By ADAM DUNFORD
CDnow. Music Boulevard. SoundStone. World Wide Music. Faster than artists can produce albums, companies are cropping up on the Internet selling CDs, cassettes, DVDs and records to online customers.
In fact, according to a February 1998 study by @plan, a market research group, the number of online purchasers of CDs in the last four months of 1997 surpassed 1.3 million.
But when it comes down to paying for a compact disc ordered via the World Wide Web, the primary payment method is credit card. And many people are balking at releasing their credit card number over the Internet.
“(In 1997) we did a survey, and three-quarters of our customers said credit-card security was an issue,” said Chris McCann, senior vice president of 1-800-Flowers. He said his company does 10 percent of its business online.
Mail-order itself is nothing new. The 500-page illustrated Sears and Roebuck catalog was being shipped to farmers over 100 years ago, long before the first Sears department store opened in 1925. The Franklin National Bank in New York issued the first real credit card in 1951, allowing for purchases to be charged to an account which the customer would have to pay later. And toll-free 1-800 numbers have flashed across television screens for the last two decades, extolling the virtues of one product or another and encouraging the viewer to “Order now. Visa and MasterCard accepted.”
But with the combination of increased online traffic as well as the prevalence of the credit card — the U.S. Census reports 66 percent of American families use credit cards — an increase of fraud occurs as well.
So a cottage industry has developed, offering added protection and encryption of information (such as credit card numbers) transferred over the Internet. Companies such as First Virtual and CyberCash offer payment methods guaranteeing secured transfer, while MasterCard and Visa are in the final stages of a universal security protocol known as Secure Electronic Transaction or SET.
The proposed SET standard, which is described in detail at their Web site (www.setco.org), is indicative of the various security methods which require additional software and licensing to merchants and thereby assuring users of security.
But despite the claims made by SET or other encryption methods, many remain unsure of their vulnerability to credit card fraud.
The CDnow Web site (www.cdnow.com) includes testimony from a spokesperson at AT&T’s Universal Card division stating that “his company to date had not encountered any cases of credit card numbers being stolen during transmission over the Internet.”
Kevin Ratner, vice president of Operations and Business Development for the Internet Underground Music Archive (IUMA), agrees.
“I worry much more giving my credit card to a waiter in a restaurant than I do giving it over the Internet,” said Ratner, whose online company showcases unsigned music bands and provides opportunities to purchase music online.
Keith Lamond, a graduate student at Georgetown University, has researched credit card number transfer via the Internet.
“I would feel totally safe using my credit card with any of these methods. They all provide a secure means to pay for what you purchase online,” he said.
But in spite of all the talk concerning the secure transfer of credit card numbers, the truth remains that theft is possible. The theft may not come crossing the Internet, but when the numbers arrive at their destination.
In August 1997, a computer repairman who was accused of trying to sell 100,000 credit card numbers pleaded guilty to trafficking in stolen credit card numbers and computer fraud. By hacking into servers, Carlos Felipe Salgado Jr. gained access to about $1 billion in credit from numbers he harvested from an Internet Service Provider in San Diego and 6 to 10 companies that conduct online transactions.
The story from The New York Times said that as far as the FBI knew, none of the credit card numbers were used. But the fact that Salgado was able to get around the Secure Sockets Layers encryption protocol that companies use to protect their servers online is enough to make anyone want a more secure method before ordering online.
SET and the other secure transfer protocols, despite their promises, cannot make a credit card completely invulnerable. But maybe it is not security that is preventing people from buying online after all.
“The thing that is holding back commerce on the Internet at the moment is not how safe is it, but whether there is anything worth buying,” Lamond said.