The internet is, above all, a mechanism for the dissemination and distribution of information. The internet allows information to flow both ways in a way that TV and paper-based information does not.
Effective use of the internet allows not only the transmission of a message to the masses but it also allows the masses to react and respond.
It is no wonder that, for many years, businesses have been trying to cash in on the reality of an always available, always friendly, almost cost-free, almost risk-free sales assistant, accounting clerk, distributor and advertiser.
The positive aspects of a consumerdriven product delivery mechanism are great. Every positive, however, can be expressed as the sum of two negatives. Two critically important negatives are security and privacy.
Security is there to be broken
During her last days in prison, Mary Queen of Scots entered into an encrypted conversation with people loyal to her office. Her encryption was broken. The Nazis believed that Enigma was unbreakable. Enigma was broken first by the Poles and then by the British.
Every day, websites are broken into, security systems are subverted, credit card details are stolen, personal details are appropriated and financial fraud is committed. And that is only security breaches done with criminal intent. Advisers need to embrace the technology of the internet to prosper but does the insecurity of the web threaten take-up among consumers?
Financial institutions are associated with high physical security. Note your local high-street bank (if you can find one). We take for granted measures such as bullet-proof glass, automatic shutters, panic buttons, patrols, tagging and tracking systems, anti-counterfeiting features and alarms.
These are the result of considerable experience in fighting a well understood adversary. What analogues are there in the virtual realm of the web and to what extent is traditional experience and understanding mirrored in websites?
When you send information over the internet, is it secure? Can others read it? Can others pretend to be you and perform transactions on your behalf but to their gain?
The current public perception is that the internet is not secure. It has not been helped by recent breaches caused by companies' own lack of security, the most recent case being the publication of personal bank details of a few customers of Barclays Bank.
It caused widespread publicity, yet the harm caused would be no different than a bank statement delivered to the wrong address. Understandably, the public perception is that it is not safe to make purchases, send money or personal information over the internet. If this is true, when can e-commerce begin the much heralded world change in business practice that has thus far been promised?
Secure systems and fallible people
Cryptography can provide mathematically proven codes that would take parallel processing super-computers millions of years to break.
Cryptographic formulae such as RSA, DES and PGP are used in some way by almost all internet sites offering e-commerce facilities. Surely then, the internet should be considered secure? Cryptography is a branch of mathematics concerned with solid, provable logic. Security is a process involving not just mathematics but also people. People choose ill considered passwords. People leave well considered passwords in ill-considered places. People, in short, are fallible.
The type of security software applied is important. Two types are open and closed source. Open source means simply that it is open. This software has (literally) thousands of independent people looking at and developing the source code. Security vulnerabilities will have been or will be identified and removed.
Compare this with closed source. No one knows how many software holes could exist because few people (usually just those within the company that developed the software) will have access to the source code.
Security is a process, not a system. You cannot apply security to a developed system and to implement secure technology you need to understand technology, security and the business requirement. We all agree that security should be the highest priority, yet it is often the first thing to go out the window when a deadline or a co
mpany's bottom line is affected.
The human inbuilt security system
It has been said by almost everyone that the only way to make an internet server secure is to unplug it from the internet. Lock it in a safe and drop it in the ocean.
While this is probably correct, it gives the wrong impression to the consumer. We actually have far less of a guarantee that we are not going to be ripped off when we walk into a shop. How many times have you casually given a shop assistant or waiter your credit card, only to have it whisked away from your very eyes? What happens in the time between giving the card and getting it back again is anybody's guess.
Throughout our lives, we are conditioned to perform socio-visual authentication to unfamiliar circumstances, yet people still fall foul of fly-by-night tradespeople, dud products and confidence tricksters. The same is true of the internet and e-commerce.
Digital signatures and public key encryption can guarantee (within reason) private communication with a third party but it says nothing of the trustworthiness of the third party. Consumers may be careful about only performing financial transactions over an encrypted internet connection. But if the company at the receiving end is itself criminal, then the best encryption in the world cannot help you.
When you visit a reputable shop, you have an expectation of what it will look like and where it can be found. You know, essentially, that the shop cannot be easily forged and replaced with a duplicate populated by scheming thieves.
If you have a problem with a product, you know where you can take it back. To instil the same confidence in the electronic consumer, we must provide a similar feeling of “acceptance” and “confirmation of expectation”.
It is essential that any website offering to take money from a consumer (directly or indirectly) impresses in a similar way that they are a trustworthy and a genuine company.
Pedigree, brand and vigilance
Within this industry, the skills required to create simple websites and the tools available to create them are now almost commonplace, e-commerce functionality less so but is developing. But you need to ascertain what security measures have been put in place and understand if it fits your requirements.
Then the consumer must be convinced to trust your website enough to conduct business through it to the extent that they would know, for example, that the www.xyzadvice_ group.co.uk belongs to a fraudulent company hoping to scam consumers who should be going to www.xyzadvicegroup.co.uk.
The answer is currently pedigree, brand and vigilance. The providers of internet services need to develop websites which look professional, feel professional and have the tools and functionality not available to the fraudsters.
We need to employ the expertise within our own company to build secure systems and services advisers can trust. Advisers need to develop brand values and relationships that existing and potential clients can trust and instantly recognise as theirs. The consumer needs to be vigilant when they determine with whom to transact business.
Within this industry, we have little or no control over the actions of the client and potential client, save for public education. The rest of it, though, is down to us.