To: dkgross (1507 ) |
From: Tradewinds Tech Wednesday, Aug 18 1999 9:50PM ET
Reply # of 1523
I think some of you are tying yourselves up in knots un-necessarily, in trying to understand this security issue; because you are confusing/mixing discussions of three different scenarios, as if they were one.
In the vase of the consumer who DOES NOT HAVE INTERNET ACCESS, the various comments about the need for a small, convenient device, are right on. For this market, Tom has patented a terminal originally named the Paymaster, and more recently referred to as the EZYShopper. This device, which will be used for EZTShop public locations, can also be used for shopping or bill paying in the home of someone who does not have a PC; or, someone who has a PC, but is not prepared to venture out onto the big, bad Internet.
Tom and I have a broad philosophical difference of opinion over how large this market is (i.e., the market consisting of people who want to shop or pay bills electronically, but don't have Internet access). I will leave it to others to debate that.
The second and third scenario is (are?) those cases where consumers have Internet access, but would prefer a safer way of using their credit card, and/or a way to use their ATM card. This splits into two scenarios, because there are two approaches to addressing this market need.
The first approach is to use the device Tom has called a SLICK, for which he obtained a patent. The SLICK is a low-cost card reader and PIN pad, which attaches to the PC. The SLICK also has a modem and, as somene explained, it uses a second phone line to dial directly to the bank, or a processor acting on behalf of a bank. Because this data never passes over the Internet, it is more secure.
The other approach is to use a device similar to the SLICK, but to go ahead and pass the data over the Internet, rather than use a second phone line. Removing the need for a modem built into "the device", and removing the need for a second phone line, makes this a simpler and lower cost approach. Less cost, and less security. You could say, you get what you pay for.
It appears that eConnect will try to implement all three approaches. For Internet ("same-as-cash") transactions, the simpler device that does not require a second line, will be implemented first. With current funding, it would not be prudent to attempt to develop both simultaneously. Development of the full-blown SLICK may be funded by the joint venture with the Australian gorilla.
For now, there is no way around needing a hardware device attached to the consumers PC. Regulations imposed by the ATM networks, require that ouyr secret 4-digit code (your "PIN" number) be encrypted in "secure hardware". They are NOT prepared to accept encryption done "in software", i.e. by a program provided by eConnect, and loaded into the consumer's PC.
Regarding consumer protection: Consumers do have protection when they use their ATM card, comparable to credit card rules. This is a function of the way the banks and bank networks work, not something eConnect has to sweat bullets over.
For consumers without Internet access, EZYShopper could be deployed to their homes today. However, eConnect marketing resources will focus on the EZYShop/Public Location business opportunity first, and then go back and lok at how to develop the home market.
Regarding Marketing: There is a lot more to the business strategy than this, but it gets to be too much for a simple email. Suffice it to say that eConnect does have solid marketing ideas for making these things happen.