Firms seek to reassure e-shoppers over security

With ID theft and phishing attacks on the rise, a panel of experts talks about what their companies are doing to batten the hatches.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
2 min read
SAN FRANCISCO--Addressing a rise in identity theft and phishing attacks, a panel of security experts discussed on Friday the steps their companies are taking to bolster consumer confidence in online commerce and prepare for the challenges that lie ahead.

The panel, including security experts from e-commerce sites and online banks, outlined their predictions and opinions at the RSA Conference 2005 here. Earlier this week, a survey by RSA Security found that one-fourth of online shoppers have reduced purchases in the past year as identity theft has risen.

And businesses that cater to online consumers are taking note and developing plans.

"We want to add significantly more protection for our users and are looking at stronger authentication for passwords," said Adam Joffe, chief technology officer for Sony Online Entertainment.

Joffe noted that Sony's online-gaming customers not only subscribe to the service but will also engage in e-commerce. As a result, customers logging on to Sony's gaming site share sensitive personal information with the entertainment giant.

eBay, meanwhile, has employed other strategies, ranging from an escrow service to a PayPal buyer protection program to a security center, said Kurt Van Etten, the auction giant's security program director.

"If a consumer doesn't trust e-mail at all, then it inhibits our ability to communicate with them," Van Etten said. "And if they're not comfortable using credit cards online, then that will affect our business. For us, this is a trust issue."

The challenges in resolving that issue are high.

Malicious attackers, for example, will continually evolve their techniques as technology solutions are developed to thwart them, said Joe Raymond, chief architect of Web optimization for Etrade.

And as the industry turns to adopting a federated approach, in which one password onto a company's site will grant others access without requiring someone to reenter the information, the stakes may be high for consumers.

"The problem with federation is you're putting a lot of eggs in one basket, with a single point of failure," said Richard Parry, consumer fraud risk management director for J.P. Morgan Chase.

He cautioned that a failure in the federation approach could greatly damage consumer confidence.

But if online merchants and banks make it too difficult for consumers to use greater security measures, it reduces the prospect that the consumer will make the effort, Parry said.

He noted that consumers usually would not make the effort because they do not have any "skin in the game," since merchants and banks are typically the ones to absorb the losses if a transaction is bogus.