Abstract: Credit card losses in the traditional marketplace cost banks and merchants about $1.5 billion a year in the U.S. and $3 billion worldwide. On the Internet, last year consumers spent $350 million on goods and information they purchased over the World Wide Web, as well as America Online, Prodigy, and Compuserve, according to Forrester Research, Cambridge, Mass. Credit cards remain the online payment mechanism of choice. Merchants that Forrester analysts have talked to say about 80% of Internet purchases are made by credit card. The National Fraud Information Center in Washington, D.C., typically handles 350 cases of credit card fraud a day. In March, 20 to 30 of the daily card cases involved Internet transactions, according to John Barker, director. Practice safe computing The first place a hacker could get a card-holder's credit number is from the person's personal computer. The software encryption schemes of Netscape, Mountain View, Calif. and CyberCash, Reston, Va., as well as the SET (Secure Electronic Transaction) security protocol Visa and MasterCard are developing, don't kick in until the card number travels over the Internet. This is the vulnerability First Virtual Holdings, San Diego, exposed in February when it demonstrated a program that attacked the Netscape and CyberCash security schemes, using a Trojan Horse software program to collect information off a user's hard drive. Allan Schiffman, chief technology officer at Terisa Systems, Inc., Los Altos, Calif., says anyone can avoid having their credit card number stolen from their machine by practicing safe computing. (Terisa sells secure Web toolkit software to companies that develop Web server and client software for end users. Schiffman is one of the designers of SET.) Pieces of software don't run on your computer without you installing them, he says. A Trojan Horse program could be hidden inside a legitimate program, but a user who is careful won't get one. you buy shrink-wrapped software off the shelf you're pretty safe. If the software company has let bad software onto your machine you can sue them, he says. Intercepted on the way Another risk is that card information could be stolen while en route to the Internet merchant. First Virtual Holdings offers an off-line security service so the cardholder never posts his credit card number on the Internet. CyberCash and Netscape provide encryption software that scrambles messages so prying eyes can't read them. The SET security protocol that Visa, MasterCard, GTE, IBM, Microsoft, Netscape, SAIC, Terisa Systems, and Verisign are developing (and American Express has endorsed) is based on encryption technology from RSA Data Security that's strengthened with Optimal Asymetric Encryption Padding (an encryption technique developed by IBM) and other methods. …
Publication Year: 1996
Publication Date: 1996-04-01
Language: en
Type: article
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot