Virtual fraud less risky than counterpart

The Net’s roots in code and quantities often leave the virtual door open for e-companies to view a customer as a mere blip in the system, defined by numbers that reflect shoe size, favorite TV show, household income, etc. – in sum, a for-sale string of numbers with a lifestyle.

Likewise, the same door is often left open for a hacker to target a corporation with essentially mathematical attacks, ranging in severity from the merely embarrassing to the totally devastating.

Internet security and privacy issues are flip sides of the same misuse-of-information coin, issues that are driven (and possibly sometimes overblown) by a fear felt by companies and consumers alike: ‘Someone might tamper with my data and inflict damage on me.’ People are prone to fear what they cannot see or understand, and the Internet, in all of its newness and invisible workings, is as good a symbol of the unknown as anything.

SPONSORED CONTENT

Business Cares: April 2024

In Colorado, 1 in 3 women, 1 in 3 men and 1 in 2 transgender individuals will experience an attempted or completed sexual assault in their lifetime. During April, we recognize Sexual Assault Awareness Month with the hopes of increasing conversations about this very important issue.

Nonetheless, virtual fraud probably has less potential than its brick-and-mortar equivalent.

Encryption standardization

“My opinion is that you are less likely to encounter those problems (fraud and theft) over the Internet than you are over the telephone or in person,´ said Steve Hultquist, chief technical officer of Leopard Communications, a Boulder-based advertising/marketing firm with a strong e-business presence. Why? “(The credit card) doesn’t even touch a person’s hands,” Hultquist said, citing the more-real possibility of a waiter double-swiping a Visa. He noted that most out-of-the-box servers have a built-in capacity for stringent security.

“For the cost of a computer and an operating system, it’s secure,” he noted, adding that the standardization of encryption technology has enabled communication between systems that are secured by different means.

Secure, however, is a relative term – no code is truly unbreakable. “DES (Data Encryption Standard, the current federally endorsed encryption standard) can be broken on a Palm Pilot, given enough time,´ said Cynthia Fauteck, Colorado’s regional technical consultant for Redwood City, Calif.-based Check Point Software Technologies, a provider of virtual private networks (VPNs), firewalls and other online security solutions.

Security has gotten tougher, Fauteck noted, and technological innovation is only part of the reason. “There have been huge strides in mathematics in the last 20 years that people don’t realize,” she noted. “A lot of that relates to cryptography.” As the code-makers advance, however, so do the code-breakers.

“Everything has risk in it,´ said Fauteck. “Lightning can strike your house. Anything can happen.”

Better security available

Minimizing this risk is what the encryption technology market is based on. While most brand-name technologies offer built-in protection, better security is always available – for a price. More stringent security hardware or software will typically cost $2,000 to $20,000, Fauteck said.

What is the best course of action available to the bare-bones operation? Olivier Brousse, vice president of technical services at The Root Group, a Boulder-based IT consultancy specializing in security issues, gave a mixed review to the out-of-the-box options. “They’re not bad, (but) it’s hard to customize them,” he said, due to the fact that they offer strong security without advanced features and functionality. Another popular and economical security option is outsourcing Web-hosting needs.

“This is double-edged, though,” Brousse said. “You’re kind of putting yourself in the hands of the hosting company.” Some hosts offer better security than others do, for an identical price. “Do your homework,” Brousse advised.

In the minds of many an e-consumer, security concerns have recently taken a back seat to privacy issues. Just as e-businesses want to avoid the intrusion of overzealous hackers, their consumers want to avoid exploitation by overzealous marketing departments trading their personal information.

Security No. 1

“From an e-commerce perspective, there’s been survey after survey done and security was always the No. 1 issue (for consumers),´ said Steven Lucas, chief information officer at Broomfield-based PrivaSeek, a provider of consumer-oriented information control tools. “Now, that’s not even on the radar screen.” Security fears have been replaced by “control and trust issues,” Lucas said, that could eventually hinder e-commerce’s growth by hundreds of billions of dollars.

To help ensure information is not misused, PrivaSeek’s trademarked Persona product is geared at handling and tracking the exchange of a consumer’s data, acting “as a proxy between the consumer and the Web site,´ said Lucas. By clearly communicating their privacy policies, companies can alleviate consumers’ fears, he added; sites without such policies are not liable to adhere to any privacy standard and therefore less likely to be trusted.

While the Internet might have the potential to increase the misuse of information by orders of magnitude, diligence can ward off problems. Security-wise, “I really do think it’s important that people don’t install a firewall and forget about it,´ said Check Point’s Fauteck. She noted that continual maintenance and research help avert security flaws. Similarly, addressing the consumer’s privacy concerns is an ongoing process. Like a company’s security, a customer’s privacy – or lack thereof – is a concern that needs to be thoughtfully negotiated in order for the Internet to fulfill its ultimate potential as a business tool.

To reach Eric Peterson with ideas for upcoming E Report columns, e-mail him at ereport@usa.nt.