Internet Fraud Watch

Trintech’s Initiatives

For Goren’s LapJack, A Sale & Repackaging

Corrections or additions?

E-Commerce Consumers: Do They Think It’s Safe?

This article was published in U.S. 1 Newspaper on February 10, 1999. All rights reserved.

One third of the Internet-savvy people in Mercer County

purchased something from a site on the World Wide Web in the past

year. Twenty percent of those surveyed bought items worth at least

$100, and 13 percent spent less than $100. But 60 percent bought nothing

on the Web. Those who didn’t buy — are they frightened about security?

Or worried about fraud? Or just watching their pennies?

Four MBA students from Rider University distributed questionnaires

at corporate locations, a condominium complex, a gas station, an elementary

school, and Rider, and also by E-mail. More than 400 people responded.

The students’ paper "Electronic Commerce: Finding for American

Consumers" was presented last fall.

"As consumers move onto the web in increasing numbers, questions

arise about the possible occurrences of fraud, and the long-term repercussions

arising from the misdeed," say the students. They studied consumer

confidence regarding online purchases — whether these concerns

were valid and what consumers need to watch out for. And they described

the technology of secure transactions, an R&D area in which an Independence

Way-based firm, Trintech, excels.

"The validity of concerns varied, based on whom you asked,"

says Drew Procaccino, one of the four student researchers. An

economics and business major at Ursinus College (Class of 1982), he

also earned a B.S. in decision sciences and computers from Rider.

He does desktop publishing and teaches at Rider and Mercer County

College (E-mail: jdproc@aol.com).

"Vendors and reporters tended to compare online transaction safety

as equal to mail order or restaurant purchases. Consumers supplied

some horror stories," writes Procaccino. "Ultimately recently

formed watchdog web sites work to inform and educate consumers in

online transaction etiquette." (See following story.)

But like every aspect of the Internet, Internet fraud changes rapidly.

The five most commonly reported frauds for the first half of 1998

are completely different from those for the second half of 1998. As

each type of Net dishonesty surfaces, steps are taken to prevent it.

"Reputable online vendors now take steps to protect their online

customer base," says the student report. "Financial institutions

and better vendors are employing encryption methods to scramble data.

Additionally, consumers should take steps to protect themselves by

researching the vendor, limiting information they provide, and being

aware of the dangers they face once they make the decision to buy."

Females were more reluctant to purchase online than males (69 percent

spent nothing), compared to 49 percent of males. Those aged 49 and

younger seemed to spend more money online than those over 50.

The students expected that those who worried about purchasing on the

Web would be the ones who made no E-commerce buys. Wrong. Those with

zero concerns spent less money than those with several or many concerns.

As for gender, males were four times more likely than females to not

be concerned about purchasing online, but all had concerns.

Worry over credit card security affected 75 percent of all those responding.

Unwillingness to give up one’s name and address affected 61 percent,

the same for men as well as women. The vendor’s reliability and the

buyer’s inability to see the merchandise influenced 47 percent and

38 percent respectively. More than one-third (36 percent) were worried

about their ability to easily return the product. More than one-fifth

(23 percent) wished they could talk to the online merchant. The remaining

problems (11 percent or less) involved lack of money, lack of knowledge

of the web, or lack of access to the web. Eight percent of those surveyed,

44 people, expressed no concern at all.

"We found it interesting that 18-29 year-olds (five percent),

whom the conventional wisdom often cites as being exceptionally computer-literate,

were five times more likely to cite a lack of knowledge of the Web

as a `concern’ compared to 30-49 year olds (one percent) and four

times as likely as 50-79 year-olds (four percent)," writes Procaccino.

This 20-something age group were also three times as often as the

over 50 set to cite a "lack of money" as one of their concerns,

and six times as likely as the 30-49 year-olds.

Says the report: "The most common signs of fraud are extravagant

promises of profits, guarantees of credit regardless of bad credit

history, or incredibly low prices or prizes that require up front

payment. Most scams start when a business or individual strikes up

a conversation via E-mail or in a chat room. Many schemes involve

down payment of cash or checks for nonexistent services of products,

such as Internet accounts, general merchandise, credit cards, computer

equipment, and auctioned items. The payments are usually sent to a

post office box, but the products are never delivered."

"While a consumer may get a telemarketing call and feel that the

voice on the other end of the line sounds shady, or visit a store

and decide that the products being sold really aren’t as great as

the ad claimed, there is no such protection on line."

The students’ advice: "Checks and money orders are the most common

methods of payment when purchasing goods or service over the Internet,

but they don’t offer the same protection that a credit card does."

Procaccino’s colleagues include Joanne Celentano-Tziovannis,

a senior sales analyst at Bristol-Myers Squibb on Scudders Mill Road.

She was an accounting major at St. John’s University, Class of 1993

and hopes to receive her finance MBA from Rider.

Bart V. Del Cimmuto

went to Penn State (Class of 1989) and is working on his MBA in finance.

He is a regional credit analyst with Ford Motor Credit in Mahwah.

Lee-Ann Benjamin graduated from Rider in 1997 and works in Warren

for EnableVision as an information system consultant.

They were in the class of Marvin Darter, associate professor of computer information systems.

Top Of Page
Internet Fraud Watch

In response to the Internet fraud reports that tripled

in 1997 the 109-year-old National Consumers League has set up Internet

Fraud Watch, dedicated to giving consumers resources to avoid fraud (http://www.fraud.org/ifw.htm).

But fraud tactics change rapidly. The Internet Fraud Watch reported

that for the first six months of 1998 the five most frequent reports

of fraud were for web auctions (undelivered or over-valued items),

general merchandise sales (never delivered or not as advertised),

Internet services (false representations), hardware/software

sales, and pyramid and multi-level marketing schemes.

The next six months showed a radical change. None of top-five frauds

from January to June were in the "first five" list for the

entire year of 1998. That list, as released on January 27:

Telephone cramming, adding extra unauthorized charges

to phone bills.

Advance fee loans (moved up from eighth place since June

1998), promises of loans contingent on the consumer paying a large

fee in advance.

Telephone slamming (changing your phone service).

Prizes and sweepstakes.

Work-at-home schemes.

The next five included magazine sales, credit card offers, telephone

pay-per call services, business opportunities and franchises, and

travel and vacation offers.

National Consumers League’s top tips to avoid Internet fraud, as reported

by the Rider students:

Do business with those who know and trust. Be sure you

know who the company or person is and where it is physically located.

Understand the offer, the total price, the delivery date,

the return and cancellation policy, and the terms of any guarantee.

The federal telephone and mail order rule applies: Goods or services

must be delivered by the promised time, or, if none was stated, within

30 days. Print out the documentation.

Check out the track record, calling for complaint records

and licensing or registration documents, but remember that fraud artists

can appear and disappear quickly, so lack of a complaint record is

no guarantee of legitimacy.

Never give your bank account numbers, credit card numbers

or personal information to anyone you haven’t checked out. But

using a credit card is preferable to mailing a check or money order;

you can always dispute fraudulent credit card charges, but you can’t

get cash back.

Take your time. High pressure sales tactics are often

danger signs of fraud.

Don’t judge reliability by how flashy the Web site may seem.

Know that unsolicited E-mail is often used by con artists

and violates computer etiquette. Report such "spamming" to

your Internet service provider.

Don’t download programs from Web sites you are not familiar

with, even if you want to see pictures or hear music. You could unwittingly

download a virus that hijacks your Internet service, reconnecting

you to the Net through an international phone number, resulting in

enormous phone charges.

Top Of Page
Trintech’s Initiatives

Another aspect of the Rider study dealt with technology-based

solutions aimed at preserving the reliability and integrity of E-commerce.

When the study was published, there were only two major technologies:

Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET).

Since then, Trintech has come out with two variations on these methods,

aimed at making it easier and more secure for consumers to buy on

the ‘Net (http://www.trintech.com).

Trintech is based in Dublin, Ireland, but opened a research and development

facility here in 1997 and is located on Independence Way. The privately

owned firm specializes in providing card payment and electronic commerce

solutions to bankers and retailers (U.S. 1, December 3, 1997).

Kevin McGuire, the oldest of three brothers in Trintech, heads

the Princeton office. He graduated from University College Dublin

in 1976 and came to Princeton Plasma Physics Lab in 1979, recruiting

fellow PPPL-ers to help him open the R&D office on 1997. Sales, marketing,

and customer support for Trintech is provided by a 30-person office

in San Jose, and a six-person marketing office is in Austin. Munich

is the site of a European office.

Trintech is a direct supplier and an OEM (original equipment manufacturer)

supplier of payment software http://www.trintech.com.

Trintech’s latest and most exciting product is Payware Net. "We

realized that SET (one of the transaction methods) was slow to take

off," says spokesperson Richard Martin, "and that people

on the retail side were asking for a form more secure than offered

today under traditional SSL (the alternative transaction method).

Our guys in Princeton developed this Payware Net product, and it comes

in four different flavors:

1. Plain vanilla SSL is described by the students as "Netscape

Communication Corporation’s handshake protocol." With encrypted

data transmission it issues a digital certificate and signature to

authenticate both the buyer and the seller. "It uses public key

encryption — a set of mathematically linked numbers, referred

to as keys. A message encoded with the public key (widely known, such

as an individual’s address) can be decoded only with the private key

(so the message can be read only by the intended recipient),"

describes the report.

After SSL negotiates the secure connection, the buyer and the seller

can begin to exchange data. It works, but as Martin points out, "Plain

SSL messaging doesn’t give the same level of security as SET."

2. SET or Secure Electronic Transaction is the set of

security protocols developed by Visa International and MasterCard.

Trintech installed its version on Netscape’s site in 1996. "It

goes beyond SSL by incorporating credit card authorization, ensuring

that the buyer is authorized to use the credit card (via the digital

signature) and that the merchant is authorized to accept the card

(via verification of the merchant’s relationship with a bank acting

as a payment processing intermediary)," says the student report.

SET offers a digital certificate at the consumer level, as well as

at the merchant level, says Martin. Merchants can post the SET symbol

on their home page so that savvy consumers will know their credit

card data will be safe.

But using SET can be expensive for merchants dealing with low margin

transactions, so Trintech now offers two hybrid versions:

3. SSL to SET combination, just released in December.

The buyer sends a message in SSL to the online merchant site. This

is translated to a SET message and sent from the online merchant to

the bank. "One of the big barriers of SET is the whole digital

certificate that the consumer fills out," says Martin. "Here,

the consumer doesn’t have to apply for the digital certificate, yet

the consumer knows the site is secure," says Martin. The SET mark

means that the merchant has gone through rigorous third party testing.

4. Certless SET, an all-SET messaging system without the

requirement of a digital certificate for the consumer; the consumer

does not have to go through the rigamarole of that application. "For

the consumer, three and four are identical," says Martin. "The

consumer knows the data is more secure because of the SET encryption.

It is another step to more secure E-commerce."

Which of the four Payware offerings is preferable? "We are

the technology company," says Martin. "We leave it to the

card associations and the banks to decide what is the best."

To Martin, a good way to measure fraudulent Internet transactions

is to count the number of "chargeback" complaints to credit

card companies about Christmas purchases. Not all of the complaints

will be due to fraud: "There is a rumor that it is quite high;

people are alleging that kids’ are taking parents’ credit card numbers

and getting merchandise sent to their address — and these purchases

are being disputed by the parents."

CEO John McGuire and the Trintech crew want to develop the technology

so it is "a transparent exercise of clicking, clicking, and clicking

for payment to be activated, authorized, and completed in a secure

manner."

"In a few years, consumers will log on, click, and pay with the

same confidence and regularity on the Web as they do today in the

physical world," says McGuire. "But encryption is a

demanding science. We feel that, by making the investment in research

in these early days, we will be rewarded in the near future when the

underlying encryption methodologies need to be upgraded to newer,

faster, and more secure encryption techniques."

"It’s a very exciting area to be working in. You are going to

potential and existing customers who want to embrace the technology

and make it available to the customer base," says McGuire. "This

is a push sell, not a pull sell."

Top Of Page
For Goren’s LapJack, A Sale & Repackaging

Once more, Andy Goren is an empty nester. He founded

TV Objects, a company that developed a Java software tool called Applet

Designer, and he sold it off. Then under a different company name

he developed a hardware solution to laptop computer security, Lapjack

(U.S. 1, June 10, 1998). In October he sold the license for Lapjack

to a multibillion dollar global firm, which will launch the repackaged

product on March 1. Now the 29-year-old Goren, based at Princeton

Office Gallery on Independence Way, is contemplating his next contribution

to the cause of electronic commerce.

"For now I am going to stay around and help out," says Goren,

who had been a theoretical math major at University of California,

Berkeley. "But I might work on a new product, a joint venture."

Curtis Computer Products, has bought the worldwide exclusive rights

to Lapjack for marketing and manufacturing LapJack (http://www.curtiscp.com).

Curtis is a division of Esselte Pendaflex, a manufacturer of Oxford

file folders that supplies distribution to office products distributors,

computer supplies/VAR distributors, mail order catalogs, mass market,

and superstores for computers and office products.

LapJack uses an encoded security key that plugs into a parallel printer

port on a laptop computer. If a machine is enabled with LapJack it

cannot boot up without the key. It can’t be compromised by booting

from a floppy. And once the LapJack software is deployed on a laptop,

that computer’s hard drive can’t be used in another computer, nor

can the hard drive’s data be reformatted. LapJack puts no demand on

the processor or memory, doesn’t corrupt data, and doesn’t use passwords.

The new product is getting a new name, Data Defender, and a huge marketing

push. Its software is being translated into 14 languages, including

Hungarian, Polish, Finnish, and Swedish, says Ken Bernstein of Curtis.

Lapjack had a "street price" of about $90, and Data Defender

will sell at discounted rates for a similar price, from $89 to $99.

Data Defender will be a Qualtec brand and will have tie-ins to other

Qualtec products. "We own a printer cable company, and for desktops,

laptops, and docking stations, we are providing the Qualtec Data Defender

Parallel Port Extender," says Bernstein. This four-foot "splitter

cable" can be plugged into the hard-to-reach port of a desktop

computer and extend to a convenient spot for users to insert their

hardware security keys. It will retail for $29.95.

Like TV Objects is now, Lapjack will be a shell company after the

launch. To develop this hardware product, Goren had worked with Juan

Ruival, whose name is also on the patent. He had investment capital

from David Plimpton of Plimpton & Yang on Chambers Street. What now

for Goren? "I’m going to look in Internet and security areas for

the next products," says Goren.

Lapjack Systems, 5 Independence Way, Princeton

Office Gallery, Princeton 08540. Andy Goren, president and CEO. 609-514-5181;

fax, 609-514-5176. Home page: http://www.lapjack.com.


Next Story


Corrections or additions?


This page is published by PrincetonInfo.com

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.

Facebook Comments