Battling Credit-Card FraudBattling Credit-Card Fraud

Here's one way to combat online fraud: Force cybercrooks, if they steal your credit card, to take your computer, too.

That's the plan at online-security company Safewww Inc., which has teamed with fellow startup Cardinal Commerce to develop a joint authentication service for credit card-issuing banks. IDshield authenticates an online shopper with a password and a unique number that identifies the shopper's computer. That numerical tag, based on serial numbers and volumes of the CPU, hard and disk drives, is combined with a unique algorithm generated by Safewww. Consumers would download a file containing the tag onto their hard drives.

"Unless somebody walks into your house and steals your computer, you're OK," says Safewww CEO Kenneth Bob.

According to analysts, credit-card fraud is 30 times more prevalent online than in stores, where cards must be used to conduct a transaction. Under the Verified by Visa program, in which card-issuing banks can validate a cardholder's identity via a password during an online checkout, liability shifts from merchants to banks. Visa believes the system will eventually cut in half the charge-backs, or penalty fees, it charges. A company spokesman doubted that IDshield would catch on. "Any software that consumers are required to download stifles the ability of the service to grow."

Gartner analyst John Pescatore agrees: "The downside is that a lot of times I want to use my credit card for different computers." That's possible with IDshield, but additional computers must be registered in advance. "Without a big guy, like a credit-card company, signed up, it's not going anywhere." He suggests the technology could also be applied to corporations protecting remote access.

Safewww is pitching its service to banks by playing up the prospect of making consumers feel more secure about using credit cards to buy online, which would boost sales. Bob wouldn't disclose the fee he would charge banks beyond "a few cents per transaction."