• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Priyanka Jayashankar

Online merchants bank on technology to outwit cyber shoplifters and induce customers to load their virtual shopping carts.

It's a war game on a different plane. Retailers mount uncanny devices to protect their turf and hire e-commerce experts as their loyal foot soldiers. Behind the enemy lines, code breakers brace themselves to launch an ambush against online merchants. Caught in the crossfire are millions of netizens looking out for safer fortresses to guard their credit card numbers and bank account details.

Besides tackling intruders, retail sites are embarking on a more delicate mission: winning the trust of clients. Some of the cyber-smart marketeers have initiated several Doubting Thomases into their fold. With security solutions like firewalls, VeriSign certifications and 128-bit SSL (secure sockets layer) in place at leading e-commerce sites, more browsers are willing to fill up their virtual shopping carts.

About 90 per cent of the transactions at Indiatimes.com are driven through credit card payments. Ashish Kashyap, General Manager and Business Head — e-Commerce, Indiatimes.com, says privacy policies, DNV certification (an international quality certification for management systems) and other security measures have helped in building trust among consumers. "Security applications have boosted online sales," says C. Rajkumar, an online security analyst with a specialisation in Java solutions.

How do these bits and bytes keep hackers at bay? During an online transaction, the SSL software changes the customer's credit card information into junk characters and the data gets re-converted after it reaches the online retailer's server. Landmarkonthenet's V.N. Venkitakrishnan likens the online payment gateway with an ATM and says, "An order gets processed on the site in five minutes. Each security layer has a password, which makes the site very difficult to hack." Fabmall's K. Vaitheeswaran adds, "It is virtually impossible for anyone to get the card details during transmission."

Kashyap affirms that online credit card payments are safer than those made on the ground. While a customer does not have to share credit card details with any individual on the Internet, there's a greater risk in handing over one's card at a local store. Usually, a cashier/ shopkeeper notes down the 16-digit card number on charge slip copies. But in the case of virtual malls, the 16-digit number is entered only in the respective bank's Web site. In addition, the virtual shopper also enters the last three digits on the back of the card, which is known as the credit verification value (CVV). As an extra precaution, the cardholder can obtain a PIN number from the bank.

Online bankers are joining the race to promote safe credit card payments. HDFC's recent product `Netsafe,' enables customers to create a virtual card on their current credit or debit card with a "pre-defined limit" and "shop securely online, as they do not share their card number and the virtual card expires with the purchase or after 24 hours," says Rahul Bhagat, Vice-President and Head — Direct Banking Channels, HDFC Bank.

This bank also offers `Netbanking' facility in which the account holder's information is protected by a 128-bit SSL software. If the wrong combination of password and username is used thrice, the user is locked. With stringent safety features, online banking is seeing better times in India, both in big and small towns," says Bhagat.

Cyber traders have to steer clear of pranksters placing fraudulent orders on retail sites by entering fictitious IDs and phone numbers. Venkitakrishnan says such orders were rampant in the early days of online shopping, but now e-commerce managers are experienced enough to ferret out fake orders from genuine ones. Thanks to call centre checks, customer profiling and partnerships with banks, Indiatimes has succeeded in bringing down fraudulent orders to 0.3 per cent. E-tailers have also zeroed in on unauthorised credit card payments. "We do a lot of verification manually to make sure the order is genuine," says B.G. Mahesh, CEO and co-founder of the news and e-commerce portal IndiaInfo.com. The site managers also approach credit card companies to stop unauthorised payments. "If the order is very big we tend to talk to the client directly," Mahesh adds. Whenever Indiatimescomes across unauthorised transactions, the ID and location of the fraudulent user are immediately forwarded to banks, e-commerce channels and even the CBI."In a few cases during the last four years, we have even been able to help the authorities nab the criminals. Our rate of crime detection is as high as 70 per cent," says Kashyap.

Though phishing (where browsers are tricked into parting with personal information on fraudulent sites that mimic legitimate sites) has not been a major concern for Indian e-tailers, it has taken its toll on netizens worldwide. Ashwanth Srinivasan, a Florida-based oceanographer, got hoodwinked by a false Citibank Web site link. "I was in Jamaica and I wanted to withdraw $2,500 from my account," he recalls. But no sooner had he submitted his account information than he realised that the site had no https encryption or a VeriSign certification. On the other side of the Atlantic, a Stockholm-based hacker was ready to rake in the stolen cash. But Ashwanth quickly alerted Citibank officials and the cyber thief was nabbed in time. Online retailing is similarly vulnerable to phishing and other forms of foul play. As security analyst C. Rajkumar says, "The statistical level of dollar-rupee loss due to hacking and phishing is rising exponentially every day."

With spyware and cookies at browsing centres recording every mouse click, an average security expert has a tougher job of solving `cyber whodunnits'. The modern-day Sherlock Holmes tracks down the murky activities of online mafias and Net crackers by simulating hacking networks. There are also reports of sites collecting personal information from customers on the Internet and selling it to other companies for marketing surveys. "Currently, online security is a hot topic for companies. Hackers are hired to tackle rival companies and security experts are hired for security policies!" says Rajkumar.

State-of-the-art security is not always affordable for small-scale retailers and its cost is imputed in customer service charges. The RSA algorithm is one of the most impregnable safety measures, which has so far not been de-coded by hackers. However, "many e-tailers cannot afford the RSA technology," says Rajkumar, adding that the security of different types of information can be compromised through open source software.

To protect inventory data and personal finance details, heavyweight e-tailers also use USB (universal serial bus) technology, which can be accessed through a centralised server for a two-way authentication. Despite mounting security costs, sites like Indiatimes and Fabmall are keen on upgrading their services and are also considering mobile payment facilities. When more discerning browsers shop within the confines of firewalls and when e-commerce managers get their act together, cyber shoplifters are bound to retreat from the virtual battlefield.

Picture by Bijoy Ghosh

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Sold on the Net

Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line