Surfing the Real McCoy

The difference between 'gov' and 'com' in a World Wide Web site address can mean the difference between a real Web site and a phony Web site. The White House knows the problem all too well -- those three letters spelled the difference between White House facts and false, playful information to Web surfers.

Now companies are preventing the problem by providing a solution to fraudulent Web pages -- Web page certification, a logo that appears on real Web pages to indicate a Web page's authenticity.

However, analysts and lawyers doubt it will deter Web crooks from creating phony Web pages and give Web surfers assurance that they are viewing authentic Web pages.

"Trying to stay ahead of the crooks is easier said than done," said Joseph Greif, an attorney with McNeily, Rosenfeld and Rubenstein in Washington, D.C. "Electronic crooks are tech-savvy people who know how to get around solutions."

Mark Burnett, president of Application Programming and Development Inc. in Camp Springs, Md., is one of the first providers of a Web page certification logo. The six-year-old company has been addressing Internet security by providing hardware, software and communications facilities for operating customized, on-line systems in secure environments. The company is now selling the TrueSite logo to Web page owners to give their Web pages authenticity and credibility. A Web surfer will see the logo at the top of the Web page, click on it and get a verification message that lets the visitor know that the site is registered as an authentic site. The user can also see the TrueSite name in the URL address on the browser.

Burnett likes to think of it as a Good Housekeeping seal of approval for Web sites. He has established partnerships with the Greater Washington Society of Associations and the Association of Online Professionals to attract their members as potential clients. Through other associations, he hopes to target Web sites where users apply for loans from banks and sites that provide free medical advice.

Burnett will roll out the service in July and expects to attract 5,000 clients with the TrueSite logo by the end of this year. To date, there are 500 certified clients through the 60-day free trial period that Burnett is offering.

The company recently signed the Association of Online Professionals, which has a Web site to serve more than 1,000 members with daily financial transactions of $95 to $5,000. Burnett has also talked to the White House about placing the TrueSite logo on the White House Web page to prevent future fraudulent pages.

"The scope of the problem is not realized," said Burnett. "But the name [TrueSite] implies legitimacy for Web users."

Burnett is charging clients $2,495 per year for the certification. The price includes a listing of all products in the TrueSite database for Web users to search, a banner ad on the TrueSite search engine and a hacker alert if a customer hits an illegal site.

"Page theft and misdirection have become a major issue since appropriation of the White House's Web site," said Dave McClure, executive director of the Association of Online Professionals and a client of TrueSite.

Others are doubtful that many Web site owners will need the certification service.

David Weisman, director of money and technology strategies at Forrester Research Inc. in Cambridge, Mass., says that people are using Web page certification or digital certificates only because they come with the server that the Web page is stored on. For example, the Netscape server offers certificates to the Web pages on its server. He said users will find it hard to spend extra money on a logo.

"The incidence of Web fraud are small, and I don't see many people spending a lot of money just to certify their marketing pages," said Weisman. "There aren't even a lot of cases of credit card fraud over the Web."

"You shouldn't be doing financial transactions on the Web," said Greif. "The Internet is like nailing a sign with your credit card number on a lamp post on K Street." He said it is impossible to control Web fraud because the Web is a fast-moving international target. However, the problem has yet to get noticed. His law firm has had no similar cases dealing with Web fraud.

Pushpendra Mohta, director of CERFnet in Santa Clara, Calif., said certification logos will be cumbersome for Web users. "The user usually knows the right address to get to the proper site or is pointed there through a search engine," said Mohta. "It is difficult to mislead the user into going to the rogue site."