Consumer Hazards
by Mr. Natural
The promise of online shopping has been dangled in front of eager spenders' faces for longer than most online services have been in existence. Now, the rising commercial face of the web has given the consumer a veritable pleasure dome to frolic in.
Any company worth a damn (and many that aren't) either have web sites in operation or construction. The better ones offer the equivalent of an online catalog, complete with pictures, product specifications, and prices. The only problem is, you can't actually buy anything. It's like some high-priced strip club - you can gawk all you like, but don't dare try and bring anything home with you. Except I don't know anyone who would stuff dollar bills in the floppy drive of Sun's new workstation. Well, maybe only a couple of people.
Why the foolishness? One would figure that companies are eager as all hell to make money off of this new medium. The answer, or so most every magazine save Dog World has tried to feed us, all has to do with computer security. Computer hackers, according to the pundits, have the ethics of a protozoa. Commerce over the Internet involves lots of sensitive data like credit card numbers floating about where anyone can grab 'em. All it takes is one hacker to grab your sensitive data, and it won't be long until you owe your life to the credit card companies (paying off bills to, if the hackers I know are any indication, the Coca-Cola company, Frito-Lay, and computer parts stores - in that order).
Of course, the difficulty of compromising even the most insecure of channels is such that the greatest threat to secure information is probably at the data's destination rather than while it's in transit. In fact, what many seem not to realize is the amazing and frightening fact that most of the credit card transactions that are carried out every day are as secure, or even less secure, than any net-based sale.
Those of you out there with credit cards (however obtained) try and think about the last few items you have charged, and the path your number had to travel in order for your purchase to be completed. Say you bought gas at a full service gas station. Your card probably traveled inside the store with the attendant, allowing who knows what kind of devious twit inside to get your number. If you bought lunch at a sit down restaurant, the bill may have traveled to the kitchen area to be viewed by whatever slime cooks the food or washes the dishes, or owns and runs the place for that matter. Where's the security in that?
In order to better illustrate, let me share with you a few observations from my personal life. I worked for some time at a video rental establishment and, in my course of employment, I noticed several things in regards to the safety of credit card numbers. I make no attempt to hide my former profession, as anyone with half a brain who worked at these stores (a rarity, I assure you) is most likely well aware of the myriad ways to nab card numbers. The real difficult part of the equation, and the real criminal part too, I must add, is using these cards without getting caught - something I myself have not done, nor wish to do. For those of you wanting to become little criminals, you can stop reading here. My point only is to educate, and perhaps to alarm. Anyways, back to the story.
First of all, there is the lazy man's way to pilfer such data. If a customer pays using a credit card, the number, expiry date, and copy of a signature can be nabbed with ease. The receipt is in the till, after all! The customer's looks (age, sex) can be determined as can how their voice sounds. If, as in my case, the customer is of a video store, you also have access to many other interesting items including address and phone number; other ID numbers such as from a driver's license or Social Security card; perhaps even a date of birth, or even names of spouses, children, or significant others.
Some of these items are bits of info that a computer hacker nabbing credit card numbers from online businesses would probably not get. And furthermore, the sneaky employee can make use of the store's credit card verification number to check the status of the card, as well as affording a trickier guess at the balance remaining on the card.
The video store I worked at had some interesting but little used features in its software. Ridiculously bad security was one, but that's another story. One feature was its good use of statistics. A manager could call up reports showing the customer name, the number of visits made, the date of the last purchase, and means of identification, to name a few. One could also print out this report using only a specific range of customers, or it would take a prohibitively long time. Find a customer who has only been in once or twice, with the last visit about a year or more ago, and with a valid credit card. In fact, they didn't even have to use the card to have it on record. So when the bill comes the next month with a charge from the Computer Shack, or Snuffy's Banjo Emporium for that matter, the customer will be clueless. Will he remember the time, two years ago, when he rented a video across town because he was visiting some girlfriend he dumped three months later? Or will suspicion naturally fall to his most recent credit card purchases? I can hear you shrill "paper trail!" But on this system, reports could also be printed out to the terminal. No paper, apart from some handy notes that can be swallowed later.
But that's not all! Let me top this tale of consumer paranoia by mentioning this. The company I worked for was part of an expanding chain in a large city. Every so often they would open a new store not too far away from one of their older ones. When this happened, the company would transplant a copy of the customer database from the old store to the computer of the new one. This is so the clerks wouldn't have to enter in these same old customers when they visited the new store.
But consider this... by following the procedure previously described, names and card numbers could be found of people who were not just infrequent customers, they were people who had never entered the store in their lives! If people are afraid of the anonymity of the Internet, they should be terrified by this. Like the stereo-typical hacker, the clerk has become the anonymous possessor of secure information. Why does one deserve to be trusted, and the other not?
I personally think its because of the reassurance one gets from dealing directly with a person. Dealing with a company on the web is less personal than dealing with a clerk, or even a telephone sales firm, in that you neither see nor talk to anyone. Is the "seller" really some twisted toad sitting in his combination basement office/abattoir? You never know. At least when a card payment is made in person, the customer can see the recipient and judge for him or herself whether the business or employee deserves to be trusted. Or at least the constant yielding of personal identification upon demand to any yokel behind the counter has made it an automatic reaction.
Of course, I must add that the great majority of clerks are not thieves, and I also have no doubts that the majority of business that will sell their wares on the web will largely be honest. But I cannot speak with such optimism of the honesty of every one of these companies' employees, nor can I say that these companies will treat secure information with respect once they have it. In my eyes, the security scare about Internet commerce that is going on now is somewhat sensible. At least there are people who realize the danger of letting this information into anybody's hands. It's too bad most people don't extend the same caution to all of their transactions, especially those involving large, easily accessible databases. But then again, hysteria concerning new technology, and the blinding glare of commerce, have ways of obscuring common sense.