Practical Traveler; Tighter Security For Web Buyers

THE Internet has been a boon for wired travelers with the patience and savvy to surf for good deals, but it can also leave unwary travelers in a highly precarious position.

This year, for example, a technical administrator for an Internet service provider in Seattle discovered that hundreds of Web sites had left their customers' credit card information completely exposed to anyone with an Internet connection. Among those sites was a travel company that arranged trips to Cancun; so not only could thieves use the card but they could also find out a family's travel plans and visit the empty home while they were away.

Executives of travel Web sites are quick to point out that no such thefts have been reported, but the mere threat continues to vex Internet users. Jupiter Communications, a New York-based research firm, says that 17 percent of online shoppers surveyed are ''extremely reluctant'' to use credit cards online. But the situation is improving, as technology companies and travel sites continue to roll out features and policies meant to protect customers from fraud -- and as consumers become more accustomed to online buying.

The most popular travel sites now give customers myriad ways to pay for tickets and secure reservations, while also paying the first $50 of any fraudulent misuse of credit cards (credit card issuers are liable for the rest). And every reputable online travel site features secure sockets layer (SSL) transactions, which encrypt credit card data while in transit, virtually guaranteeing safety.

Safe 'Neighborhoods'

''On the Internet you can't tell when you're in the bad part of town,'' said Terrell B. Jones, president of Travelocity (www.travelocity.com), which announced a merger with Preview Travel (www.previewtravel .com) in October. ''Everything looks just about the same, so we have to convince people we're a safe place to do business. And that's especially true when you're selling a $280, nonrefundable electronic ticket. People don't want to make a mistake.''

Mr. Jones said that Travelocity saw a measurable difference in sales last year when it posted a notice telling consumers that they would not be liable for the first $50 of any credit card misuse, if the card issuer did not cover it. ''We also told consumers they could call in their credit card numbers if they weren't comfortable giving them online,'' he said.

In addition, the company allows consumers to mail or fax credit card numbers to secure reservations. ''Somehow people think a fax is an unbreakable secure encryption system, which it isn't, but that's O.K., it's what they're comfortable with,'' he said, noting that about 50 people a day phone or fax their numbers.

Analysts and executives say it is now common for the better-known travel sites to offer the option to phone or fax credit-card numbers. But most travel sites will not honor a personal check. Airlines cannot hold seats based on a personal check because it can take several days for bad checks to be reported, during which time the airlines cannot sell the seats to other buyers. ''And they don't want a 7-year-old booking a flight on the Concorde, which happened once,'' Mr. Jones said.

Travel sites are also sweetening the pot to encourage reluctant shoppers to part with their credit card numbers online, mostly because sites know how much cheaper it is to process a reservation online. Companies can pay $25 or more in overhead every time a customer service representative answers the phone.

Thus the deluge of online travel incentives: the Hotel Reservation Network (www.hoteldiscount.com), a Dallas-based service that books hotel rooms nationwide, is offering rebates up to $50 this month for reservations made completely online; through April 30, United Airlines (www.ual.com) is giving 3,000 miles upon each customer's first online booking, plus the standard 1,000-mile bonus for each online purchase.

Sites are offering other forms of encouragement as well -- most notably convenience. Online travel companies have made it easier than ever to complete transactions, in part because they now offer a degree of personalized service that's almost unsettling. For instance, Expedia (www.expedia.com), Travelocity's chief competitor, allows registered users to create a file of travel preferences for everyone in the family, including frequent flier numbers, seating and food preferences, disabilities and age (in case anyone qualifies for discounts).

Expedia will also store a user's home airport the first time a trip is booked through the site, which, when combined with the travel preferences and credit card information stored by Expedia, can whisk users through a reservation in three to four clicks. Travelocity boasts the same capability, and both sites go to great lengths to assure that personal information will remain confidential.

Travelers who are either too leery of storing personal information on multiple travel sites or don't want to spend the time typing it in are candidates to use an increasingly popular online technology called the ''digital wallet.'' These wallets allow users to store their information either on their computer or on a secure Internet site, where it can be used to fill in forms with one click.

Two of the more popular wallet devices are offered by eCode (www.ecode.com) and Gator (www.gator.com), each of which provide the service free. ECode, based in Santa Clara, Calif., stores a user's personal and credit card information -- as well as log-ins or passwords for sites requiring registration -- on the company's secure server. Whenever users confront a blank form on any site, they click a button and their relevant information is instantly sent -- encrypted -- to the site.

Gator, which has compiled hundreds of thousands of users in a few months, stores your information on your computer. Frequent travelers must store it on laptops to use a digital wallet on the road.

Downloading a Wallet

With both Gator and eCode, users must spend a few minutes downloading the wallet software, which does not work with a Macintosh. Wallets only help fill out the transaction forms -- ticket returns or any other issues arising from the purchase must be handled directly with the merchant. And these wallets don't yet store the more-complete dossier of information that travel sites typically do. But that may change quickly, as technology improves.

''Our vision is for Gator to evolve into a general purpose assistant,'' said Jeff McFadden, the company's chief executive. ''So if you're on United Airlines' site looking to book a trip to Bermuda, Gator could recognize that and say 'Hey, would you like me to check all the rest of the airline sites for a better rate?' ''

Gator, based in San Mateo, Calif., was begun last year by Mr. McFadden and a team of entrepreneurs, who began offering the service to consumers in June. Since then, Mr. McFadden said, the company's electronic wallet has been downloaded by hundreds of thousands of people.

ECode is used by more than 100,000 people, said Rohit Chandra, the company president, who founded the firm in 1997.

Drawing (Robert Neubecker)