Do you feel safe when you shop online? 

By Dawn Wiseman

Raul Valverde on eCommerce safety. Magnifying glass

Raul Valverde on eCommerce safety.

The U.S. Census Bureau reports that U.S. retail eCommerce sales for the second quarter of 2008 totaled $34.6 billion (U.S.), an increase of more than 9% over the same period in 2007, while total retail sales increased by only 2.5%.

At home, Statistics Canada reports that, “Online sales increased at a double-digit pace for the sixth consecutive year in 2007. Total private and public sector Internet sales hit an estimated $62.7 billion, up 26% from 2006.”

While these figures still represent a relatively small percentage of the retail market, the numbers are staggering. eCommerce is big business.

But, as Raul Valverde (Decision Sciences/ Management Information Systems) explained, eCommerce represents some serious security concerns for both the customer and the merchant.

It all boils down to questions of knowing who you’re actually dealing with.

“Credit cards, the primary payment system for online transactions, are really designed to be used face-to-face,” he said. In electronic purchasing there are very few ways for the merchant to be certain the credit card is being used by its owner, and no way for the purchaser to be sure their private information will not be disclosed by the merchant to a third party.

“Most eCommerce sites have stated privacy policies that explain how your personal information is securely held,” he said, adding that “the reality is that spam is increasing and is probably related to the sale of email addresses.”

While some measures like PayPal and Verified by Visa are gaining credibility, Valverde believes the future lies in current research linking credit and debit cards to biometric measures (such as iris scans or fingerprints), or personal devices.

“There is some talk of using cell phones as a payment system,” he said. And this could potentially provide everyone with an added sense of security.

“Customers would swipe a card in their phone and verify with a PIN, providing double authentication to the merchant,” explained Valverde, “At the same time, because they are inserting information into a personal device – instead of a computer or merchant key pad – the vendor would never have access to the customer’s PIN.”


Concordia University