Guilty as Charged Says CEO

[Calgary, ALBERTA] According to Paul Verhoeff, the key to escaping credit card-related security
breaches online is simply for e-commerce Web sites to avoid storing credit card numbers.

The chief executive officer of Alberta’s, an online travel-booking firm, offered this advice in
the wake of e-tailer’s security disaster. Just three days before Christmas, the
California-based dealer of electronics products for small to mid-sized businesses announced that a hacker
had broken into its system, potentially stealing information from approximately 3.6 million credits cards
belonging to customers. The hacker could have gained access to this sensitive financial info
because Egghead allows its customers to store their credit card numbers on its site in order to alleviate the
inconvenience of re-typing credit card information each time they wish to make a purchase.

Egghead has enlisted the services of Internet security consultants to investigate the breach.

“If more e-commerce companies followed’s lead and did not keep their customers’ credit
card numbers on file, they could avoid the turmoil that last week’s hacker attack on has
created for millions of its clients,” Verhoeff said. “We believe has some of the most
sophisticated security systems in the world, but because no system can be guaranteed foolproof, we
consider it essential to take the further step of not retaining customers’ credit card numbers. We urge other
e-tailers – including our travel industry competitors – to adopt a similar policy for maximum protection of
the traveling consumer.”

This holiday season, most major credit card companies introduced a ‘zero liability’ program that eliminates
all liability for cardholders who experience credit card fraud as a result of Internet purchases. The
programs were launched as a way to boost consumer confidence in shopping online – – something
conservative Canadian shoppers are very much in need of. According to statistics, almost 75 percent of
Canadian consumers are wary of shopping online because they are afraid to divulge their credit card

These fears were bolstered earlier this month when it was discovered that a 20 year-old man in Moncton,
NB, was operating a Web site that fraudulently advertised the sale of almost impossible-to-acquire Sony
Playstation 2 units. Before authorities were able to shut the site down, Scott Frederick Byers had conned
over $400,000 (CDN) out of 2,500 unwitting holiday shoppers.

As fast as hackers are cracking security codes, however, credit card companies and banks are
endeavoring to make online shopping safer. The Canadian Imperial Bank of Commerce (CIBC) recently
released one-use Visa credit cards specifically designed for making Internet purchases, mimicking
American Express’ one-use card that was rolled out in the U.S. earlier this season. Both companies
maintain that consumer response to the initiative has been positive.

Still, Verhoeff emphasizes the need for e-commerce Web sites to forsake convenience in some areas

the name of higher security. “Having to type in their credit card numbers each time they buy something
online is a minor inconvenience for consumers, but one that is well worth it to guard against hackers,” he

News Around the Web