Safety Net

Five years ago, the national newspapers were full of stories about junk mail. Life insurance mailings to recent widows were a popular horror story, but so too were mail order frauds. Such incidents may still occur, but they are not the common experience. Nowadays, the papers only occasionally take a swipe at this target.

Instead, they are more likely to run scare stories about security on the Internet. Consumers whose credit card details have been stolen by hackers, or captured by unscrupulous traders on the other side of the globe, often feature. When direct mail was the target, a popular conspiracy theory among direct marketers was that newspaper barons saw the medium as a threat to their advertising revenues, hence the hostility. The Net could simply be the next perceived challenger to be seen off.

Certainly, those involved in electronic commerce say there is little real justification for the negative coverage. Although credit card issuers are tight-lipped about how much fraud does take place, Internet transactions appear to suffer a lower level of abuse than their telephone-based equivalent, and one-hundredth the level of direct mail problems, according to one source.

Despite this, there is a very real perception in the market that electronic commerce might not be safe. According to research carried out by The Henley Centre, 69 per cent of a sample of 500 early adopters agreed they were concerned about the security of online transactions, 39 per cent of them agreeing strongly. However, analyst Chad Wallen notes: “The more people use the Net, the less strongly they agreed.”

He adds: “The way we came to understand it, electronic commerce is not an alien concept that they can’t imagine doing at all. But everyone is petrified of buying things. There are a significant number who seem to be buying and a larger number who are prepared to see it as commonplace in the future.”

This emerges from a comparison of how people are using the Net now and how they foresee using it in five years’ time. The Henley Centre found 59 per cent used it for getting information, 36 per cent for communication, ten per cent for entertainment and one per cent for transactions. In the future, however, 41 per cent said they would use it for communication, 33 per cent for transactions, 28 per cent for information and 16 per cent for entertainment.

Other research sources suggest transactions over the Net are slowly beginning to reach critical mass. Peter Matthews, managing director of Nucleus Design, says one way to calculate Net use is to combine figures. “Lou Gerschner, chief executive of IBM, believes 50 million people are online. Forrester Research, a leading US IT research agency, says one in four of all users of the Net claim to have purchased. If you extrapolate from that, that makes 12.5 million transactions,” he says.

He points out that Amazon.com, the remarkably successful online bookshop, declared first-quarter 1997 sales of $27m (17.5m). But he does sound a note of caution about assuming all Net transactions are substitutes for high-street purchases. “You don’t know how many of those purchases are legitimate or for pornography – a lot of credit card use is for pornography,” says Matthews.

Whatever effect such transactions have on Net users’ morals, they may at least have one positive outcome. If a user can give credit card details to a business as shadowy as pornography and not get ripped off, then the chances are a legitimate trader will be even more trusted.

These sites also educate users about the possible ways of buying online, especially if they use one of the three major “virtual credit cards” – Open Market, First Virtual and Cyberbank. These work by opening an account with a Net user who is then issued an online card. The real transactions are processed offline, converting cyber dollars into real ones, reducing the risk of details falling into the wrong hands.

John Sofield is managing director of TDS Internet. His company has the UK rights to Tradex, an online negotiating system which makes use of virtual credit. He says: “Once a consumer has signed up with a virtual bank, there is no filling out forms; they just use a digital code. Once that has been verified, the transaction can be processed.”

There is some scepticism about virtual banks, however. David Aldridge, European vice-president of iCat, which markets an online electronic commerce software package, says: “The average guy in the street doesn’t know those companies. They only trust Lloyds, NatWest, Barclays and Midland.”

For online shopping to take off in the UK, companies will have to become more heavily involved in developing systems and marketing to the general public. “We have been doing a lot of work with the four major clearing banks to get them to endorse what is going on. If they don’t say, ‘we use the Web and it is fine’, nobody will trust it.”

“The problem with the Net is that credit card companies are only now starting to make use of security protocols they are happy with, even though there are encryption formats which even the US military can’t crack,” says Matthews. In fact, issues of national security have held up the release of 128-bit encryption technology into the commercial world, because the FBI has been concerned that criminals and terrorists will use it to encode messages that they cannot then decipher.

However, Matthews says: “Even 64-bit encryption offers a very high level of protection.” The current most widely-used format is SSL (Secure Sockets Layer) protocol, which most new browser software can support. Aldridge says that for online traders, “if you are not using SSL, it is like giving your credit card to a tramp downstairs”.

What SSL does not have, however, is big-budget backing that will create a sense of reassurance among online shoppers. That is only likely to come as a result of the recently-unveiled SET2 (Secure Encrypted Transaction) protocol. This system is the end-result of a test by Microsoft, Mastercard and Visa whose ambitions are, variously, to dominate the Internet and to make cash a thing of the past.

Reaching agreement on a common standard has been far from easy for these three, and they will not immediately be able to impose SET2 on all electronic commerce sites. But in the UK, at least, the major banks appear to be endorsing the system, which will help get it established. Although once again, secure transactions really means secure for the financial institutions. “SET is only there to protect the credit card issuer, not the consumer,” says Aldridge.

For those companies already trying to build a business on the Net, it is a case of “suck it and see”. At Book Pages, a newly-launched online bookshop, managing director Simon Murdoch says: “We have run trials with encryption systems. Our argument is that SSL is pretty secure, so there is nothing to worry about.”

Murdoch says fears about security can be overcome by marketing. “Because of the confusion in the world about security, we offer two other ways of ordering. Customers can place an order with all the details, print it out, handwrite their credit card information on and fax or post it to us, or they can use a phone number during office hours and give us their card details,” he says. Use of these channels suggests security fears are more perceived than real – only 2.5-to-three per cent of Book Pages customers order by fax and just 0.75 per cent use the phone.

Unlike the US, fewer company buyers in the UK use credit cards to pay for business purchases, preferring to be invoiced.

The type of transactions which the general public might want to carry out online have also yet to be tested. Last year, the Post Office worked with a consortium of hard- and software companies to run an internal test of a transactional system which it called Project Genesis. Among the services it offered was buying travellers cheques online for collection from the nearest Post Office Counter.

According to US research agency Find SVP, 60 per cent of those who have been online for five years or more have bought products from an overseas supplier. While an unknown quantity of those purchases may have been shipped in plain brown wrappers, the event horizon for high-volume electronic commerce is probably closer than you think.