14.3  THE CHECK IS IN THE (E)-MAIL


But are *you* going to buy something over the Internet?  For all the hype 
over small florists getting international orders over the Internet, one 
has to wonder whether these storefronts will ultimately prove more 
successful than the ones that have long been present on commercial 
networks such as CompuServe and Prodigy. Are you going to entrust your 
credit-card number to the Internet, a network on which security concerns 
have made front-page news more than once? 

Some electronic merchants say that sending your credit-card number over 
the Internet is really no more risky than handing it over to a clerk in a 
department store. Their argument is base on security through obscurity -- 
there are so many e-mail messages pouring through the Internet each day 
that it would be virtually impossible for a hacker to find the ones 
containing credit-card information.

Others, however, are more wary -- as are their potential customers. 
Merchants also want some assurances that the person making an order 
really is who she says she is.  Internet e-mail is simply ASCII text, and 
while the sheer volume of it these days would make it difficult to find 
specific messages, one should never underestimate the ability of a 
harcker with a computer to find a needle in a haystack (i.e., one credit 
card number out of thousands of messages).

As you might expect, a number of companies are working on making the 
Internet safe for business. CommerceNet, a joint venture between the U.S. 
government and companies in California's Silicon Valley, has developed a 
system based on encryption.  When you fill out an online order form, it 
is encoded in such a way that only the merchant you're sending it to can 
de-code it -- and inside will be your unique "digital signature," proving 
you are, in fact, you. 

But this approach relies on you having a special piece of software on 
your computer to encrypt the order form.  Netscape's World-Wide Web 
browser is the first to incorporate this software (that's what the little 
broken key in the lower left hand corner is for), but other companies 
that sell Web browsers will be adding it over the next few months. 

The basic way it works relies on a technique known as public-key 
encryption.  In this system, the merchant has a public key, or 
mathematical formula, that can be used to encrypt messages meant for him.  
Anybody can use this key, but only the merchant has the private key that 
can open up the message.  Now you can fill out an online order form and 
include your credit-card number -- and be assured that nobody can 

But some argue this sort of technique would impede impulse purchase
(surely a right enshrined in the U.S. 
Constitution), because you need the right software to handle the 
encryption on your computer.

So other companies are working on the online equivalent of credit cards 
good at participating merchants.  First, you apply for an account with 
one of these companies the old-fashioned way -- by telephone or postal 
mail. 
      
Then, when you connect to a participating merchant and submit an order, 
the merchant's computer sends a message to the "credit card" computer.  
That computer then sends a message to you, asking you to confirm the 
order.  One company's computer will even ask you to answer a question 
only you could answer (such as your mother's maiden name or your dog's 
name). Assuming you answer affirmatively, the transaction is then 
completed. 

A third approach involves an attempt to create an electronic equivalent 
of cold, hard cash.  Proponents say one of the problems with the first 
two approaches is that somebody, somewhere, is keeping track of who you 
are and what you buy. Instead, in an approach developed by a Dutch 
company called DigiCash, your bank essentially lets you withdraw funds 
into a digital account that sits on your personal computer.  Then when 
you enter an online store that accepts this digital money, you can pay 
them with these funds.

This approach, like the cryptography one, requires special software 
(which creates your "digital signature"), as well as an account with a 
participating bank.

Now proponents of the last two methods argue that, ultimately, the bulk 
of Internet business will center not on big-ticket items such as 
computers or cars, but on information.  Right now, information for sale 
tends to be very expensive and sold on the basis of high hourly rates.  
With the potential mass market represented by the Internet, though, 
people with information to sell might find it more lucrative to lower 
their rates and go for volume.  With an all electronic system, it might 
become possible, say, to sell information for a small per-article or per-
search charge.

Over the next year or so, you'll see all three types of systems become 
more common in online stores. Expect some confusion as merchants and 
users try to figure out which system to use.