Ecommerce players put muscle into security

Addressing a rise in identity theft and phishing attacks, a panel of security experts discussed on Friday the steps their companies are taking to bolster consumer confidence in online commerce and prepare for the challenges that lie ahead.

The panel, including security experts from e-commerce sites and online banks, outlined their predictions and opinions at the RSA Conference 2005 in San Francisco. Earlier this week, a survey by RSA Security found that one-quarter of online shoppers have reduced purchases in the past year as identity theft has risen.

And businesses that cater to online consumers are taking note and developing plans.

Adam Joffe, chief technology officer for Sony Online Entertainment, said: "We want to add significantly more protection for our users and are looking at stronger authentication for passwords."

Joffe noted that Sony's online-gaming customers not only subscribe to the service but will also engage in ecommerce. As a result, customers logging on to Sony's gaming site share sensitive personal information with the entertainment giant.

Kurt Van Etten, eBay's security programme director, said the auction giant has employed other strategies, ranging from an escrow service to a PayPal buyer protection programme to a security centre, said.

"If a consumer doesn't trust email at all, then it inhibits our ability to communicate with them," Van Etten said. "And if they're not comfortable using credit cards online, then that will affect our business. For us, this is a trust issue."

The challenges in resolving that issue are high.

Joe Raymond, chief architect of web optimisation for Etrade, said that malicious attackers, for example, will continually evolve their techniques as technology solutions are developed to thwart them.

And as the industry turns to adopting a federated approach, in which one password onto a company's site will grant others access without requiring someone to re-enter the information, the stakes may be high for consumers.

Richard Parry, consumer fraud risk management director for J.P. Morgan Chase, said: "The problem with federation is you're putting a lot of eggs in one basket, with a single point of failure."

He cautioned that a failure in the federation approach could greatly damage consumer confidence.

But if online merchants and banks make it too difficult for consumers to use greater security measures, it reduces the prospect that the consumer will make the effort, Parry said.

He noted that consumers usually would not make the effort because they do not have any "skin in the game", since merchants and banks are typically the ones to absorb the losses if a transaction is bogus.

Dawn Kawamoto writes for CNET News.com.