![[Horizontal Rule]](../grph/marblebar.gif)
A few weeks ago, I took another step. A difficult step. I finally ordered something over the Internet on my credit card. If the thought of that makes you shudder...read on.
Some of you may recall the edition of this column a few months back devoted to the security of electronic mail over the Internet. In it I maintained that while concerns over Internet security might be valid, in practice most law offices take little, if any, security measures in their other forms of communication.
I highlighted a whole array of insecure methods in common use, among them portable telephones, cellular telephones and unencrypted facsimile transmission, unarmed courier and - everybody's favourite - good ol' Canada Post.
I said then that your credit card was probably more at risk in the five minutes the waiter in the restaurant disappears with it than when you use it over the Internet. I've since changed my mind. It is certainly more at risk when the waiter has it.
(Not my credit cards, of course. I foil would-be credit card thieves by using up my credit to the limit, so even if someone tries to use my card without my permission, the transaction won't be authorized. Clever, eh? In any case...)
I wanted to order some product from a mail order company that I've dealt with numerous times before. It has been around for some 20 years, receives much 3rd-party endorsement, and I've never had a problem with any previous orders.
For my first few orders, I would write my order on a sheet of paper, including my credit card number and signature, and fax it to the company directly. As is typical for all the faxes that leave my office - and yours, I suspect - they were sent unencrypted.
When the company became more advanced, it offered a touch-tone order system, where, as a regular customer with an account number and numeric passkey, I could compose my full order on the telephone pad, without once having to repeat the spelling of my last name to an order clerk.
I would punch in my credit card number and expiry date, and would receive my merchandise two days later.
I have no idea, of course, whose machine my telephone signal was passing through, and how many electronic telephone hubs were listening to the melody of the tones and humming along.
When they introduced Internet ordering, I was naturally anxious to try it out. After all, I use a security-enabled web browser (Netscape), and when I connect to the order form at the website of the manufacturer I receive the appropriate alerts on my screen that security is activated.
Before taking the plunge into placing an Internet order, I did ponder the downside of what I was doing. What if my number were stolen?
My liability in the case of a stolen credit card would no doubt be set out in my contract with the credit card issuer.
I suspect your contract reads the same as mine: my liability for fraud or misuse of my credit card at the hands of a third party is limited to a maximum of $50. The credit card company swallows the rest. No wonder they're more afraid about Internet transactions than I am; they stand to lose more than I do. In case of fraud, they are the ones who will suffer the losses at the hands of the rogue.
I'm sure that some clever lawyer thought of that from the beginning, though, and their losses will be indemnified by the vendor who accepted the card from the rogue.
After all, if the vendor accepts a card from a person not authorized to use it, it is the vendor's own action that has caused the loss. Vendors accept that responsibility as part of the deal.
Vendors who take credit card orders not-in-person (by phone or by fax, eg.) are not able to authenticate the signatures of the purchasers by comparing them to what's on the back of the cards.
Not every vendor of goods is accorded the privilege of being able to accept not-in-person orders, and those that are must be assumed to understand the risks.
The credit card issuer, presumably, would not continue to authorize a merchant to take not-in-person orders if it too frequently submitted claim stubs that turned out to be fraudulent.
In the final analysis, then, it's the vendor who's taking the biggest risk, because in the case of a fraudulently-placed order they will have shipped their product long before the real owner of the credit card is notified of the purchase.
By placing its order form on the Internet, the vendor has assumed that risk in order to do business.
Law firms have only recently started taking credit card payment for their client bills. Despite the fact that clients have long requested it, many lawyers still resist.
The notion of a law firm becoming an Authorized Merchant for VISA or MasterCard seems repugnant to some lawyers, as if somehow it commoditizes the services they render, or diminishes their value.
Don't get stuck in the '80s. Banking is changing. Handling deposits and withdrawals can be a costly activity. It is far more expensive for a bank to process a handwritten cheque than it is to process an electronic transaction.
Law firms today should be able to accept credit cards, debit cards and eventually electronic cash, as the mechanisms for that latest form of payment are put into place. Electronic transactions will help stabilize service charges levied by your bank, if not reduce them.
Moreover, you will reduce your own accounting department requirements and general overhead by paying bills electronically instead of by cheque.
There's no secret about why credit card transactions are not ubiquitous on the Internet. Consumer acceptance is the hardest part of any marketing effort.
Automatic teller machines have been around for almost two decades; yet, it took a long time for them to move from marginal, through popular, and finally to prevalent.
At the virtual eleventh hour (in other words, before hitting the 'Submit Order' button), I asked myself, "Is my general conduct with my credit cards so unimpeachable that using my number to make a purchase in this instance is putting myself at unreasonable risk?"
The answer was very simple. I ate at a restaurant last night. So who am I kidding?
The biggest enemy in all of this is my own uncertainly. Doing business a new way meant moving out of my comfort zone. I'm glad I did.
© 1996 Lewis S. Eisen