Be careful when your money world goes online

IF YOU OWN a computer, odds are you don't use it for financial transactions. Only a tiny fraction of us are shopping, investing or banking on line. What transactions there are tend to be over private lines rather than over the Internet.

All that is going to change. The Net supported an estimated $200 million in commerce last year. Five years from now, that's going to look like pocket change. Already, there's a bank that exists entirely on line: Security First Network Bank ( -- and it offers attractively high rates on certificates of deposit.


Two problems held Net commerce back: access and security. Both are rapidly being solved.

The World Wide Web created access, by organizing vendors into storefronts with addresses. To locate a product or service, you go through a Web "browser," such as Netscape Navigator or Microsoft Internet Explorer. They've made it possible to have electronic Yellow Pages. You can ask for "bookstores" and get a description of 500 sites, along with their Internet addresses.


Security is the scary part. When you type in your credit-card number, is someone waiting to grab it? We've all read headline stories about computer-network thieves, like the hacker in Russia whose gang lifted $400,000 from Citibank. Don't let such incidents put you off. When prudently used, the Net today is safe enough. Citibank made its customers whole, as it would after any heist. You're at greater risk when you hand your credit card to a waiter than when you use it to shop by computer, provided that your electronic business is handled entirely in code.

How do you know if you're transacting business in code? If you're using Netscape Navigator, look for a picture of a key in the lower corner of your screen. Unsecure connections display a broken key; secure connections, a whole one. With Internet Explorer, a lock pops up when the line is safe.

No security expert I consulted would do a credit-card transaction over an open line. But they all did point out that you're liable for only $50 in unauthorized charges if your card number is grabbed. But even if you do business on an encrypted line, how secure is it, really? This is two questions, not one. How impenetrable is the code, and how do you know that the business you called is a real business, not a teen-age hacker ring?

Security experts say that, at present, encryption is looking pretty strong. Some codes seem almost unbreakable. Others aren't worth the time and cost that deciphering them would take.

Even with strong codes, however, a vendor can carelessly violate its own security system. "We're just waiting for the massive fraud that takes down a brokerage house or Internet company," says security expert Peter G. Neumann of SRI International in Menlo Park, Calif. Fortunately, bank and brokerage accounts offer other layers of protection. Your losses may be reimbursed by federal deposit insurance or the Securities Investor Protection Corp.

To try to give people confidence in who's at the other end of the wire, the Net has developed what it calls "certification." A trusted firm certifies that Security First Network Bank is indeed the bank, and issues it an online ID. If the certifier errs, it may be liable for any money you lose. Netscape users can find a firm's certificate by clicking on the little picture of the key. Internet Explorers should search "File." In the future, you may have to get your own certified ID.

In about six months, you'll start seeing transactions protected by a new system called SET. It lets you charge things to a credit card without showing anyone the number. That should foil today's online "sniffers" that steal card numbers electronically. Your number will also be hidden from dishonest merchants.

Then there's S/MIME, coming up by the end of the year. S/MIME lets customers send encrypted e-mail (orders, letters, invoices) that reproduce in a standard way on any machine. That is expected to give Internet commerce an enormous boost.


The weakest point in the Net today isn't the infrastructure, it's you. World-class encryption won't help the klutzes who post their passwords on their computers or leave the workplace without logging off.

Write to Jane Bryant Quinn at: Newsweek, 444 Madison Ave., 18th floor, New York, N.Y. 10022.

Pub Date: 11/18/96