Who's afraid of the big, bad Net?

Sick of the incessant hysteria about Internet insecurity? Here's a quick list of frequently asked questions (FAQ) on who's scaring us, how safe theNet really is, and who the real scaredy-cats are.

Instead of the familiar FAQ, call this an antidote to FAQs, those Frequently Asserted (but) Questionable Statements.

Isn't concern about Internet security hampering the growth of e-commerce?
Yes and no. Certainly people who haven't used the Internet may be scared off from buying online or from going online at all.

But for veteran Net users, familiarity with the medium is breeding comfort. Recent surveys of both consumers and business users report two seemingly contradictory findings: Users say they're concerned about security, but they're buying more and more on the Net.

Where's all this scare talk coming from,
anyway?
Journalists and Internet security companies are the chief purveyors. Ever since New York Times' John Markoff began covering crypto and Internet security three years ago, the "Internet insecurity" story has been an often-superficial staple of both consumer and technology journalism.

Internet security vendors are selling protection, so there's an unfortunate tendency to "stimulate the market" by hyping the Net's lack of security.

So if Net-savvy folks aren't scared, who is?
Banks and corporate MIS departments are scared to death, and they should be. Consumers who make a Net purchase with a credit card risk $50--the loss they'll suffer if they have to appeal to their card issuer about a fraudulent deal and get it removed from their bill. Some card issuers and Internet malls promise to cover all losses.

But bankers know that hackers, like robbers, go where the money is. MIS guys aren't sitting on a pile of cash, but they're responsible for guarding a corporation's innermost secrets and proprietary information. And there's no way to pass the buck--the stakes to these folks isn't $50, it's the job, the mortgage, and the kids' college education.

But isn't this Secure Electronic Transactions protocol supposed to make it safe to use credit cards on the Net?
Yes, that's SET's goal, but so far it's a long-running soap opera sans implementation. SET was really designed to make bankers comfortable with Internet card charges, and Visa and MasterCard have faithfully mirrored their member banks' apprehensions, reasonable or not. Also, SET is about card charges, not e-cash, major funds transfers, electronic checks, or anything else.

Online merchants or buyers today aren't using SET because they can't, except in pilot tests. So far retail Internet sales have proceeded without SET, so when the SET parade begins, it's not clear that anyone except banks will care.