E-commerce sites exposing customer information
By Jack McCarthy and Elinor Mills
Posted at 7:24 AM PT, Apr 23, 1999
Just this week, an employee at an Internet service provider in Bellevue, Wash.,
Joe Harris, systems administrator for Blarg Online Services, which hosts e-commerce
Since he posted the warning, many of the affected Web sites have corrected the
Such privacy breaches are expected to increase as more retailers go online.
"With the growth of the Internet and the use of e-commerce, you're going to get more
Experts say the privacy breaches seem to be happening primarily with smaller
"It's definitely an issue that impacts smaller online merchants that are either
Along with the dramatic growth of e-commerce, smaller companies are racing to sell
Amateur Web designers can fail to follow instructions in using shopping cart
Many small retailers use friends or untested companies to develop their Web sites,
Basically, companies should be careful in selecting companies to set up and host
"If you are going to put your store on the Web, you are responsible for the
While smaller companies may be primarily at fault for privacy breaches lately, data
"Smaller companies do cut corners, but the larger companies usually have large
At the same time, companies are becoming more aware of the necessity for security.
On their end, consumers should try to find out how secure the sites are that they
There also need to be technical solutions that make it easier for people to read
"Seems as though it takes a violation of peoples' privacy to make people pay
The federal government may eventually give online merchants a push in the direction of guaranteeing security. Although the Clinton administration favors allowing the
Despite the privacy lapses that are occurring in the retailer rush to sell online,
"There's not a huge risk for the consumer except to maybe have to cancel a credit
Jack McCarthy is a San Francisco correspondent for the IDG News Service, an
InfoWorld Electric
Recent breaches of customer privacy by online stores shows that early concerns for
Internet security were justified, industry experts said, adding that smaller
businesses rushing to get online are often the culprits.
posted a warning on the Internet to systems administrators and Web developers about
the potential for Web sites exposing information as a result of improperly
configured e-commerce software.
sites for companies, said Thursday that he discovered last week that
more than 100 online stores hosted by Blarg were inadvertently revealing
customer names, addresses, credit card numbers, and other purchasing information.
One of the ways random Internet users could access the information was
by using certain keywords while doing searches on the sites, he said.
problem, Harris said, but at least two stores were still exposing customer
information on their sites Thursday.
and more of these situations," said Bob Lewin, executive director of Truste, a
Cupertino, Calif.-based group that monitors online privacy practices
and offers seals of approval to Web sites that agree to follow basic privacy
guidelines.
companies that might not have the expertise and sophistication to properly install
electronic-commerce software or the money to hire experienced firms to do
it for them.
using multiple site hosting services or are building their own using these simpler
[turnkey] commerce packages," said David Kerley at Jupiter Communications, a market
research firm in New York. "It's an area that larger online merchants are more sensitive to and more knowledgeable about."
online and creating greater demand than can be met for people who know how to create
secure Web sites, according to Kerley, "so people who aren't as experienced are getting into the business."
software that takes orders from customers, Harris said. When the software is
improperly installed, the information can be exposed, for instance by being stored
on a file that is accessible to Web surfers, he said.
Harris said. "They hear that their sister-in-law's cousin can do it, so they hire him," he said.
their e-commerce sites by getting references, using established companies, and
asking about privacy and security up front, the experts said. If they don't, they'll
not only lose customers but growth of e-commerce in general will be impeded, Lewin said.
information that's there," Harris said. "Your client is trusting you to make
sure you do everything in your power to make sure that data is safe."
exposures at Web sites run by larger companies also can happen, and when they do
they can pose an even greater risk, according to Ari Schwartz, policy analyst at the
Center for Democracy and Technology in Washington.
databases and there's a lot more at stake, Schwartz said. "So both [types of
companies] need to pay adequate attention, especially those people implementing
software solutions for large numbers of small companies."
Nearly 700 Web sites are members of Truste and more are joining all the time, Lewin
said. "The majority of our licensees are smaller organizations," he said. "[They] don't have time to do the necessary investigations
to find out what they should be doing in the first place."
buy things from. "It's no different than other markets. Buyer beware,"
Kerley said.
privacy notices online so they can determine whether the Web site is as secure as
they want it to be, said Schwartz of the CDT.
attention," Schwartz added.
industry to regulate itself, agencies such as the Department of Commerce
and the Federal Trade Commission have been discussing how to encourage privacy
protection, and lawmakers have talked about enacting laws that would make Web sites
liable for privacy breaches on their sites.
the risk is still minimal to most consumers, according to Kerley.
card," Kerley said. "There are far more shady businesses that are not on
the Internet that have access and do access personal information of a more sensitive
nature. All it takes is a few dollars to get a credit rating and credit
report, [for example]," Kerley said.
InfoWorld affiliate. Elinor Mills is an editor at large in the San Francisco bureau
of the News Service.
For pricing send information to: [email protected]