New security advances may lead to a boom in purchases via the Internet
Carlos Salgado Jr. convinced himself he could get rich by stealing credit cards on the Internet. Last May, the 36-year-old unemployed California hacker, using an ordinary computer in his parents’ modest home, stole 100,000 creditcard numbers with a combined credit limit of more than $1 billion from an Internet service provider. But Salgado—who goes by the name “Smak” on the Net—stumbled into big trouble. He tried to sell some of the creditcard numbers for $360,000 to an undercover FBI agent.
Now, he is facing a lengthy prison term after pleading guilty to the crime in August.
Sentencing is in November.
Salgado was a rank amateur in the underworld of cyberspace—but even he could snatch credit-card numbers on the Net. No wonder so many Web surfers are reluctant to send their personal financial information over the Internet.
More than three out of four Canadians who use the Internet suspect that it is not safe to shop in cyberspace with a credit card, according to a 1996 survey by A. C. Nielsen and the Ottawa-based Nordicity Group. But despite the high-profile Salgado case, industry observers insist that the theft of credit-card numbers on the Internet is rare.
It is riskier to give a credit card to a waiter in a restaurant than send it through the Internet to a virtual store, says Rick Broadhead, a consultant and co-author of the 1998 Canadian Internet Handbook: “You have a greater risk of getting held up at the corner store,” Broadhead says.
Yet perception, in this case, is more important than reality. The widespread belief that the Internet is not secure for creditcard purchases is the biggest barrier to an explosion of Internet shopping, according to Broadhead and other industry experts. Although one-quarter of Canadians use the Internet right now, only 2.5 per cent have ever bought anything on the Net, according to a survey by TWA Consulting
Services Inc., a firm that advises financial institutions on payment systems for electronic commerce. Internet purchases, mostly computer-related products, have jumped from nearly zero two years ago, but “breakthrough growth” will only occur when card-carrying Canadian shoppers know that “large, trusted financial institutions” guarantee the security of their credit-card purchases, says TWA president Thomas Atkin. “When that happens, it will take Internet shopping through the roof.”
That day could be sooner than many people think. The world’s two largest credit card associations, Visa and MasterCard, are testing new, super-secure procedures to make credit-card purchases on the Internet
as safe as purchases in a regular store. The new security protocol—called SET, or secure electronic transaction—has been developed by the creditcard giants with the backing of major players in the computer business, including Microsoft, IBM and Netscape.
SET heightens security in two ways. First, it verifies the identity of the bank, the client and the merchant. Each of the participants in the SET protocol will be required to have a digital I.D., called a digital certificate, that will be included in SET software. The digital fingerprint will give criminals little chance to set up a fake store or use a stolen credit-card number on the Net. Second, sensitive financial information will be encrypted in such a way that the merchant will not see the credit-card number but will simply pass it on to the bank, preventing hackers from stealing credit-card numbers from a merchant’s Web site.
Some critics complain that SET is a highly technical answer to a problem that exists only in the minds of nervous consumers. What’s more, SETs g backers still have to figure out 5 how to deliver a digital I.D. to millions of potential Internet I shoppers. Yet Michael Miloff, ^ president of the Internet store £ designer Yale Communications, is convinced that SET will give a huge boost to Internet shopping. He thinks it will not only reassure customers but will also encourage merchants to set up new Internet stores.
Others are more skeptical. “Let’s face it,” says Randy Scotland, vice-president of communications for the Retail Council of Canada, “the Internet cannot replace the storeshopping experience.” People still like to wander through malls on a Saturday afternoon and touch the things they are going to buy. While they might like buying books and computer software on the Net, the medium has its limitations, no matter how tight the security. It is, notes Scotland, “difficult to try on a new shirt or shoes on the Internet.”
The story you want is part of the Maclean’s Archives. To access it, log in here or sign up for your free 30-day trial.
Experience anything and everything Maclean's has ever published — over 3,500 issues and 150,000 articles, images and advertisements — since 1905. Browse on your own, or explore our curated collections and timely recommendations.WATCH THIS VIDEO for highlights of everything the Maclean's Archives has to offer.