Businesses look to allay online shopping fears

Companies ranging from online portals to credit card giants are trying this holiday season to calm people's fears about online privacy and fraud.

Stefanie Olsen Staff writer, CNET News
Stefanie Olsen covers technology and science.
Stefanie Olsen
6 min read
Companies ranging from online portals to credit card giants are trying this holiday season to calm people's fears about online privacy and fraud, two thorns in e-commerce's side.

Online credit card theft is the biggest worry for customers who decided not to buy goods online, according to a recent survey by Forrester Research, an Internet research group. The second-biggest fear is a reluctance to give Web sites personal information.

That concern follows several widely reported online security problems, from hackers stealing thousands of credit card numbers at CD Universe to failed dot-com companies trying to sell their customer lists. Despite the privacy worries, most researchers agree that the Internet is the safest place to use your credit card.

"Using a credit card to purchase online is more secure than giving it to a waiter in a restaurant," said Chris Kelly, an analyst at Forrester. "It's really a matter of perception as opposed to reality."

Microsoft, Visa USA, Discover and American Express, as well as regulators and industry groups, are among those trying to dispel those perceptions and provide extra safety measures for customers.

"Anyone with a vested interest in online commerce needs to relay the message to consumers that shopping online is safe," said Marissa Gluck, an analyst with New York-based Jupiter Media Metrix.

Credit cards leading the way
The major credit card companies have led the way with new initiatives announced in recent months. MasterCard started advertising its new "zero liability" program this fall that lets credit card and debit card consumers off the hook if fraudulent charges are posted to their accounts.

Tips for safe online shopping

1. Never give your personal information to an unknown source.

2. Shop with trusted, known Web sites.

3. Go over security, privacy statements before shopping.

4. Trust your instincts and use common sense if you think something looks fishy.

5. Take your time before you make a buying decision.

6. Shop with a credit card that protects you.

7. Review your credit card statements carefully.

8. Check the warranty and return policies.

9. Keep records of everything you order.

10. Report suspicious experiences: BBB Online and the FTC take complaints.

Source: CyberSource

Discover has launched a new single-use credit card number for online purchases, and banking-services company MBNA plans to offer a similar service in the future, according to its Web site.

American Express debuted its one-time-use credit card numbers for online shoppers earlier this fall as part of a broader push to set a lock on Web shopping and privacy. The company also spearheaded a group to fight credit card fraud online, with plans to hold frequent fraud-prevention workshops and seminars to educate industry businesses. Members in the group, dubbed the "Worldwide E-Commerce Fraud Prevention Network," include First Data, Buy.com, ClearCommerce, Starwood Hotels & Resorts Worldwide, and Expedia.

Visa USA recently announced plans for new Web site security standards that online merchants must uphold or risk losing Visa privileges. The company has partnered with the Internet unit of the Better Business Bureau to create a series of programs designed to foster consumer faith in online shopping.

"Credit card companies have taken a step back and really tried to attack this issue and say, 'Listen, this is really safe,'" Kelly said.

Yahoo gets involved
This year, even Yahoo is offering shoppers protection against online fraud for most items purchased through its shopping portal. The free Buyer Protection Program, backed by Lloyd's of London, covers shoppers on any purchase up to $750 that may have been misrepresented or never arrived. Consumers using the Yahoo wallet are covered on purchases of up to $1000.

For Internet merchants, online credit card fraud has been particularly irksome because they often must pay for the fraudulent charges. Typically, the merchant will receive a notice called a "charge back" 30 days to 45 days after the purchase that says the customer did not buy the goods. If proven, the merchant then loses the sale and is often charged a fee from the credit card company. On top of this, they also may incur in-house expenses.

But researchers say that credit card fraud is minimal at online stores. According to consumer nonprofit organization Internet Fraud Watch, the online arm of the National Consumers League, online auctions are the source of the most fraudulent acts via the Internet. And, the group said, consumers lost more money from fraud by sending money orders and checks through the mail than by using a credit card.

In most instances, credit card theft occurs when information is stored at a vulnerable site, not when in transmission, Kelly said.

As a result, some online retailers, including Amazon.com, are offering to cover the $50 deductible fee charged to consumers if an incident of fraud can be traced to their site.

A more attractive burden
Credit card companies carry a more attractive burden, however. "The Internet means an increase in volume for the credit card companies," Kelly said. When consumers shop offline, they have the choice to pay with cash, checks or credit; but in the online universe, the most obvious option is credit.

Neighborhood watch is not just for suburbanites anymore either. Just last week, U.S. Sen. Ron Wyden, D-Ore., requested that government site FirstGov add an area for online complaints so that consumers could express troubles on a wide variety of topics.

The FTC takes complaints from consumers via a toll-free phone line and through its Web site. It has also listed information on "bad acts" like deceptive free PC offers, as well as information on consumer rights.

Because fulfilling orders last holiday season was a problem for many online merchants, the Federal Trade Commission sent warnings to e-tailers earlier this year about their obligations to consumers according to the "Mail or Telephone Order Merchandise Rule," which applies to Internet purchases. The rule requires that retailers deliver goods within 30 days of purchase if the inventory is in stock, as well as inform consumers if it is not.

"In many cases businesses weren't out there to disappoint consumers last year, but they weren't aware of their legal obligations either," said Betsy Broder of the FTC.

Last year, the FTC recorded 18,777 complaints about Internet-related fraud. 28 percent of the claims were linked to credit card fraud, while 55 percent were associated with checks.

But this year, the numbers have risen slightly for credit card-related fraud online. So far this year, the FTC has taken in 18,248 Internet fraud claims. And 35 percent of the victims used a credit card or debit card, while 39 percent used a check.

Shopthenet.org, a site from the Direct Marketing Association (DMA), also lists more than 300 member merchants--including L.L. Bean and J Crew--that are in compliance with this rule as well as security standards from the United States Postal Service and the DMA.

Even behind-the-scenes companies are helping the cause. ClearCommerce, an e-commerce transaction service provider, has taken steps to educate online businesses and consumers on how to protect themselves during the holidays.

And Software giant Microsoft is fanning positive messages about safe shopping online. It launched a site Monday called Stay Safe Online to give parents and consumers tools for protecting both identity and information online. The site answers questions such as how to shop safely online and how to protect your child on the Web.

While many of the safety-promoting campaigns may foster goodwill among consumers, they often bring up noncontroversial topics or go unnoticed by shoppers.

"You can't put all of the burden on the consumer to figure out (online privacy and safety), because they simply don't have time," said Andrew Shen, a policy analyst at the Electronic Privacy Information Center. "We need to redress that imbalance."