Avoiding the E-Commerce Danger Zone

Face it: If you shop online, your life is an open book. In the Internet age, privacy is a thing of the past.

But that does not mean users are helpless to control how their personal information is used online. They can take a number of steps to safeguard private data and avoid potential e-commerce danger zones.

Good Intentions

First of all, put away those conspiracy theories. According to David Martin, chief investigator at the Privacy Foundation, most serious online privacy violations occur as a result of mistakes rather than malice.

"Consumers should know that when they volunteer any information on the Web, it's entering into a system that's pretty immature but basically well-intentioned," Martin told the E-Commerce Times.

In a recent study by Harris Interactive, 83 percent of respondents said they would stop doing business with a company if the company misused customer information.

"So, there is a built-in incentive for companies to do it right," John Ford, chief privacy officer at Equifax, told the E-Commerce Times.

Provide the Bare Bones

The fact that a security breach may be an honest mistake is no consolation for those whose private lives are out there for all the online world to see, though. So, what can consumers do to guard their privacy?

"When I go online, I want to make sure I only provide the information that is necessary to conduct the transaction," Ford said.

Credit-Card Theft

But a transaction requires a credit card number, and that is one of the things hackers may want to steal. According to a recent study by GartnerG2, more than US$700 million in online sales, or 1.14 percent of total online sales, were lost to fraud in 2001. And of 1,000 Web users surveyed in January, 5.2 percent had experienced credit-card fraud online.

To guard against credit card theft, GartnerG2 analyst Avivah Litan said consumers are beginning to adopt solutions like Visa's Verified by Visa and MasterCard's Universal Cardholder Authentication Field (UCAF) standard and Secure Payment Application (SPA).

Privacy Policy

Even when theft is not involved, many users do not want their personal information shared or used for marketing purposes. For concerned consumers, the first stop on any Web site should be the section about privacy.

"Look to make sure there is a privacy policy. Read it and understand what data is going to be collected and how it is going to be used," Ford advised.

Even a cursory look is better than nothing.

"A consumer doesn't have to read through all of the legal language to get a sense of what the company will do with personal information," Forrester analyst Christopher Kelley told the E-Commerce Times.

"The key is to be aware of ambiguous language, often a sign that the company is trying to create loopholes for itself regarding your personal information."

Seal the Deal

Ford also recommended that users look for sites with a privacy seal, such as those offered by the Better Business Bureau or Truste.

According to the Harris report, 62 percent of Web users would not mind disclosing data at a Web site if the site were audited by a third party. A privacy seal indicates that such auditing is in place.

Users who have version 6.0 of Microsoft's (Nasdaq: MSFT) Internet Explorer browser can even do their own monitoring. If they visit a site that does not meet their preset standards, the browser will display a warning icon. "Consider it an early warning detection system," Kelley said.

Tune In, Turn On, Opt Out

Another way to make sure personal information is not shared is to opt out on each site visited. "Pay attention to opt-out, opt-in boxes," Kelley noted. "Frequently there will be two of these boxes, one for the retailer to send out marketing e-mails and another for the retailer to 'share' information with third parties, which means even more marketing e-mail for the consumer."

For users whose e-mail has slipped through the cracks or for those too busy to opt out on each individual Web site, there is another option.

The Direct Marketing Association, which has long offered consumers a way to remove their name from mass-mailing and telemarketing lists, now offers an e-mail preference service.

Consumers who sign up will receive no unsolicited e-mail from DMA members. According to Ford, 99 percent of major marketers are members of DMA and therefore must run their list of e-mail addresses through the DMA's filter.