E-Commerce in Safety

Article excerpt

The economic potential of the Net is in danger of being derailed unless more is done to convince consumers and businesses that it is secure.

How safe is the Internet for on-line shopping with a credit card? Not very, if a selection of lunch-party guests featured in an. IBM TV advertisement are to be believed. 'It's not safe' is their constant refrain. 'It's too risky.' Finally, one character raises the possibility that it could be safe, to which another responds with the crucial question: 'But how do you know?'

Ask industry experts how secure the Internet is for electronic shopping and they'll come up with the stock response that it's no more risky than handing your credit card to a waiter or giving your account details over the phone. Yet, as the advertisement concedes, many people are not convinced. Even Big Blue falls short of claiming that the Internet is secure, concluding its advertisement with the announcement: 'IBM is making it safer to buy things over the web.'

Payment is not the only risk. Take e-mail, for instance. Few people stop to consider the consequences of a rival or a hacker reading their electronic messages, yet e-mail is extremely insecure and can be opened at any of the servers it traverses en route from sender to recipient. Then there is web site counterfeiting, or spoofing. This is where electronic saboteurs set up a fake web site with a name which is identical to a legitimate business in order to divert customers. Even companies the size of BT have been spoofed. Another tactic deployed by the cyber vandals is to bombard commercial web sites with nuisance calls so that genuine business traffic can't get through.

Small wonder that businesses and consumers are worried. Nor will they find much comfort in a policy report from The Consumers' Association which expresses concern about the lack of a regulatory framework for the Internet and the absence of a code of practice for security among Internet Service Providers (ISPs). The problems of enforcing contracts between buyer and seller, especially in the case of overseas suppliers, are also highlighted. 'These issues need to be carefully addressed in the near future if the economic potential of the Internet is not to be derailed by lack of consumer confidence,' the report says. Much is at stake - analysts such as Datapro of the US believe Internet-based commerce could be worth $100 billion ([pounds]59.7 billion) a year within a few years. But this won't happen if it is insecure.

The problem is that the Internet wasn't designed for electronic commerce. 'The basic structure of the Net is unsuitable for how it is now being used,' says Judith Jeffcoate, author of a report on Internet security for the telecoms market research company, Ovum. 'It was designed for a small group of researchers in a common domain of trust.'

The domain of trust concept can to some extent be continued in e-commerce where business partners are involved. 'With business-to-business, Internet communications can usually be prearranged,' says Mel Earp, technical director of European software company Sema. 'You know who your collaborators, suppliers and partners are and, if your approach is fairly structured, you'll know what kind of interaction you'll be having, so you can decide on the level of security.' Diary dates exchanged by e-mail, for example, might not be very sensitive, whereas orders, shipping information or details of strategic alliances and government contracts could be much more confidential.

Sensitive information can be sent through the Internet via a tunnel, otherwise known as a virtual network or extranet. This has sealed walls to prevent it being infiltrated. Creating a tunnel involves telling your server the exact location of the destination web site and what route is to be taken. In standard Internet communications the message finds its own way via any number of intermediary servers. You build a tunnel using a black box such as PIX (Private Internet Exchange), costing $10,000 from Cisco, the US-based networking specialist. …