Online Mugging a Threat, But No Showstopper

It is no wonder that security initiatives have risen to the top of technology companies' priority lists. In addition to terrorist and virus threats, personal identity theft is a burgeoning menace for online consumers and merchants alike.

"[Identity theft online] is more likely than you might think," Gartner senior analyst Kenneth Kerr told the E-Commerce Times. "In fact, the numbers are shockingly high."

The Federal Trade Commission estimated that identity theft is the fastest-growing financial crime in the United States, with more than 700,000 victims in 2000 alone.

That said, vigilant consumers can avoid online attacks and should not fear e-commerce, analysts said.

Criminal Activity

Personal identity thieves steal information -- name, birth date, Social Security number or credit card number -- then spend haphazardly under a victim's name.

The Internet is just one of many venues where these criminals lurk.

"The expansion and popularity of the Internet to effect commercial transactions has increased the opportunities to commit crimes involving identity theft," U.S. Attorney Sean Hoar wrote in a recent bulletin.

Regular Risk

Some analysts do not consider online risks to be significantly higher than offline perils.

"It takes a sophisticated thief to hack into a Web site or server," Kerr said. "It is a lot simpler to steal identity information in a physical environment like a restaurant."

Although a recent Gartner survey indicated that 16 percent of online adults have had their credit card numbers stolen and misused -- and that 8 percent have had other identity information stolen, such as a SSN or driver's license number -- Kerr suggested that the actual thefts likely occurred offline.

Corporate Shields

Time-tested e-commerce sites like Amazon.com (Nasdaq: AMZN), EBay (Nasdaq: EBAY) and Yahoo! (Nasdaq: YHOO) have amassed enough experience to provide sufficient security and privacy for user information, according to Kerr.

For its part, bellwether Microsoft (Nasdaq: MSFT) (Nasdaq: MSFT) recently made a public commitment to online security with its "Trustworthy Computing" initiative.

In the same vein, IBM (NYSE: IBM) has teamed with VeriSign (Nasdaq: VRSN) (Nasdaq: VRSN) to improve online identity authentication in e-business applications.

And BestBuy.com (NYSE: BBY) recently announced a new online payment engine designed to guard against credit card fraud.

Daunting Damages

But no security measure is wholly impervious to fraud, experts insisted.

"You can install security software and procedures to deter and prevent crime," SecurityFocus CEO Arthur Wong told the E-Commerce Times. "But will it be 100 percent secure? No. That's impossible."

And criminals who do circumvent online security shields make their victims pay. The U.S. Secret Service estimated that consumers lost more than US$745 million in 1997 due to identity theft.

According to U.S. police detectives, annual losses now exceed several billion dollars and include losses absorbed by credit card companies, victim costs including legal assistance, and judicial and law enforcement time spent investigating and trying cases.

Password Protection

But online shoppers can protect themselves.

Some credit card companies offer surrogate account numbers for online use that mask a user's true credit card number from hackers, Kerr noted.

Also, over the next 18 months, more credit card firms will mimic the Verified by Visa program, which offers personal passwords to authenticate online shoppers' identities, he added.

"Credit card numbers should not be provided to anyone on the Internet unless the consumer has initiated the contact and is familiar with the entity with whom they are doing business," attorney Hoar said. "[And] computer users should install a firewall on their personal computers to prevent unauthorized access to stored information."

Victim Aid

Hoar said consumers who suspect their identity has been stolen should contact the fraud departments of the three major credit bureaus: Equifax, Experian and TransUnion.

They also should contact the fraud departments of the creditors of the violated accounts, and should file a report with a local police department as well, he added.