Corrections or additions?
E-Commerce Consumers: Do They Think It’s Safe?
This article was published in U.S. 1 Newspaper on February 10, 1999. All rights reserved.
One third of the Internet-savvy people in Mercer County
purchased something from a site on the World Wide Web in the past
year. Twenty percent of those surveyed bought items worth at least
$100, and 13 percent spent less than $100. But 60 percent bought nothing
on the Web. Those who didn’t buy — are they frightened about security?
Or worried about fraud? Or just watching their pennies?
Four MBA students from Rider University distributed questionnaires
at corporate locations, a condominium complex, a gas station, an elementary
school, and Rider, and also by E-mail. More than 400 people responded.
The students’ paper "Electronic Commerce: Finding for American
Consumers" was presented last fall.
"As consumers move onto the web in increasing numbers, questions
arise about the possible occurrences of fraud, and the long-term repercussions
arising from the misdeed," say the students. They studied consumer
confidence regarding online purchases — whether these concerns
were valid and what consumers need to watch out for. And they described
the technology of secure transactions, an R&D area in which an Independence
Way-based firm, Trintech, excels.
"The validity of concerns varied, based on whom you asked,"
says Drew Procaccino, one of the four student researchers. An
economics and business major at Ursinus College (Class of 1982), he
also earned a B.S. in decision sciences and computers from Rider.
He does desktop publishing and teaches at Rider and Mercer County
College (E-mail: firstname.lastname@example.org).
"Vendors and reporters tended to compare online transaction safety
as equal to mail order or restaurant purchases. Consumers supplied
some horror stories," writes Procaccino. "Ultimately recently
formed watchdog web sites work to inform and educate consumers in
online transaction etiquette." (See following story.)
But like every aspect of the Internet, Internet fraud changes rapidly.
The five most commonly reported frauds for the first half of 1998
are completely different from those for the second half of 1998. As
each type of Net dishonesty surfaces, steps are taken to prevent it.
"Reputable online vendors now take steps to protect their online
customer base," says the student report. "Financial institutions
and better vendors are employing encryption methods to scramble data.
Additionally, consumers should take steps to protect themselves by
researching the vendor, limiting information they provide, and being
aware of the dangers they face once they make the decision to buy."
Females were more reluctant to purchase online than males (69 percent
spent nothing), compared to 49 percent of males. Those aged 49 and
younger seemed to spend more money online than those over 50.
The students expected that those who worried about purchasing on the
Web would be the ones who made no E-commerce buys. Wrong. Those with
zero concerns spent less money than those with several or many concerns.
As for gender, males were four times more likely than females to not
be concerned about purchasing online, but all had concerns.
Worry over credit card security affected 75 percent of all those responding.
Unwillingness to give up one’s name and address affected 61 percent,
the same for men as well as women. The vendor’s reliability and the
buyer’s inability to see the merchandise influenced 47 percent and
38 percent respectively. More than one-third (36 percent) were worried
about their ability to easily return the product. More than one-fifth
(23 percent) wished they could talk to the online merchant. The remaining
problems (11 percent or less) involved lack of money, lack of knowledge
of the web, or lack of access to the web. Eight percent of those surveyed,
44 people, expressed no concern at all.
"We found it interesting that 18-29 year-olds (five percent),
whom the conventional wisdom often cites as being exceptionally computer-literate,
were five times more likely to cite a lack of knowledge of the Web
as a `concern’ compared to 30-49 year olds (one percent) and four
times as likely as 50-79 year-olds (four percent)," writes Procaccino.
This 20-something age group were also three times as often as the
over 50 set to cite a "lack of money" as one of their concerns,
and six times as likely as the 30-49 year-olds.
Says the report: "The most common signs of fraud are extravagant
promises of profits, guarantees of credit regardless of bad credit
history, or incredibly low prices or prizes that require up front
payment. Most scams start when a business or individual strikes up
a conversation via E-mail or in a chat room. Many schemes involve
down payment of cash or checks for nonexistent services of products,
such as Internet accounts, general merchandise, credit cards, computer
equipment, and auctioned items. The payments are usually sent to a
post office box, but the products are never delivered."
"While a consumer may get a telemarketing call and feel that the
voice on the other end of the line sounds shady, or visit a store
and decide that the products being sold really aren’t as great as
the ad claimed, there is no such protection on line."
The students’ advice: "Checks and money orders are the most common
methods of payment when purchasing goods or service over the Internet,
but they don’t offer the same protection that a credit card does."
Procaccino’s colleagues include Joanne Celentano-Tziovannis,
a senior sales analyst at Bristol-Myers Squibb on Scudders Mill Road.
She was an accounting major at St. John’s University, Class of 1993
and hopes to receive her finance MBA from Rider.
Bart V. Del Cimmuto
went to Penn State (Class of 1989) and is working on his MBA in finance.
He is a regional credit analyst with Ford Motor Credit in Mahwah.
Lee-Ann Benjamin graduated from Rider in 1997 and works in Warren
for EnableVision as an information system consultant.
They were in the class of Marvin Darter, associate professor of computer information systems.
In response to the Internet fraud reports that tripled
in 1997 the 109-year-old National Consumers League has set up Internet
Fraud Watch, dedicated to giving consumers resources to avoid fraud (http://www.fraud.org/ifw.htm).
But fraud tactics change rapidly. The Internet Fraud Watch reported
that for the first six months of 1998 the five most frequent reports
of fraud were for web auctions (undelivered or over-valued items),
general merchandise sales (never delivered or not as advertised),
Internet services (false representations), hardware/software
sales, and pyramid and multi-level marketing schemes.
The next six months showed a radical change. None of top-five frauds
from January to June were in the "first five" list for the
entire year of 1998. That list, as released on January 27:
to phone bills.
1998), promises of loans contingent on the consumer paying a large
fee in advance.
pay-per call services, business opportunities and franchises, and
travel and vacation offers.
National Consumers League’s top tips to avoid Internet fraud, as reported
by the Rider students:
know who the company or person is and where it is physically located.
the return and cancellation policy, and the terms of any guarantee.
The federal telephone and mail order rule applies: Goods or services
must be delivered by the promised time, or, if none was stated, within
30 days. Print out the documentation.
and licensing or registration documents, but remember that fraud artists
can appear and disappear quickly, so lack of a complaint record is
no guarantee of legitimacy.
or personal information to anyone you haven’t checked out. But
using a credit card is preferable to mailing a check or money order;
you can always dispute fraudulent credit card charges, but you can’t
get cash back.
danger signs of fraud.
and violates computer etiquette. Report such "spamming" to
your Internet service provider.
with, even if you want to see pictures or hear music. You could unwittingly
download a virus that hijacks your Internet service, reconnecting
you to the Net through an international phone number, resulting in
enormous phone charges.
Another aspect of the Rider study dealt with technology-based
solutions aimed at preserving the reliability and integrity of E-commerce.
When the study was published, there were only two major technologies:
Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET).
Since then, Trintech has come out with two variations on these methods,
aimed at making it easier and more secure for consumers to buy on
the ‘Net (http://www.trintech.com).
Trintech is based in Dublin, Ireland, but opened a research and development
facility here in 1997 and is located on Independence Way. The privately
owned firm specializes in providing card payment and electronic commerce
solutions to bankers and retailers (U.S. 1, December 3, 1997).
Kevin McGuire, the oldest of three brothers in Trintech, heads
the Princeton office. He graduated from University College Dublin
in 1976 and came to Princeton Plasma Physics Lab in 1979, recruiting
fellow PPPL-ers to help him open the R&D office on 1997. Sales, marketing,
and customer support for Trintech is provided by a 30-person office
in San Jose, and a six-person marketing office is in Austin. Munich
is the site of a European office.
Trintech is a direct supplier and an OEM (original equipment manufacturer)
supplier of payment software http://www.trintech.com.
Trintech’s latest and most exciting product is Payware Net. "We
realized that SET (one of the transaction methods) was slow to take
off," says spokesperson Richard Martin, "and that people
on the retail side were asking for a form more secure than offered
today under traditional SSL (the alternative transaction method).
Our guys in Princeton developed this Payware Net product, and it comes
in four different flavors:
Communication Corporation’s handshake protocol." With encrypted
data transmission it issues a digital certificate and signature to
authenticate both the buyer and the seller. "It uses public key
encryption — a set of mathematically linked numbers, referred
to as keys. A message encoded with the public key (widely known, such
as an individual’s address) can be decoded only with the private key
(so the message can be read only by the intended recipient),"
describes the report.
After SSL negotiates the secure connection, the buyer and the seller
can begin to exchange data. It works, but as Martin points out, "Plain
SSL messaging doesn’t give the same level of security as SET."
security protocols developed by Visa International and MasterCard.
Trintech installed its version on Netscape’s site in 1996. "It
goes beyond SSL by incorporating credit card authorization, ensuring
that the buyer is authorized to use the credit card (via the digital
signature) and that the merchant is authorized to accept the card
(via verification of the merchant’s relationship with a bank acting
as a payment processing intermediary)," says the student report.
SET offers a digital certificate at the consumer level, as well as
at the merchant level, says Martin. Merchants can post the SET symbol
on their home page so that savvy consumers will know their credit
card data will be safe.
But using SET can be expensive for merchants dealing with low margin
transactions, so Trintech now offers two hybrid versions:
The buyer sends a message in SSL to the online merchant site. This
is translated to a SET message and sent from the online merchant to
the bank. "One of the big barriers of SET is the whole digital
certificate that the consumer fills out," says Martin. "Here,
the consumer doesn’t have to apply for the digital certificate, yet
the consumer knows the site is secure," says Martin. The SET mark
means that the merchant has gone through rigorous third party testing.
requirement of a digital certificate for the consumer; the consumer
does not have to go through the rigamarole of that application. "For
the consumer, three and four are identical," says Martin. "The
consumer knows the data is more secure because of the SET encryption.
It is another step to more secure E-commerce."
the technology company," says Martin. "We leave it to the
card associations and the banks to decide what is the best."
To Martin, a good way to measure fraudulent Internet transactions
is to count the number of "chargeback" complaints to credit
card companies about Christmas purchases. Not all of the complaints
will be due to fraud: "There is a rumor that it is quite high;
people are alleging that kids’ are taking parents’ credit card numbers
and getting merchandise sent to their address — and these purchases
are being disputed by the parents."
CEO John McGuire and the Trintech crew want to develop the technology
so it is "a transparent exercise of clicking, clicking, and clicking
for payment to be activated, authorized, and completed in a secure
"In a few years, consumers will log on, click, and pay with the
same confidence and regularity on the Web as they do today in the
physical world," says McGuire. "But encryption is a
demanding science. We feel that, by making the investment in research
in these early days, we will be rewarded in the near future when the
underlying encryption methodologies need to be upgraded to newer,
faster, and more secure encryption techniques."
"It’s a very exciting area to be working in. You are going to
potential and existing customers who want to embrace the technology
and make it available to the customer base," says McGuire. "This
is a push sell, not a pull sell."
Once more, Andy Goren is an empty nester. He founded
TV Objects, a company that developed a Java software tool called Applet
Designer, and he sold it off. Then under a different company name
he developed a hardware solution to laptop computer security, Lapjack
(U.S. 1, June 10, 1998). In October he sold the license for Lapjack
to a multibillion dollar global firm, which will launch the repackaged
product on March 1. Now the 29-year-old Goren, based at Princeton
Office Gallery on Independence Way, is contemplating his next contribution
to the cause of electronic commerce.
"For now I am going to stay around and help out," says Goren,
who had been a theoretical math major at University of California,
Berkeley. "But I might work on a new product, a joint venture."
Curtis Computer Products, has bought the worldwide exclusive rights
to Lapjack for marketing and manufacturing LapJack (http://www.curtiscp.com).
Curtis is a division of Esselte Pendaflex, a manufacturer of Oxford
file folders that supplies distribution to office products distributors,
computer supplies/VAR distributors, mail order catalogs, mass market,
and superstores for computers and office products.
LapJack uses an encoded security key that plugs into a parallel printer
port on a laptop computer. If a machine is enabled with LapJack it
cannot boot up without the key. It can’t be compromised by booting
from a floppy. And once the LapJack software is deployed on a laptop,
that computer’s hard drive can’t be used in another computer, nor
can the hard drive’s data be reformatted. LapJack puts no demand on
the processor or memory, doesn’t corrupt data, and doesn’t use passwords.
The new product is getting a new name, Data Defender, and a huge marketing
push. Its software is being translated into 14 languages, including
Hungarian, Polish, Finnish, and Swedish, says Ken Bernstein of Curtis.
Lapjack had a "street price" of about $90, and Data Defender
will sell at discounted rates for a similar price, from $89 to $99.
Data Defender will be a Qualtec brand and will have tie-ins to other
Qualtec products. "We own a printer cable company, and for desktops,
laptops, and docking stations, we are providing the Qualtec Data Defender
Parallel Port Extender," says Bernstein. This four-foot "splitter
cable" can be plugged into the hard-to-reach port of a desktop
computer and extend to a convenient spot for users to insert their
hardware security keys. It will retail for $29.95.
Like TV Objects is now, Lapjack will be a shell company after the
launch. To develop this hardware product, Goren had worked with Juan
Ruival, whose name is also on the patent. He had investment capital
from David Plimpton of Plimpton & Yang on Chambers Street. What now
for Goren? "I’m going to look in Internet and security areas for
the next products," says Goren.
Office Gallery, Princeton 08540. Andy Goren, president and CEO. 609-514-5181;
fax, 609-514-5176. Home page: http://www.lapjack.com.
Corrections or additions?
This page is published by PrincetonInfo.com
— the web site for U.S. 1 Newspaper in Princeton, New Jersey.