It's everywhere in the news. Consumers don't want their names and Internet habits passed around. They're tired of slogging through the spam that comes after their names have been sold to direct marketers. In "
Wagering on the Internet", the River City Group's vast Internet gaming research volume, the writers found that the security of sending credit card numbers and other financial information over the network remains "a serious concern of a vast majority of Internet users." Of those using the Internet, research revealed that a mere 18 percent of online consumers feels comfortable transmitting their credit card over the Net.
In fact, according to a recent Baltimore Sun news article, Jupiter Communications estimates that online businesses stand to lose up to $18 billion in 2002 due to lost sales from consumers wary of privacy invasions.
Further, the Electronic Privacy Information Center (EPIC) is suing the US Federal Trade Commission seeking the disclosure of privacy complaints received by the agency, contending the FTC has failed to act upon these complaints. Fearing the repercussions, many US companies are watching the case closely.
"There is a growing trend toward the enactment of comprehensive privacy and data protection acts around the world. Nearly fifty countries and jurisdictions have, or are in the process of enacting such laws," Privacy International wrote in the Executive Summary to their "Privacy & Human Rights 1999" survey.
They add, "Countries are adopting these laws in many cases to address past governmental abuses, to promote electronic commerce or to ensure compatibility with international standards developed by the European Union, the Council of Europe and the Organization for Economic Cooperation and
Development."
So, where do operators begin?
First you have to determine whether your site's privacy policy is adequate. If you don't have one, you can visit a variety of sites, like BBBOnline (http://www.bbbonline.com) and TrustE (http://www.truste.com) for advice. They even provide templates to make writing your privacy policy easier.
Next, do some research about what's available for you and your customers. EPIC has created the "EPIC Online Guide to Practical Privacy Tools (http://www.epic.org/privacy/tools.html)" naming a variety of privacy programs and web encryption tools. Another valuable source of information
is Junkbusters , which has created privacy freeware and comments, as well, about privacy issues and the Internet. This is just the tip of the iceberg. There are many products and even
more sites available for research.
One Solution: Accepting E-Wallets And Similar Products From Your Customers
New privacy software and "e-wallets" that store users' credit card numbers are practically flooding the market. It's just a matter of weeding out the wannabes from the future success stories. We've taken a look at just a few, with an eye to whether our readers would want to accept them on their sites. Remember that we're not recommending any of these products, just making you aware of them.
PrivacyBank.com (www.privacybank.com) offers a "wallet" solution that online gaming operators may find interesting. Companies can contact the web site and fill out some quick forms to become a free (for now) PrivacyBank.com supported vender.
Customers begin by filling out the PrivacyBank information forms, which stores name, addresses and credit card information, even passwords to log onto various sites. Whenever the user wants to make purchases or log on to your site, they click on the PrivacyBank.com bookmark and sign in. PrivacyBank then fills in any forms or password requests. With this approach, a layer of protection is added that prevents underage users from gambling illicitly with Mom or Dad's credit card, because consumer information is stored with a unique password. (Of course, it depends on whether parents keep the password and/or their credit cards hidden safely away!)
The company also provides the user with information regarding a site's privacy policy, keeping the consumer aware of which sites allow information to be passed on. The consumer indicates their own rules for acceptable privacy levels when they set up their wallets. Whenever a site is contacted that has a different privacy level than desired, a copy of the privacy policy pops up highlighting the differences. The user can then determine whether they want to continue the visit or cancel the transfer of information.
According to Nathaniel McNamara, director of business development for PrivacyBank.com, there are additional benefits to being a PrivacyBank.com vender. He says the link is "especially attractive to portal developers because they can build knowledge about their users and extend service to the consumer at the point of sale." You can track "stickiness" just by adding their "Launch Drag 'N Fill" link in your HTML
source.
In other words, you can get to know more about the user's preferences. Any portals selling advertising can find out how many visitors actually purchased products or services from that advertiser, providing them with details of conversion rates. PrivacyBank.com is currently providing free access for businesses and licensing their technology to portals.
Internet start-up Enonymous Corp. (www.enonymous.com) has just launched its own attack against web user's privacy fears with a three-pronged approach. First, Enonymous lets the consumer know whether the sites meet their stringent privacy standards of passing along consumer information. The company drew fire when it rated the privacy standards for 10,000 top web sites. It found that very few sites met their four star standard, with some pretty big names like Amazon.com, American Express and Microsoft, getting low ratings for not protecting their customers' information.
With Enonymous, users can anonymously surf the web and make transactions using its'automatic form fill-in. Enonymous keeps credit card numbers hidden with a code, so that, just like PrivacyBank.com, security is dependent on the consumer.
Third, the company will roll out a "profile" allowing companies to target promotions and offers to interested consumers. So, if you are promoting a new game or special prize, you can target information to an eager audience. Of course, you will never be given the names of those customers, just information quantifying your target audience.
Novell's contribution to the market, "digitalme" (www.digitalme.com) claims to put the user in control of their personal information. This is a free online service developing a philosophy of "meBusiness". "The digitalme technology is targeted toward e-businesses, including portals, ASPs/ISPs and retail companies that want to enable their customers to control their identities on the Web and enjoy conveniences such as single-click buying," say company officials. So far, Novell has developed partnerships with twelve companies, with hopes of attracting more soon.
The service begins by having users fill out a master list of contacts and personal data into the "myinfo" area. Then it can customize information for various individuals, giving out only as much information as
users choose. Other features include automatic form fill-in, password storage and privacy policy checks. They also offer some integration with Palm Pilots for people on the go.
The products discussed here are only a sample of what's available. Companies such as Microsoft, IBM and PrivaSeek also make products, as do many other companies. Of course, all of these products also have
drawbacks. Various industry writers have concerns about how effectively these products protect the consumer.
There are also products available to help detect credit card fraud, such as eFalcon. "While a number of security solutions are available on the Internet today, no existing risk management solution has been adequate to review transactions on anything other than outdated rule-based systems that require human involvement. eFalcon represents the natural evolution of this process, and will give our customers the most sophisticated fraud detection capability in the industry," said Nancy Goldberg, executive vice president,
CyberCash, an eFalcon partner.
But, Is It Really Enough?
How useful are these products really? "For the casual person with nothing to hide, no problem, these can be helpful," Todd Martin of Global Internet Gaming Inc. said. He cautioned, however, that you need to have an effective firewall. He added, "It depends on how determined and how knowledgeable a hacker is to determine how safe information really is."
Martin pointed out that, with Y2K looming, a talented hacker could siphon funds from a bank. He used the following example: Suppose you don't have tight enough security for your site and it leaks out that the president of that bank is an online gaming customer of yours. This could lead to what Martin called "an uncertain attribution of loss of funds." Your customer could be in hot water and your company's name gets dragged along through the headlines too.
So, how do you maintain privacy from your end? There are encryption programs, like Pretty Good Privacy (www.nai.com), various firewalls and other network security programs. Here again, there are numerous products available. The U.S. government's stance against the exporting of encryption tools
makes it more difficult for many sites to obtain really powerful 128-key encryption.
However, a simple search of the Internet will lead you to a variety of pages giving access to encryption codes. Arnold Reinhold even lists some of these sources in his briefing paper, "Strong Cryptography: The Global tide of Change", which was recently released by the Cato Institute. The paper covers information available at several sites, including www.4encryption.com. Practical consideration is also given to hackers and Internet security issues in Jim McGeahy's "Security Challenges to Internet Gambling" chapter of the recently released Internet Gambling Report III.
As it stands in 1999, dubbed the "Year of the E-Wallet" by one Internet commerce writer, the e-commerce industry is forced to deal with customers' privacy concerns. Proactive business owners are working to prevent future business losses. It seems inevitable that legislation will be enacted to protect consumers' Internet transactions. Maybe the US government will even loosen its stance against the exportation of powerful encryption tools. Only time will tell.