The Abuse Of The
Card Verification Number"> That said, there certainly is a legitimate reason for a consumer to be hesitant to give out their credit card number plus their card verification number to anybody who can put up a nice-looking online storefront. I still remember an attractive looking e-commerce site a few years ago that sold some out-of-print books I was interested in. Their credit card system was very effective. It was so effective that it continued to function even after the company shut down and the owners went their different ways. No one had bothered to shut down the site, so it kept taking credit card data, charging those cards and dispatching orders to a no-longer existing product distribution team.Personally, I like to come up with a reason to call a little-known vendors customer service people, just to make sure theres somebody still there. On that point, why do so many e-commerce vendors feel the need to staff a customer service department and then hide the contact information? Heres a challenge for you: Go to Amazon.com and see how long it will take you to find the phone number for customer service. You can cheat, of course, and just search for 1-800-201-7575, but try finding that number on that site if you dont already know it. Getting back to e-commerce security, its amusing to watch todays activity around the card verification number, which is the small series of digits that are not imprinted on the card. Almost all E-Commerce sites now require the number, which means that it no longer has any solid value as an authentication tool. In other words, if a bogus transaction is charged to a card and the cardholder denies the charge, the authentication number is intended to be proof that the cardholder was involved. But with that number now being given out to every online merchant the cardholder has ever used, that seems to be ludicrously diluted. At every stage of the roughly 11-year-old history of e-commerce, the major vendors have had the advantage. When the Web was super young, consumers only knew of the major players. Today, consumers are more knowledgeable and confident of search engines and price comparison sites, but security threats make them too nervous to veer too far from the major players. The problem is that small sites cant fight back even if they choose to invest heavily in security. Lets say a small site puts in place state-of-the-art security at every level. The best they can do is tout that fact to site visitors. Why would a security-concerned consumer believe them? If the e-commerce population truly wants a level-playing field, an organization of well-known vendors would put together a security standards group that would issue the equivalent of a Good Housekeeping Seal of Approval for security procedures. Yes, security certificates arent what they used to be, but at least it would be a start, especially if it involved frequent re-certification requirements. ("This site certified secure by the Really Big Name Security Council as of Jan. 15, 2006 through April 15, 2006.") The vendors would pay for their site to be secured. But those vendors need not worry about the cost because it simply will never happen. The security fear is a potent weapon that defends the large e-commerce players, so dont look for that particular playing field to be leveled any time soon. Evan Schuman is retail editor for Ziff Davis Internets Enterprise Edit group. He has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop anytime soon. He can be reached at Evan_Schuman@ziffdavis.com. Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
The mess was ultimately cleaned up by the credit card companies, but its a frightening lesson about buying from an unknown Web site.