OF TRUST AND RISK.
E-Commerce, as any other form of commerce depends on a level of
trust to exist between a buyer and a seller. The Internet presents
a challenge, not very different from what a catalog or
direct mail retailer faces. The challenge is twofold, proving
to the buyer that they are who they say they are, and proving
to the buyer that their confidential information such as
credit card numbers remain so.
For some reason, consumers seem to place less trust in the
security of their information on the Internet than they do
when calling a toll free number or placing an order by regular
A REALISTIC LOOK AT RISK.
Before tackling the issues that a secure server deals with,
it is important to look at the typical risks facing
the buyer in any given, everyday transaction.
In the course of a typical week, how many people to you disclose
information to, in the belief that your information is protected
from the forces of evil? The odds are that you probably do not
give it much thought at all.
- The seller is an imposter. A fraudulent retailer could
use a name either the same, or very close to that of a
well known legitimate business. Their sales depend on
deception. This is somewhat more difficult to accomplish
with a traditional brick-and-morter store, but not to
hard with direct mail or telephone based sales.
- Theft of information. After making a purchase, a customer's
private information can be stolen by an outsider or a
dishonest employee. This problem is common to all types
of business and is the most prevalent form of fraud.
- Interception. Some sneaky person places themselves in
a position where they can obtain information. Whether it
is looking over somebody's shoulder at the checkout
counter and memorizing their credit card number, stealing
mail, tapping phone lines, or even going through the
retailer's garbage. In Internet jargon, the terms
packet sniffing or man in the middle attack
are used to describe this activity.
WHY IS THE INTERNET SO MUCH RISKIER?
Simple. Lack of comfort, understanding, and experience with the
Internet. Everyone knows that stores and catalog companies always
shred their records before disposing of them. That people would never
look over somebody's shoulder to see their credit card. And never,
ever would somebody dare to risk opening or stealing someone else's
mail. In order to get a phone number for a business, you have to
prove to the phone company who you are, and no person in their
right mind would ever lie in writing about who they are.
I hope you don't believe much of what I just said! The truth is
that on the Internet, the risk to the seller from consumer fraud
is greater than in any other type of commerce. We are however,
dealing with making our customers feel all safe, warm, and fuzzy
about us, not protecting ourselves.
Handling consumer data using a secure server is about protecting
the privacy or the consumer, not about protecting your business
from consumer fraud, at least for now.
SO WHY A SECURE SERVER?
Using a secure server protects the consumer in two ways. First,
the data passing between the browser and the server is encrypted
to prevent interception by not-so-nice folks using packet
sniffers, and by means of a Certificate Authority, proving to
the consumer that the site is operated by the company claiming
to be operating the site.
These are the only two risk issues addressed by the secure server.
There are many possible weak links
in the data handling chain that often defeat the purpose of
having a secure server- that do not reduce the customer's trust
in the site.