Can E-Confidence Be Restored?By John McCormick | Posted 2005-08-04 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
How can companies restore faith in e-mail and e-commerce? Here are some suggestions.
You've probably received an e-mail with a blaring subject line such as "Urgent Message From eBay Accounts Management!!!!"
The message in this case reads: "We regret to inform you that your eBay account has been temporarily blocked due to various log-in attempts from different global locations .... If you want to re-activate your eBay account, please follow our instructions."
The e-mail includes a link to a Web site; you're supposed to click on the link to verify your account.
Messages such as these are, of course, phishing schemes—attempts by crooks to get you to visit a fake, or spoof, site and divulge something personal, such as your credit card or Social Security numbers.
In the past, these messages were filled with typos or bad syntax, which made the attacks easily recognizable. No more. "They're getting better," says Hani Durzy, an eBay spokesman. "They're looking more and more like the real thing."
Yet, many companies continue to respond to these attacks with little more than a reminder to customers to never answer an e-mail that looks to verify personal data.
"I don't think they realize how much consumers' confidence is shaken," says Gartner vice president and research director Avivah Litan of companies doing business online.
The result is that consumer confidence in e-commerce and e-mails is eroding.
How bad is the problem? Four-fifths of people navigating the Internet have stopped opening e-mail attachments unless they feel absolutely confident of their source, according to a survey released in July by Pew Internet, a Washington-based research organization.
Beyond that, half of the people who shop online have stopped going to sites they fear may zap unwanted programs onto their computers, according to a Gartner report released in June, and nearly a third of those people are buying fewer items online than they have in the past.
Declining consumer confidence will slow the growth of online commerce by 1% to 3% each year over the next three, according to Litan. That might not sound like much, but using International Data Corp. numbers that pegged worldwidee-commerce at $300 billion last year, that could add up to $9 billion in lost sales.
Can consumer confidence be restored?
A number of companies—including auctioneer eBay and retailer Overstock.com, two of the 10 most visited Web sites—are installing procedures and technologies to give their customers a greater sense of security about their online operations.
Overstock.com, for example, has developed a program that allows it to match online orders with a cardholder's address. If the cardholder's address differs from the requested shipping location, the company double-checks the order with the customer.
EBay has come up with other safeguards. Working with a company called WholeSecurity, eBay has put a feature called Account Guard into its eBay Toolbar—a strip of auction buying, selling and tracking tools. The Account Guard utility, when activated, checks the sites customers visit against a repository of spoof sites maintained by WholeSecurity. The user's toolbar turns red the moment a user visits a known spoof site.
EBay also has gone live with a feature called My Messages, a secure inbox on its site. A copy of all eBay communications is sent to a user's My Messages box. If a customer wants to see if an e-mail came from eBay, he simply has to check for a copy in the My Messages box.
Overstock.com and eBay have shown that more than just sending out reminders can be done to stop online fraud. If other companies don't start following their lead, Litan says, consumer confidence will continue to erode, making it harder for them to launch new products—since people will only trust the names they already know—and almost impossible to count on e-mail as a quick, cost-effective means to communicate with customers.
Online fraud, says Overstock.com's technology chief Shawn Schwegman, "is a problem that, unfortunately, everyone has to deal with right now."