Privacy and security may be major concerns for all businesses, but when it comes to those who conduct transactions on-line, a recent e-business study indicated that a third of respondents do not encrypt transactions.
E-Business: Trends, Strategies and Technologies, is a report by the Cutter Consortium of Arlington, Mass., an affiliate of Cutter Information Corp. Its findings were based on data collected from 134 e-businesses from around the world.
The author of the report, Cutter Consortium senior consultant Chris Pickering, noted that the number of companies not using encryption for these transactions is both “surprising and disturbing.”
He said encryption technology, such as secure sockets layer (SSL), is readily available, generally understood and “it’s supported by every major browser.” He noted that SSL does tend to slow servers down, but companies should be overlooking that considering its advantages.
“I don’t understand why companies don’t take advantage of that at least to provide some security in transmission,” Pickering said. “Perhaps what is just as scary, though, is that people freely participate in those transactions. They send their data around unencrypted. It takes two to tango.”
The study found that of the issues businesses face in using the Internet, security ranked as the top concern, followed by cost and reliability, respectively. User connection speed, lack of standards followed by security, and backbone-related matters were the other issues ranked by those surveyed.
“People sometimes confuse or mix-match freely the terms ‘security’ and ‘privacy,'” Pickering pointed out. “They are separate issues…but they are related. If people are concerned about privacy, then the Web sites have to have good security to help protect that privacy.”
From a business standpoint, he said it’s obvious that consumers are particularly concerned with privacy on the Internet, as are business trading partners.
While he noted that customers and partners have a responsibility to keep what they want private safe, Pickering said once a business gets control of personal information it should take appropriate measures to protect it, both electronically and physically.
Privacy seal companies, such as TRUSTe, offer some sense of security for partners or customers, according to Pickering. The vendors charge a fee and assess how well a Web site is complying with its published policies regarding privacy.
What Pickering said may have contributed and created a lot of fear recently is that some Internet companies conduct themselves similarly to the way that direct mail cataloguers or credit card companies have conducted themselves historically – selling mailing lists, for example. The Internet is much more public, and so people feel a lot more exposed.
“We’re getting to the point where companies have to decide whether that is, and should be, accepted business practice. It’s quite clear that a lot of consumers are not happy with that approach to their data, even if it’s something as simple as an e-mail address,” he said.