Wooing the Gun-Shy Shopper

With online counterfeit goods on the rise, some e-commerce sites guarantee sales with bonded transactions

High-end retailers Tiffany & Co., Louis Vuitton, and Christian Dior Couture are suing eBay for allegedly hosting merchants or individuals who sell counterfeits of their luxury products on the popular auction site. Phony pharmaceuticals posing as legitimate cancer or AIDS drugs, for instance, are on the rise online, putting patients at risk health-wise as well as financially.

It's no wonder there's still an elusive chunk of Internet users -- 50 percent by some accounts -- who still just don't shop online for one reason or another, whether it's for security and privacy concerns or an affinity for touching, feeling, and trying on merchandise in the store.

Counterfeit goods account for $600 billion a year in both online and offline sales worldwide, says Jeff Grass, CEO of BuySafe, citing estimates form the International Anti-Counterfeiting Coalition. "The problem is getting worse and worse online." One reason for the increase in online fraud is it's difficult for authorities to detect and catch the bad guys who sell knockoff Louis Vuitton bags as the real thing, he says, or try to pass off their cheaper drugs as legit.

"It's easy to dupe buyers online and mug someone from thousands of miles away," he says.

BuySafe offers a "vetting" and bonding service for merchants on eBay and Overstock.com, and it recently added a similar offering for e-commerce sites that don't have the name recognition of a brick-and-mortar retailer. BuySafe screens and validates the identity of the seller, its financial strength and credibility, and credit information. Plus it financially guarantees the consumer's transaction (up to $25,000) with a surety bond with the backing of firms like Liberty Mutual and Travelers. "This protects shoppers from risks. It guarantees all forms of sale and ensures it's authentic and accurately described. If not, we guarantee a refund and return policies that the merchant has promised," Grass says.

How does this differ from the Better Business Bureau Online seal popping up on e-commerce sites? "With BBB, if something goes wrong, you can file a complaint, but that's where it ends," he says.

Meanwhile, Internet fraud overall hasn't shown much sign of improvement. Online auction fraud accounted for nearly half the complaints filed with the FBI's Internet Crime Complaint Center, according to the IC3's recently released annual report for 2006. Undelivered merchandise and payment fraud came next, with about 19 percent of the complaints filed with the IC3. According to the FBI report, 44.9 percent of the crime complaints were Internet auction fraud-related, but that's actually a 28.4 percent decrease from 2005. Nearly 20 percent of the complaints were merchandise that was never delivered, up 21 percent from 2005.

And in retail, perception matters -- a lot -- especially when it comes to buying something sight unseen online with your credit card. So some e-commerce firms are adding BuySafe's seal to the VeriSign or Comodo SSL, Better Business Bureau (BBB) Online, and HackerSafe logos on their Websites.

"We aren't exactly a household name," says Dean Bellone, president of Compsource, an online computer hardware and software merchant that recently added the BuySafe seal. "I've been told it's more of a peace of mind issue for a consumer who wouldn't normally purchase from us, but from Best Buy or CompUSA. Now they've got a comfort level to" shop on our site.

Compsource initially acquired a Better Business Bureau Online seal and has a Comodo SSL seal as well for encrypted transactions, so Bellone says he was skeptical at first whether it was necessary to slap on a BuySafe seal, too. "I was a tough sell on their part. How much is enough? When are you going to start confusing the consumer" with all these seals.

"BuySafe gives the user peace of mind that if there are issues, we agree we will follow our stated policies. If not, BuySafe will steer us in that direction," he says. Compsource uses BuySafe's pay-as-you-go option, where consumers can opt for the bonded transaction for an extra 2 to 4 percent on their bill (Compsource doesn't pay anything). So far, the e-commerce site is only executing two to five bonded transactions per day out of its overall average of 40 to 70 transactions, but it's still early in the implementation, he says.

GemAffair guarantees/bonds all of its fine jewelry transactions with BuySafe, rather than having customers opt in. The e-commerce site pays BuySafe 1/2 to 1 percent per transaction for the service. "Trust in a transaction is essential," says Michael Jansma, who owns and runs the Egems site. Jansma also has a BBB Online seal. "BBB basically facilitates communication between buyers and sellers."

Jansma, whose site did 66,000 transactions last year, says he doesn't bother with VeriSign or HackerSafe, however. "I think they give consumers a false sense of security."

Whether any of these labels really mean much in the end is debatable, says Eric Cole, CEO and principal security consultant for Secure Anchor, author of Hackers Beware, and a former CIA technologist. BuySafe will help consumers shopping online, he says. But "what does it really mean? If a consumer has no clue what the ribbon means, it's not going to help those companies focused on getting more business."

"And how do these [certification] companies actually and reliably track who is claiming to have a certification?" Fraudsters could post fake seals on their sites to dupe consumers, he notes. "What stops me from copying that little JPEG and posting it on my Website and saying I'm VeriSign or TruSecure[Cybertrust-approved]?" How they enforce this so the seal's value doesn't get compromised by fraudsters is also unclear, he says.

BuySafe's Grass says so far he hasn't officially reached out to VeriSign, Comodo, ControlScan, ScanAlert, or other site labels, but they would be a "natural partnership."

"They are addressing a different issue -- making sure your data is safe," he says. "That's not what we're doing. Our approach is [ensuring] your merchant is reliable, trustworthy, and stable."

Grass, whose company has e-commerce clients the sizes of $10,000 to $120 million per year in revenues, says if there are any confirmed complaints about a BuySafe merchant, they remove the certification and warn affected buyers.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights