ALEXANDRIA, Va.-Just as content on the wireless Web is not at the same point as the wired Web, wireless Web security is not at the same level either. But if the wireless Web is to succeed-in the way the wired Web is succeeding-it needs to be secure.
“Wireless e-business will only succeed if it is convenient and trusted,” said Andrew Codrington, a speaker at last week’s “Ensuring successful wireless e-commerce with end-to-end security” conference sponsored by the Institute for International Research. Codrington is business development manager of global wireless solutions at Entrust Technologies Inc.
Preparing the wireless Web for mobile commerce will require security, but it won’t be different than the process used in the wired world, said Dr. Phillip Hallam-Baker of VeriSign Inc.
Philip Berton, director of market development for Baltimore Technologies, agreed that some of the same security processes will be used.
“You don’t have to reinvent the wheel. It is OK to plagiarize. … It is not cookie-cutter, but a lot of the work can be modulated and then a lot of the work is done,” said Berton.
In a large sense, there is no difference between mobile commerce and electronic commerce, said Jim Mirowski, vice president of business development for ValiCert.
“I don’t see the difference between mobile commerce and e-commerce. The mobile commerce world is developing the same way the e-commerce world did. … The mobile devices are really just different channels for the financial services. … Folks who are providing mobile-commerce solutions are going to be competing with all of these other channels,” said Mirowski.
The distinguishing factor for mobile commerce is if it is really mobile commerce, Mirowski said, telling of a recent i-mode stock transaction demonstration that involved a message being sent to a broker who then called back on the mobile phone to confirm the order. “This is not mobile commerce. Is it something that is really mobile commerce or is it something that just has the gloss of mobile commerce?” Mirowski said.
The development of wireless e-commerce security is happening today, albeit sloppily, through the standards process. Alfred Arsenault, chief security architect of Diversinet Corp., gave an overview of the standards process.
At the end of his presentation, Arsenault gave the audience of professionals from the wireless-security world some advice.
“If standards are appropriate, mature and widely implemented, then by all means use them. But don’t get so fixated on a particular standard that you don’t build a secure, working system,” said Arsenault.
Just as companies shouldn’t fixate on a standard, they shouldn’t let the marketing department imply that products are secure until they have been tested, said Chris O’Ferrell, deputy director of the ethical hacking division of Global Integrity.
O’Ferrell told RCR Wireless News that he thinks wireless security will have to go through the same security growing pains as the wired Web did and that marketing departments shouldn’t get too far out in front of the technical engineers.
In addition to security issues, personal privacy issues must be addressed. It is unclear whether wireless electronic signatures are included in electronic and digital signature laws that have recently been passed, said Stefan Engel-Fleching, managing director and general counsel of Radicchio of Dusseldorf, Germany.
This doesn’t worry Marc Le Maitre, director of product strategy at Nextel Communications Inc., because he believes the issues will be worked out just as they were in the wired world.
“If you looked at the Internet six years ago with all of the problems that have come and been solved, you never would have bet on the Internet,” said Le Maitre.
