People are coming up with ever more ingenious ways to transfer money safely via computer. David Bowen reports
The growth of online shopping is held back by two fears: that sensitive information can fall into the wrong hands, and that it is hard for retailers to tell whether the person sending a message is who he or she says.

The problem of authentication is the big concern for the seller. Not surprisingly, customers are more bothered that their credit card numbers might be snaffled; the abundance of hacking stories does little to increase their confidence.

The Internet is seen as particularly insecure. Private online services are deemed safer as they are more rigorously controlled. ComuServe's Electronic Mall relies on users punching in their creidt card details - and there has been no subsequent outbreak of crim. That is why Tesco, Virgin and WH Smith are sticking to CompuServe. When Microsoft launches its online Network this summer, we can expect to see other retailers putting their online faith in Bil Gates.

Some feel the online services will have such an edge in the commercial field that the Internet will fade into the background. But many are defending the Net, devising ever more ingenious ways of transferring money.

Companies with names such as First Bank of the Internet, First Virtual Holdings and CyberCash have spring up, offering their own solutions to the problem, while Internet service providers and those working on "browser' software for the World Wide Web have come up with ideas of their own. At some point, everyone agrees, either real money or a credit or debit card must be handed over. But there is a division between those who believe it can be sent across the Net and those who do not.

In the US a retailer may ask for credit card details, and chances are the transaction will be secure. That is because the company is using a code, the best known of which is the RSA public key encryption system: this means messages can be scrambled, then decoded only by the computer for which they are meant. The system works best with a Netscape World Wide Web browser. Before starting out, shoppers select "secure" mode - a picture of a complete key appears on the screen as confirmation.

The trouble is, the US government will not allow the more secure versions of this technology to be exported, and only one British company has developed its own version. It is called MarketNet, and its chief executive is a Birmingham councillor, John Hemming. The system works the same way as the US one; anyone with a Netscape browser just checks that the key is unbroken before entrusting credit card details to the Net. Mr Hemming says the system uses the "equivalent of a PIN code with 150 digits". MarketNet has a flower and chocolate delivery service, and an insurance quotation system. It also plans a banking service.

Other UK retailers avoid asking for sensitive information. Sainsbury will take the order for wine on the World Wide Web, and then ask for your telephone number. It will then ring back to complete the transaction. Innovations, the catalogue company, simply displays a telephone number and code above a description of the product.

Other systems work on line but use various devices to keep the credit card number off the Net. DigiCash, which pioneered the concept of e-cash, has been holding trials for months, offering $100 (pounds 63) in "virtual" money to anyone who wants it.

You are issued DigiCash in the form of "virtual bank notes", which are actually serial numbers. To buy something, you type a serial number into the electronic order form and that "note" is spent. Even if a miscreant managed to divert it, DigiCash says, the amount you lose is limited.

When the system goes live, you will hold a DigiCash bank account, which you will top up with "real" money, and which then issues you with notes to the same value. But so far the company has stayed in trial mode, suggesting there are still bugs.

Easynet, the London-based service provider behind the Cyberia cafes, is working on a system that it believes will be very secure. A 24-year- old Frenchman, Thibault Jamme, offered the company his idea a year ago, and has been on the staff refining it ever since.

The system is based round an intermediary institution, the Hall of Commerce, which is an authorising agency for vendors and an account holder for customers. The Hall is in fact a software package that Easynet hopes to license to other operators.

The system is based on a triangle of customer, seller and the Hall of Commerce. Customer and seller communicate across the Internet, but talk to the Hall by conventional means.

To sign up, you ring the operator (who runs the Hall) and receive an account. You ask for a certain amount of your credit card limit to be reserved each week; this is authorised in the usual way. An electronic "cheque book" and PIN are then separately issued. The cheque book is a floppy disk that displays electronic "cheques" on your computer screen.

You then go shopping in the electronic mall run by the Hall of Commerce and fill in an order form for your purchase. Switch to the payment program, insert the disk and fill it in as you would a cheque, with the addition of your PIN. When the program sees the correct PIN has been keyed in alongside an authorised cheque number, the payment is cleared and the order is sent. Everything is done locally, on your computer; neither the PIN or cheque number is sent across the Net.

Comments