In the battle against online scams, consumers have a responsibility to use the tools provided by technology vendors to protect their personal data, privacy executives from eBay, Hewlett-Packard (HP), Microsoft and Truste said Thursday.
Phishing schemes are prevalent and eBay users are regularly targeted. Phishing scams typically use spam e-mail messages to drive people towards Web pages that look like legitimate e-commerce sites, but in fact steal sensitive information such as user names, passwords and credit card numbers.
The online auctioneer introduced a toolbar about six months ago that tells customers if they are actually on the eBay Web site or on a spoof site. The toolbar has been downloaded 1 million times, while eBay has about 135 million users.
While technology companies can provide tools to help, Internet users are responsible for protecting their data, executives from eBay, Microsoft, HP and Truste said in a panel discussion Thursday at Microsoft's Mountain View, California, campus.
"The customer has a responsibility to help protect information as well as the technology companies," said Scott Shipman, privacy counsel for eBay. Tools available for customers include the toolbar as well as authentication methods such as fingerprint scanners, he said.
Fran Maier, executive director at Truste, agreed. "We have to get people to understand that they have a duty to protect their information," she said. Truste certifies Web sites as trustworthy when the companies adhere to certain rules.
User education is a big part of the solution to online scams, the panelists said. Education will help Internet users find the appropriate security tools and learn how to identify fraudulent e-mail messages and fake Web sites. "Educational tools are starting to get the message out there," said eBay's Shipman.
TV commercials help, such as those on identity theft in the U.S., but more needs to be done, said Truste's Maier. "We have to leverage the word of mouth and, unfortunately, the bad experiences we all know about. It has to be in 'The Sopranos,' 'Law and Order' and other (popular TV shows). That is how you reach a lot of people."
Scams, particularly phishing scams, are so complex that educating users is a major challenge, said Barbara Lawler, chief privacy officer at HP. "How do you really educate someone to recognize a phishing scam? It is really hard to tell," she said.
"A couple of years ago we were not even talking about spyware, we were not talking about phishing. These are pretty new issues. ... The challenge is putting that in the language of the average person and that is, I think, where the industry still has work to do," Lawler said.
Microsoft, which has been criticized for delivering software that enables scams such as phishing, also offers tools and information to protect users, said Peter Cullen, chief privacy strategist at the Redmond, Washington-based software maker. One of the ways is via a Web site that teaches how to identify scams such as phishing.
But it comes back to users taking advantage of the tools and information made available to them. Cullen likened the adoption of security tools to when seatbelts were first introduced in cars. At first, not many drivers used the seatbelts, but usage rose after a concerted public information campaign.
Daunted by the talk about online scams and the lack of a silver bullet from technology vendors, one attendee suggested that maybe the vendors should take a step back and develop products that are not prone to phishing.
"If eBay, HP and Microsoft can't fix the problem, I am pulling the DSL line out of my home," said the attendee, who did not give his name.