One of the early comparisons about e-commerce security was that giving your credit card number to a call-centre operator or a waiter in a restaurant was less secure than using it online.
By far the greatest worry about e-commerce for consumers has been security, and rightly so.
According to research by MasterCard last year, consumers’ online shopping decisions are heavily affected by security concerns: 73% of consumers said enhanced security features would influence their decision to shop online, 70% were concerned with security and fraud issues, while 61% were worried that their credit card numbers would be intercepted by “hackers”.
There is no denying that the Internet is the future of transactions. But consumer confidence is the key to making consumer use of e-commerce as successful as those between businesses.
While the telephone or waiter comparison demonstrates there is as much offline security risk, it does little to convince still sceptical consumers to shop online. Security also weighs heavily on the minds of merchants who supply the services, as they often foot the bill if there is fraud involved.
“It’s a little bit of a catch-22 situation,” says Gary Byrne, the vice-president of payment solutions of MasterCard Southern Africa. “Merchants aren’t actively marketing the Internet channel. As a result of them not marketing it, cardholders or users aren’t being drawn to it in a major way. This is the reason that it isn’t being successful.”
At the core of this is the simple fact that on the Internet you can’t prove someone did a transaction, because there are no signed slips.
“What tends to happen is that [it is] the merchants who tend to get burnt. They ship the goods and if the consumer repudiates it or there is fraud, the upshot is that the [current transaction] rules say that it gets returned to the source, and the merchant bears the brunt,” says Byrne.
Many consumers fear that their credit card details will be “stolen” or “sniffed” if they make a purchase; and this means confidence must be instilled in the user.
What they need to know is that there are many layers to security, which should be implemented and effectively used.
Firstly, a secure connection is usually established between a user’s browser on their computer and the merchant’s server. That creates a secure “tunnel” between the two machines.
To prove its authenticity, a legitimate site will send a “security certificate” to a consumer’s browser, “proving” it is who it claims to be.
The second security system uses encryption, which means the information is converted into a complex code. To commence transactions, such as sending passwords, ordering goods or transferring money from your bank accounts, the authenticated server may now send a “key” to your PC through the secure tunnel, which digitally “locks” information using the secret code.
Thirdly, once the transaction has been commenced, such as logging in or placing an order, the secure server then uses its own “key” to unlock the consumer’s information and process their transactions. All of this remains invisible to the user, who simply clicks, surfs and transacts, without having to do any difficult sums.
Once details are in the online merchant’s system, they need to ensure all the correct security is in place, says Arthur Goldstuck, managing director of South African IT researchers World Wide Worx. “If you follow the manual, which is very rare, and adhere to the basic principles of information security, you shouldn’t have a problem.”
Once the correct security is in place, consumers can shop safely and securely. “Then it becomes the whole convenience thing of using the channel,” says Byrne. “We’re betting on it.”
MasterCard, like other enablers of online transactions, has several products that it provides to banks and merchants to handle transactions securely and to prevent fraud.
One new mechanism that is slowly appearing are smartcards, which are credit cards with a chip onboard that stores verification information, such as a PIN (personal identification number) code or fingerprint, in a secure way. Smartcards are already in use as SIM cards in cellphones or in satellite decoders.
They are widely used in closed systems, such as the warehouses of major retailers. South Africa’s Prism is a world leader in using this technology. It has upgraded the pay points at some Shoprite, Checkers and Hyperama stores to accept them, and did a deal with Nestlé South Africa to introduce smartcard-enabled vending machines in corporate offices, factories and campuses.
Byrne says their advent will ultimately be inseparable from e-commerce. “The banks are starting to deploy them and when there are enough in the market, merchants will start using these security features.”
He suggests there might be smartcard readers attached to computers and they will be used to verify transactions over the Internet.
“That’s another channel that we believe has a lot of potential. The set-top box, or satellite decoder. Satellite buying holds enormous potential and smart cards are going to play a very big role in that.”