LAS VEGAS -- Software is just that: soft.
When it comes to securing e-commerce Web site data, one expert at Comdex Fall 2001 said the only way to do it without some degree of risk is with software and hardware, and that means making buyers responsible for part of the process.
Leedor Agam, vice president of Aladdin Knowledge Systems in Arlington Heights, Ill., said not only are hackers more sophisticated than ever, but even someone with no hacking skill and a sharp mind can get also past security software.
"You should never treat a Web server as a secure environment," Agam said. "If you have only a firewall in front of it, that's not enough."
Agam said customers must take responsibility for keeping their information safe by complimenting an e-commerce company's software with hardware like plug-and-play smart cards, which use public key infrastructure (PKI) technology to verify users' identities.
The best way to do that, he said, is if e-commerce companies enlist service providers to help introduce users to PKI and smart cards. If such partnerships manifest in the near future, Shah said when customers sign up with an ISP, they may receive smart cards as part of their basic service.
"Many e-commerce companies are willing to take chances," Agam said, because it is often cheaper to augment an existing insurance policy to cover stolen customer data than implement better security systems.
The crux
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
of the problem lies in user authentication, Agam said. And that is not a problem solved by software. Agam said only in business-to-business transactions can buyers and sellers be sure of each other's identities. In business-to-consumer and consumer-to-consumer transactions (such as online auctions), user authentication typically depends on a username and password, which can be stolen.
Would customers be willing to add another step to their online purchasing routine, plus keep track of a smart card? Kurt Schlinder, an employee with clothing maker Lands End, Inc. in Wisconsin, said ease of use would be essential. He said smart cards would only catch on if they were integrated into end users' computers or peripherals.
Agam admitted that user behavior issues could thwart widespread use of smart cards, but said the latest smart cards are easier to use than ever because they can be plugged into an end-user's USB port.
FOR MORE INFORMATION:
searchSecurity has the Best Web Links for securing e-commerce
Talk to your peers inside searchSecurity's anonymous Discussion Forums
CLICK for other articles by Eric B. Parizo