· Family Finance
· Health Care
· Home Finance
· Protect Yourself
Looking to the Future: Banking on the InternetBy Jane Bryant Quinn
Tuesday, October 22, 1996
All that is going to change, and sooner rather than later. The Net supported an estimated $200 million in commerce last year. Five years from now, that's going to look like pocket change. Already, there's a bank that exists entirely on line: Security First Network Bank (www.sfnb.com) -- and it offers attractively high rates on certificates of deposit.
Two problems held Net commerce back: access and security. Both are rapidly being solved.
The World Wide Web created access, by organizing vendors into storefronts with addresses. To locate a product or service, you go through a Web "browser," such as Netscape Navigator or Microsoft Internet Explorer. They've made it possible to have electronic Yellow Pages. You can ask for "bookstores" and get a description of 500 sites, along with their Internet addresses.
Security is the scary part. When you type in your credit-card number, is someone waiting to grab it? We've all read headline stories about computer-network theft. There was the hacker in Russia whose gang lifted $400,000 from Citibank. And the kids in Long Island, N.Y., who stole some credit-card numbers and went on a $100,000 shopping spree.
Don't let these incidents put you off. When prudently used, the Net today is safe enough. Citibank made its customers whole, as it would after any heist. You're at greater risk when you hand your credit card to a waiter than when you use it to shop by computer, provided that your electronic business is handled entirely in code.
How do you know if you're transacting business in code? If you're using Netscape Navigator, look for a picture of a key in the lower corner of your screen. Unsecure connections display a broken key; secure connections, a whole one. With Internet Explorer, a lock pops up when the line is safe.
No security expert I consulted would do a credit-card transaction over an open line. But they all did point out that you're liable for only $50 in unauthorized charges if your card number is grabbed.
But even if you do business on an encrypted line, how secure is it, really? This is two questions, not one. How impenetrable is the code, and how do you know that the business you called is a real business, not a teen-age hacker ring?
Security experts say that, at present, encryption is looking pretty strong. Some codes seem almost unbreakable. Others aren't worth the time and cost that deciphering them would take -- at least, not for ordinary transactions.
Even with strong codes, however, a vendor can carelessly violate its own security system. "We're just waiting for the massive fraud that takes down a brokerage house or Internet company," says security expert Peter G. Neumann of SRI International in Menlo Park, Calif. Fortunately, bank and brokerage accounts offer other layers of protection. Your losses may be reimbursed by federal deposit insurance or the Securities Investor Protection Corp.
To try to give people confidence in who's at the other end of the wire, the Net has developed what it calls "certification." A trusted firm certifies that Security First Network Bank is indeed the bank, and issues it an on-line ID. If the certifier errs, it may be liable for any money you lose. Netscape users can find a firm's certificate by clicking on the little picture of the key. Internet Explorers should search "File." In the future, you may have to get your own certified ID.
Even more security is in the works. In about six months, you'll start seeing transactions protected by a new system called SET. It lets you charge things to a credit card without showing anyone the number. That should foil today's on-line "sniffers" that steal card numbers electronically. Your number will also be hidden from dishonest merchants or employees.
Then there's S/MIME, coming up by the end of the year. S/MIME lets customers send encrypted e-mail (orders, letters, invoices) that reproduce in a standard way on any machine. That should give Internet commerce an enormous boost, predicts Mack Hicks, a specialist in information security for the Bank of America.
The weakest point in the Net today isn't the infrastructure, it's you. World-class encryption won't help the klutzes who post their passwords on their computers or leave the workplace without logging off.
Jane Bryant Quinn welcomes letters on money issues and problems but cannot offer individual financial advice.