Page II: After a decade, even your mom buys books online. But are "secure" transactions secure enough?
Both the Internet Shopping Network and NetMarket required online shoppers to download special programs before they could safely transmit their credit card numbers over the Web. NetMarkets, which is now operated by a subsidiary of hotel and rental car company Cendant, used a special browser that incorporated Pretty Good Privacy (PGP), a program that went on to become a popular e-mail encryption tool but never caught on for e-commerce. Internet Shopping Network relied on a program called Secure Mosaic, a browser that required users to grasp the concepts of public key encryption technology, a system for securing electronic transactions and managing digital signatures.
The programs were hardly geared toward the mainstream shopping public. They required technological proficiency to configure and operate correctly. And at the time, they only worked on computers running the Unix operating system, while the vast majority of the computing public used Microsoft Windows or Apple Macintosh machines.
That's why the Internet Shopping Network, which the Home Shopping Network later acquired, continued to gather customers' credit card numbers by phone and fax for most orders in 1994, Adams said. The data encryption mechanism was difficult to use and most people didn't trust it at that point, he said.
Web retailing began to flourish the following year, when Netscape (now a division of Time Warner) came out with a version of its Web browser that incorporated the Secure Sockets Layer (SSL) security protocol, Kohn said. SSL creates a connection between a desktop computer, or client, and a server, over which data can be sent securely. The most recognisable sign of SSL at work are Web addresses that begin with "https:" rather than the more familiar "http:" designation.
Microsoft also adopted the SSL protocol as the encryption standard for its Internet Explorer Web browser, further cementing it as a common method for protecting the transmission of confidential information on the Web. That same year, a little Seattle company called Amazon.com set up a book shop online.
Security still a worry
While 10 years of fine-tuning the technology have made e-commerce easier, data security remains a concern for online shoppers and merchants. Though SSL is nearly impossible to break, hackers have found other ways to attack, using computer viruses, "phishing" and other tricks.
Phishing is a scam involving bogus e-mails that appear to come from legitimate businesses, such as Citibank, eBay or PayPal. The e-mails often say the company has lost or must update the recipient's accounts. The user is prompted to follow a link to a phony site and enter passwords, credit card numbers and other personal information.
At least 30 million Americans have been the target of a phishing attack, and nearly 2 million of them have been hooked, divulging credit card numbers and other information, according a Gartner survey. The technology research firm recently warned that phishing, which cost US credit card companies and banks more than $1.2 billion last year, may seriously sap consumer enthusiasm for online shopping if nothing is done to combat it.
Another threat to e-commerce is the proliferation of computer viruses that override security features in popular Web servers and browsers, particularly Microsoft's Internet Explorer (IE). One such virus that infected computers in June redirected visitors from certain Web sites to sites controlled by hackers allegedly in Russia. The virus, dubbed JS.Scob.Trojan, also planted a remote-access program onto infected computers to record keystrokes and capture login information.
Computer security experts believe the attack affected a relatively small number of Web sites but was that largest, most effective assault of its type to date. The attack prompted some people to switch from using Explorer to alternatives, such as Mozilla and Firefox from the Mozilla Foundation and Opera from Opera Software.
Despite the threats, most people are more comfortable than ever with shopping online, said Darin Sennett, director of design and technology, at Powell's City of Books. The Portland, Oregon, book store has been taking orders online for nearly 10 years and has been largely unaffected by such attacks, he said.
"That was sort of the James Bond of e-commerce high-jacking," Sennett said of the Russian virus that spread in June. "I don't think there's an overwhelming concern about doing commerce online because of threats to security."
16%
7%
