Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/26/2007
09:35 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Wooing the Gun-Shy Shopper

With online counterfeit goods on the rise, some e-commerce sites guarantee sales with bonded transactions

High-end retailers Tiffany & Co., Louis Vuitton, and Christian Dior Couture are suing eBay for allegedly hosting merchants or individuals who sell counterfeits of their luxury products on the popular auction site. Phony pharmaceuticals posing as legitimate cancer or AIDS drugs, for instance, are on the rise online, putting patients at risk health-wise as well as financially.

It's no wonder there's still an elusive chunk of Internet users -- 50 percent by some accounts -- who still just don't shop online for one reason or another, whether it's for security and privacy concerns or an affinity for touching, feeling, and trying on merchandise in the store.

Counterfeit goods account for $600 billion a year in both online and offline sales worldwide, says Jeff Grass, CEO of BuySafe, citing estimates form the International Anti-Counterfeiting Coalition. "The problem is getting worse and worse online." One reason for the increase in online fraud is it's difficult for authorities to detect and catch the bad guys who sell knockoff Louis Vuitton bags as the real thing, he says, or try to pass off their cheaper drugs as legit.

"It's easy to dupe buyers online and mug someone from thousands of miles away," he says.

BuySafe offers a "vetting" and bonding service for merchants on eBay and Overstock.com, and it recently added a similar offering for e-commerce sites that don't have the name recognition of a brick-and-mortar retailer. BuySafe screens and validates the identity of the seller, its financial strength and credibility, and credit information. Plus it financially guarantees the consumer's transaction (up to $25,000) with a surety bond with the backing of firms like Liberty Mutual and Travelers. "This protects shoppers from risks. It guarantees all forms of sale and ensures it's authentic and accurately described. If not, we guarantee a refund and return policies that the merchant has promised," Grass says.

How does this differ from the Better Business Bureau Online seal popping up on e-commerce sites? "With BBB, if something goes wrong, you can file a complaint, but that's where it ends," he says.

Meanwhile, Internet fraud overall hasn't shown much sign of improvement. Online auction fraud accounted for nearly half the complaints filed with the FBI's Internet Crime Complaint Center, according to the IC3's recently released annual report for 2006. Undelivered merchandise and payment fraud came next, with about 19 percent of the complaints filed with the IC3. According to the FBI report, 44.9 percent of the crime complaints were Internet auction fraud-related, but that's actually a 28.4 percent decrease from 2005. Nearly 20 percent of the complaints were merchandise that was never delivered, up 21 percent from 2005.

And in retail, perception matters -- a lot -- especially when it comes to buying something sight unseen online with your credit card. So some e-commerce firms are adding BuySafe's seal to the VeriSign or Comodo SSL, Better Business Bureau (BBB) Online, and HackerSafe logos on their Websites.

"We aren't exactly a household name," says Dean Bellone, president of Compsource, an online computer hardware and software merchant that recently added the BuySafe seal. "I've been told it's more of a peace of mind issue for a consumer who wouldn't normally purchase from us, but from Best Buy or CompUSA. Now they've got a comfort level to" shop on our site.

Compsource initially acquired a Better Business Bureau Online seal and has a Comodo SSL seal as well for encrypted transactions, so Bellone says he was skeptical at first whether it was necessary to slap on a BuySafe seal, too. "I was a tough sell on their part. How much is enough? When are you going to start confusing the consumer" with all these seals.

"BuySafe gives the user peace of mind that if there are issues, we agree we will follow our stated policies. If not, BuySafe will steer us in that direction," he says. Compsource uses BuySafe's pay-as-you-go option, where consumers can opt for the bonded transaction for an extra 2 to 4 percent on their bill (Compsource doesn't pay anything). So far, the e-commerce site is only executing two to five bonded transactions per day out of its overall average of 40 to 70 transactions, but it's still early in the implementation, he says.

GemAffair guarantees/bonds all of its fine jewelry transactions with BuySafe, rather than having customers opt in. The e-commerce site pays BuySafe 1/2 to 1 percent per transaction for the service. "Trust in a transaction is essential," says Michael Jansma, who owns and runs the Egems site. Jansma also has a BBB Online seal. "BBB basically facilitates communication between buyers and sellers."

Jansma, whose site did 66,000 transactions last year, says he doesn't bother with VeriSign or HackerSafe, however. "I think they give consumers a false sense of security."

Whether any of these labels really mean much in the end is debatable, says Eric Cole, CEO and principal security consultant for Secure Anchor, author of Hackers Beware, and a former CIA technologist. BuySafe will help consumers shopping online, he says. But "what does it really mean? If a consumer has no clue what the ribbon means, it's not going to help those companies focused on getting more business."

"And how do these [certification] companies actually and reliably track who is claiming to have a certification?" Fraudsters could post fake seals on their sites to dupe consumers, he notes. "What stops me from copying that little JPEG and posting it on my Website and saying I'm VeriSign or TruSecure[Cybertrust-approved]?" How they enforce this so the seal's value doesn't get compromised by fraudsters is also unclear, he says.

BuySafe's Grass says so far he hasn't officially reached out to VeriSign, Comodo, ControlScan, ScanAlert, or other site labels, but they would be a "natural partnership."

"They are addressing a different issue -- making sure your data is safe," he says. "That's not what we're doing. Our approach is [ensuring] your merchant is reliable, trustworthy, and stable."

Grass, whose company has e-commerce clients the sizes of $10,000 to $120 million per year in revenues, says if there are any confirmed complaints about a BuySafe merchant, they remove the certification and warn affected buyers.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Comodo Group
  • eBay Inc. (Nasdaq: EBAY)
  • TruSecure Corp.
  • VeriSign Inc. (Nasdaq: VRSN)
  • buySAFE Inc.
  • ScanAlert Inc.
  • ControlScan

  • Secure-Anchor Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-29370
    PUBLISHED: 2021-04-13
    A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
    CVE-2021-3460
    PUBLISHED: 2021-04-13
    The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
    CVE-2021-3462
    PUBLISHED: 2021-04-13
    A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
    CVE-2021-3463
    PUBLISHED: 2021-04-13
    A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
    CVE-2021-3471
    PUBLISHED: 2021-04-13
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.