Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Trust Failing Overall

Posted by Zonk on from the bungling-lowers-confidence dept.

twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."

21 of 197 comments (clear)

  1. Sheesh... by 14erCleaner · · Score: 5, Insightful

    Most people who distrust internet commerce will gladly hand their credit card over to minimum-wage waiters, who disappear into the back room of the restaurant with it for ten minutes. It's all a matter of image and perception.

    --
    Have you read my blog lately?
    1. Re:Sheesh... by Tony+Hoyle · · Score: 3, Insightful

      In any good restaraunt this does not happen. You are invited to follow the waiter to the till whereupon he swipes the card and invites you to sign for it.

      I'm not sure I'd want to eat at a place where the waiters were allowed to disappear with credit cards for several minutes - they should be in view at all times.

    2. Re:Sheesh... by BitwiseX · · Score: 5, Insightful

      You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc. There is little or no difference. Do you have any idea of knowing what happens to those CC slips your local Mom & Pop restaurant process daily? About as much as you have of knowing what happens to your CC# once you buy something at amazon.com. Why all the paranoia? 6 of 1, half a dozen of the other. Put your faith in your CC company and their fraud prevention.

    3. Re:Sheesh... by ArmchairGenius · · Score: 4, Insightful
      Very good point. The credit card companies are responsible for fraud, so while I obviously am careful about who I give my CC info to, I am not all that worried about it being on some company's database out there in cyberspace.

      Everyone should look at their monthly bills and notify the CC company of any erroneous/fraudulent charges. Then the CC company can take that up with the vendor that made the charge. It's the beauty of using a credit card.

      --
      Armchairgenius.com - Where everyone is a genius.
    4. Re:Sheesh... by Anonymous Coward · · Score: 1, Insightful

      An excellent point, however there's a fine disctinction to be made here. If a local waiter lifts your card number, said person is probably going to be a lot easier to track down and deal with than if some script on a webserver harvests your number and emails it to who-knows-where.

      Don't get me wrong, I use my card on the net with condifence all the time - but the fact still remains, that there is a difference.

    5. Re:Sheesh... by nacturation · · Score: 4, Insightful

      You beat me to this one. I would GLADLY use my CC over the internet before I would give it to a waiter, cashier, etc.

      Same here. I think for most people, though, it's really just a fear of the unknown. Their credit card gets whisked off to some magical technological storage and they can't see what's happening. Even though they don't understand what really happens, their concerns are somewhat justified. There's a different scale of fraud possible when your credit card number gets stored in an online database vs. a waiter writing down the number.

      In the case of a waiter, barring organized crime rings, your card might get used to order a couple of items and that's about it. With an online database, if that site gets hacked your number is now likely circulating amongst various hacker groups and could easily be used to rack up a lot of charges.

      However, in either case your remedy is the same. Contact your credit card issuer, dispute the charges, then they go after the merchants who have to prove that a transaction was made by the owner. If they haven't swiped your card through their terminal and obtained your signature, then the merchant loses that money. Unfortunately, it's always the merchants who take the largest risk in accepting credit card payments.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    6. Re:Sheesh... by nine-times · · Score: 4, Insightful
      I can think of one difference: I know that the restaurant I'm in is the restaurant I mean to be in. As far as I know, there hasn't been much reason to worry about "fake" restaurants that take your credit card numbers and then don't bring you food, and when you call the authorities, the storefront evaporates. I guess someone could try a scam like that, but I haven't heard of it being much of a problem.

      But web pages? Most people can't really tell the difference between a real store's site and a fake page designed to look like a real store's site. Plus the ettiquite of net behavior isn't as firmly set in people's mind. If the waiter from the restaurant shows up on your doorstep saying, "Ummm.... yeah, I'm gonna need your credit card for a few more minutes, for the restaurant, I mean," you'd know it was fishy. But a convincing-looking e-mail claiming to be from ebay, people don't know the difference between that and a real e-mail from ebay.

    7. Re:Sheesh... by Seumas · · Score: 2, Insightful

      Who are these idiots that are being ripped off? I just don't get it. They are basing their belief on nothing but fear-mongering media reports. I do tens of thousands of dollars of business online every year - from groceries and paying bills to buying computer equipment, sending flowers and making donations.

      I have never been ripped off in any way whatsoever and the few times I've had problems with a party, VISA has been quick to handle it for me.

      Yeah, if you buy stuff on an auction site from a guy in Norway selling laptops through Western Union, you're probably going to get ripped off. But do you really think that Safeway.com, Amazon.com, CDBaby.com or your power and cable company are going to rip you off?!

      Keep track of what you buy and keep an eye on your online statements every week and you should be fine. Honestly, it isn't that damn difficult.

    8. Re:Sheesh... by rbanffy · · Score: 2, Insightful

      I was discussing this with my mother yesterday. She doesn't trust computers to the measure she goes to the bank to pay her bills and is horrified that I pay almost all my bills without leaving my chair (Brazil has an excellent banking system, with all banks connected to each other since early 70s and able to conduct to-the-minute money tranfers very easily). To her, my advice was "know the tools you are using". If you have no idea of what a post card looks like or how it works, you may think that a secret written on one is safe.

      --
      http://www.dieblinkenlights.com
  2. Change? by Bender0x7D1 · · Score: 2, Insightful

    From the article: "This survey demonstrates that awareness and action are replacing fear," Robert Holleyman, BSA's chief executive, said in a statement.

    How is awareness and action replacing fear when people are afraid to shop/bank online but don't handle their passwords any differently?

    Oh, wait... It was an executive who made the statement so all meanings should be reversed.

    --
    Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
  3. It's not just online businesses we distrust ! by javaxman · · Score: 2, Insightful
    Plenty of folks distrust most any business, and often with good reason. I'd link to recent examples of businesses not taking proper care of customer data, or otherwise breaking trust and committing fraud, both online and off ( ChoicePoint certainly comes to mind, as does T-Mobile... then there's Enron, WorldCom, Tyco... ), but the instances are almost too many to list.

    If businesses want people's trust, they need to earn it.

    Should online businesses be trusted ?

    I myself give out accurate personal data only when I really, really have to, and even then am pretty picky about the companies I work with - both online and offline. If confidence has declined, maybe people are learning...

  4. Online trust by vurg · · Score: 2, Insightful

    I lost my online trust when I fell victim to a particular .cx site.

  5. Case in point: ChoicePoint by PHAEDRU5 · · Score: 5, Insightful

    Here in GA we have ChoicePoint, a company which recently allowed a criminal gang to make off with something like half-a-million IDs.

    Only people in California were notified of the leak, because CA has a law requiring notification. Everyone else is going to have to wait 'til their identity gets stolen.

    The GA legislature is taking up a bill to require notification of GA residents when their personal information is stolen or accidentally leaked.

    Part of the problem, IMHO, is that companies won't tell you when they've shared your information with a non-trusted third party. So, a good first step would be voluntary disclosure.

    --
    668: Neighbour of the Beast
  6. Indeed by ArbitraryConstant · · Score: 2, Insightful

    When knowing a number is sufficient to use it (credit cards, SSN), security is impossible.

    It is a fact of life that your important numbers hang around indeffinitely in various databases. Unless more than a number is required to use them, it will become impossible to maintain your identity.

    --
    I rarely criticize things I don't care about.
  7. Re:The Problem isn't the Internet by taustin · · Score: 2, Insightful

    The only problem with your whining is that credit card fraud is many times more likely to happen when you use your credit card in a brick-n-mortar store, face to face, than when you use it online. And if the number is stolen, the amount fraudulently charged to it will be several times as much.

    This isn't news, or especially obscure. While online credit card fraud may be the "fastest growing category," it's still minor compared to disgruntled cashiers who copy down details on the sly.

  8. Re:Not just online by LibrePensador · · Score: 2, Insightful

    This country must have gone down the drain if cynics like you are moderated "+4 Insightful".

    If friendship or loyalty are not real to you in any tangible form, one day you may realize that you have nothing left to go on for, hence, you will not.

    Get out into the world. Do a bit of community service, create LTSP installations out there, build stuff that people can use and along with the stuff you build, you will build bonds and friendships that will last you a lifetime.

    You appear to be the epitome of capitalism's alienation. It doesn't have to be that way!

    --
    Pragmatism as an ideology is not particularly pragmatic in the long term. Keep it in mind when you dismiss Free Software
  9. Re:Not just online by Turn-X+Alphonse · · Score: 3, Insightful

    You miss the point. I trust the guy nextdoor, I trust the lady down the road, I trust my friends. I don't trust the world outside of this because it's clearly put "we want your money, heres a brainwashing so we get it".

    Take it how you want it.

    --
    I like muppets.
  10. Re:Quotes from the BBC article: by Sycraft-fu · · Score: 2, Insightful

    Ya the LC thing is always enlightening. Where I used to work when we ran it it found 50% of the passwords instantly, as in not even trying a dictonary attack, just things like variations on usernames and so on that it always try. It was up to about 90% after the dictonary attack, and had all but three with the dictonary + varations.

    Fortunately, the passwords didn't really get you in to much other than the computers, however it was still a sad situtation, and not one the management had any intrest in rectifying.

    This is why we really need to get some kind of dual authentication system that uses like a smart card and a PIN. People will NOT use good passwords. A PIN + smartcard system would be pretty hard for people to get around. You'd have to find out the PIN and physically steal the smartcard, then use them before access was revoked. Certianly not impossible, but much easier than finding out a stupidly simple password and using it covertly.

  11. Re:lots of large scale compromises lately by Daedala · · Score: 2, Insightful
    I disagree. The problem isn't online commerce; it's commerce in general. "Online" is a scapegoat. The industry has already lost your information. It's been gone for years. Commerce in general doesn't work, because it depends on information that everyone ought to know by now is not secret.

    I don't worry about online banking or shopping per se. I worry that someone can walk into a bank, say they're me, and buy a house with my credit rating. I worry that someone can order a plasma TV over the phone with my credit card to launder money. And yes, I worry that someone can apply for a new credit card in my name over the Internet -- but that's a subset of the problem. How can you make online commerce safe when commerce itself isn't safe?

    We need to prevent compromises, but that won't solve the problem. We need to make it harder for people to steal money armed with only a name and an SSN. Except without instant credit, the American economy would collapse, then the world, and then where would we be?

    --
    What I say does not represent the views of my employers, my friends, my cats, or myself.
  12. Re:Quotes from the BBC article: by Beryllium+Sphere(tm) · · Score: 2, Insightful
    I'm constantly finding passwords on sticky notes on monitors and under keyboards
    You'd be surprised how little difference that makes to security. It's about three minutes worth. Somebody who's sweet-talked his way past your physical security can boot from CD and own the machine in three minutes, install a hardware keylogger in less than thirty seconds, or read a sticky note while walking by. Hiding the password, then, gains you at most a few minutes of intrusion resistance unless you've taken a lot of other precautions.

    I've actually made the heretical argument about password security that you should write your password down (though of course some place smarter than the monitor).

  13. Re:The Problem isn't the Internet by starfishsystems · · Score: 2, Insightful
    Well said.

    The longstanding pattern of providing easy credit predates the Internet. It has led to practices that are insecure by the most rudimentary standards. And yet, it has certainly been profitable for the providers.

    Between the transaction fees charged to the merchants, and the interest collected on credit, revenues for the providers have been greater than losses due to fraud.

    You would think that all parties would benefit from better security, but evidently the providers don't see it that way. As you probably know, their core operations are very secure, so it's not as if they haven't been willing to act on security risks which they perceive to be significant.

    --
    Parity: What to do when the weekend comes.