verification server (either Cybercash or First Virtual) to verify the user's identity using a digital security code and stop unauthorized use of your credit card number. Companies are also experimenting with direct payment from your bank account (similar to a check) using a digital signature to verify authorization of payment (www.fstc.org) The development of Digital Cash (www.digicash.nl or www.netbank.com) gives the consumer the ability to pay online using either personal funds from bank deposits or using "cash" that has been issued by a merchant. 

The Internet provides access to products and services all over the world, and as a result the promise of Internet commerce is growing (purchases on the Internet grew more than 5,000% in 1995 alone.) The security of Internet transactions is going to be paramount in fulfilling that promise; the potential for profit is the "carrot" which ensures the future development of even better security products. 

For more info on Internet security visit the Web sites referenced in this article as well as: www.epic.org © using infoseek try these parameters "secure electronic transaction." Some very good articles will return concerning many types of security on the Web.

 Bill McGaw is the President of iWay Solutions, a San Antonio Internet Services Company. He can be reached at iway@smart1.net or (210) 696-9800.