Security News > 2000 > December > Egghead.com Guilty as Charged Says Tripeze.com CEO

Egghead.com Guilty as Charged Says Tripeze.com CEO
2000-12-28 22:54

http://www.internetnews.com/intl-news/article/0,,6_546751,00.html By Carolyn Heinze December 28, 2000 [Calgary, ALBERTA] According to Paul Verhoeff, the key to escaping credit card-related security breaches online is simply for e-commerce Web sites to avoid storing credit card numbers. The chief executive officer of Alberta's Tripeze.com, an online travel-booking firm, offered this advice in the wake of e-tailer Egghead.com's security disaster. Just three days before Christmas, the California-based dealer of electronics products for small to mid-sized businesses announced that a hacker had broken into its system, potentially stealing information from approximately 3.6 million credits cards belonging to Egghead.com customers. The hacker could have gained access to this sensitive financial info because Egghead allows its customers to store their credit card numbers on its site in order to alleviate the inconvenience of re-typing credit card information each time they wish to make a purchase. Egghead has enlisted the services of Internet security consultants to investigate the breach. "If more e-commerce companies followed Tripeze.com's lead and did not keep their customers' credit card numbers on file, they could avoid the turmoil that last week's hacker attack on Egghead.com has created for millions of its clients," Verhoeff said. "We believe Tripeze.com has some of the most sophisticated security systems in the world, but because no system can be guaranteed foolproof, we consider it essential to take the further step of not retaining customers' credit card numbers. We urge other e-tailers - including our travel industry competitors - to adopt a similar policy for maximum protection of the traveling consumer." This holiday season, most major credit card companies introduced a 'zero liability' program that eliminates all liability for cardholders who experience credit card fraud as a result of Internet purchases. The programs were launched as a way to boost consumer confidence in shopping online - - something conservative Canadian shoppers are very much in need of. According to statistics, almost 75 percent of Canadian consumers are wary of shopping online because they are afraid to divulge their credit card information. These fears were bolstered earlier this month when it was discovered that a 20 year-old man in Moncton, NB, was operating a Web site that fraudulently advertised the sale of almost impossible-to-acquire Sony Playstation 2 units. Before authorities were able to shut the site down, Scott Frederick Byers had conned over $400,000 (CDN) out of 2,500 unwitting holiday shoppers. As fast as hackers are cracking security codes, however, credit card companies and banks are endeavoring to make online shopping safer. The Canadian Imperial Bank of Commerce (CIBC) recently released one-use Visa credit cards specifically designed for making Internet purchases, mimicking American Express' one-use card that was rolled out in the U.S. earlier this season. Both companies maintain that consumer response to the initiative has been positive. Still, Verhoeff emphasizes the need for e-commerce Web sites to forsake convenience in some areas in the name of higher security. "Having to type in their credit card numbers each time they buy something online is a minor inconvenience for consumers, but one that is well worth it to guard against hackers," he said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".


News URL

http://www.internetnews.com/intl-news/article/0,,6_546751,00.html