Power Pay

As the 2006 holiday season looms, retailers consider bypassing credit cards in favor of more secure online payment options

Tim Wilson, Editor in Chief, Dark Reading, Contributor

October 13, 2006

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Online purchasing showed double-digit growth last holiday season, for the third straight year. But one trend got lost in all the excitement: 30 percent of consumers actually decreased their online shopping, citing concerns about Internet security.

As they gear up for another big shopping season, retailers are searching for ways to get that 30 percent back. And one of their chief weapons will be online payment systems that don't require customers to type a credit card number into a retailer's online system.

"With the continued growth of identity theft, credit card fraud, and phishing scams, security on the Internet is more important than ever," says John Rogers, founder, chairman, and CEO of Pay By Touch, an online payment service. Working with UPEK, a vendor that makes a USB-capable fingerprint sensor, Pay By Touch earlier this week unveiled TrueMe, a biometric authentication service that lets users protect payments with a fingerprint.

Other experts agreed. "There is a strong perception out there that credit cards are not secure," says Marwan Forzley, president and CEO of MODAsolutions, which offers Secure-eBill, a service that helps consumers make retail purchases through their online banking systems.

Statistics support this conclusion. According to the Business Software Alliance, 38 percent of consumers who shopped online during the 2005 holiday season said they spent more than the year before -- but 30 percent said they spent less, citing concerns about credit card fraud, identity theft, and spyware. A June report by Javelin Strategy & Research says that 79 percent of consumers would buy more online if they had a more secure payment system. And Gartner and Jupiter Research estimate that there are still 80 million Internet users who don't buy anything online, many of them concerned about security issues.

"A substantial number of shoppers are still wary about e-commerce safety," says Diane Smiroldo, vice president of public affairs at BSA.

With so many potential sales at stake, it's not surprising that retailers -- and the technology vendors that supply them -- are experimenting with new, more secure methods of enabling consumers to pay online. One of the most novel approaches is TrueMe, a service that enables consumers and business users to verify their identities with a fingerprint before giving authorization for payment.

Using Pay By Touch's finger sensor -- which is already built into PCs such as Lenovo's -- or UPEK's finger sensor, which can be added via a simple USB connection, Pay By Touch is offering a service that lets retailers, banks, or businesses authenticate their regular users with a second, biometric factor. Information about the user is encrypted with the fingerprint, ensuring that only authorized users can initiate a payment, the companies say.

Retailers that are less cutting-edge are now accepting payments from a variety of other alternative payment systems. One of the best-known is PayPal, a service acquired by eBay last year. PayPal stores the user's bank account and credit card information in a single, secure account, then acts as a proxy for paying retailers or auction sellers online, without giving out one's account data to the recipient.

With Secure-eBill, MODA Solutions is doing PayPal one better, according to Forzley. Instead of paying online, the Secure-eBill service lets customers make a purchase and then get an online invoice, just as they would from their phone company or gas utility, he explains. Then the consumer can pay the bill using any online banking service, eliminating the need to put any account information out on the Web.

"For consumers, it's all about trust," Forzley says. "We think consumers trust their banks more than any retailer or online service."

Retailers that have tested Secure-eBill say it works. Big Al's Online, which sells supplies for aquatic hobbyists, has increased its customer base by 39 percent since adding Secure-eBill to its site, according to Dan Hamilton, director of e-commerce at the company. "Repeat order rates also have exceeded expectations."

Yet another company, Bill Me Later, essentially extends an automatic line of credit, enabling the consumer to make purchases online without giving out any credit card or bank account information. Bill Me Later uses online credit reports to authorize payments up to a certain level, basically giving the user a loan to make an online purchase. If the user fails to pay for the purchase on time, the service may be declined for subsequent purchases.

Use of alternative payment services is still nascent, as most purchases are still made through credit cards, experts say. Forzley says Secure-eBill only accounts for about 10 percent of the purchases made on its retailers' sites so far, but he expects that figure to increase.

None of these services is foolproof, however. PayPal already has seen a number of phishing scams, and others could be penetrated if an identity thief had the right information, critics say.

Still, the new systems may be more secure than asking users to input their credit card information. "Retailers want to increase their business online," Forzley says. "Alternative payment services are a proven way to do that."

— Tim Wilson, Site Editor, Dark Reading

About the Author

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights