Banking online is becoming a reality and, so is mobile commerce, with the IDC predicting that 150 million people will use the Internet to transact by 2003. But one of the main stumbling blocks to its uptake remains the concerns of security, especially from credit card holders.
Chris Steyn, managing director of financial services at NamITech, the IT arm of the JSE Securities Exchange-listed Nampak group, said the threat of "spoofing" Web sites does exist.
Spoofing is when a Web site is set-up to look like another Web site, leading customers to believe that they are dealing with their bank or trading partner. Meanwhile, they are transacting with a spoofed site masquerading as the genuine site.
Commenting further, Steyn said the ability to be able to irrefutably prove that a transaction was conducted over the Internet is at the heart of Internet banking. "If a client orders shares through a broker and he fulfils the order, only to be subsequently told by client that he did not place the trade, this could prove to be a problem. The broker therefore needs to be able to prove that the buyer did in fact place the order. Non-repudiation can be achieved by using digital certificate issued by a reputable certification authority (CA) such as VeriSign.
"With a server side digital certificate issued to a particular organisation`s Web server one can verify the authenticity of the Web site. The proposed e-commerce bill, which is presently under scrutiny by Parliament, will establish a legal framework for e-commerce in this country. This bill will support the use of digital certificates in the framework of electronic communications and transactions."
Steyn said NamITech is "keenly focused on providing the marketplace with end-to-end secure transaction solutions". "We recently acquired SACA, the African affiliate for global leader VeriSign. What we do," he said, "is advise our clients to make use of the VeriSign Secure Site Seal, whereby any user coming to the site will be able to verify the authenticity of the Web site by clicking on the logo which gives the user all the security advice he or she would require, as well as verifying that the site is authentic.
"It is really an educational programme available to all server certificate clients - and we urge them to make use of it. The public needs to be educated about the risks inherent in online banking. Banks, and other companies going online, often concentrate mainly on security encryption, forgetting to educate their potential customers about the pitfalls of trading online."
"While it is important for customers to be able to identify if they are entering an authentic Web site, banks also have to be able to make sure that they are dealing with a real customer - and they must be able to properly identify each and every customer. If not, they can fall victim to a serious hack. Privacy is, of course, another issue - but it is actually secondary to the need to identify the authenticity of Web sites and those people who wish to enter into these Web sites."
Share