Lee Stein is bringing some unconventional ideas to the Internet payments business. Can his company First Virtual Holdings Inc.successfidly buck the trends?

Among a multitude of vendors developing secure payment systems for Internet commerce, the approach taken by First Virtual Holdings Inc., San Diego, is decidedly outside the mainstream. But that is not surprising, perhaps, given that First Virtuals chairman and chief executive officer, Lee H. Stein, brings an atypical background to the job of high-tech entrepreneur.

An accountant and an attorney Stein, 42, spent the early 1980s as a celebrity business manager in Beverly Hills, Calif., with a client list that included movie stars Gene Hackman and Matthew Broderick, rock star Rod Stewart, and the bands Journey and Men At Work. The mid-80s found Stein investing in Southern California real estate, selling out before prices crashed in the early 1990s. Then came involvement in television infomercials and the direct marketing business.

He came out of a whole different world. And worlds collide. So we had to invest some serious effort in understanding each other, but we’ve always worked as a team, says Einar A. Stefferud, one of three computer-savvy Internet veterans who are Stein’s co-founders at First Virtual. Along with Stefferud, a recognized computer and communications industry expert, the others are Nathaniel S. Borenstein and Marshall T. Rose, both computer scientists known for significant contributions to electronic messaging, networking, and Internet standards development.

Despite Stein’s nontechnical background, Stefferud credits Stein with the leadership role in bringing forth ideas during the founding group’s initial meetings in early 1994, and then in developing First Virtuals business plan. Lee became the hub of all the spokes to carry it forward, as Stefferud puts it.

Daily Jokes

I was told that what we wanted to do was impossible, Stein recalls of those early sessions. “I was reminded that a lot of people had tried to build Internet commerce concepts before and none had ever really worked. But I kept asking a series of questions, until somebody turned around Financial Service and said, Yeah, that could work. Stein relates. “And then they turned my broad, goofy upside-down concepts into reality. Stein’s original idea was simple. He wanted to sell jokes by electronic-mail on the Internet. Every time you turned on your machine, there would be a joke waiting for you. If you liked it, you’d pay a penny If you didn’t like it, you’d pay nothing, Stein explains. A penny a day collected from millions of Internet users could add up to significant numbers, the team realized. But the hang-up was the lack of a payment system.

Though the joke-a-day scheme went by the boards, what eventually evolved was a payment system that Stein says today is one of the most widely used on the Internet. The system recorded its first transaction in October 1994, and as of March this year had signed up 109,000 consumers and 1,370 merchants in 144 countries, Stein says.

Most merchants using the service offer soft goods such as to information, photos, software and other items that can be delivered electronically The service has attracted sellers ranging from well-known entities like Apple Computer Inc. and Reuters New Media down to small operations selling everything from astrological forecasts to adult-only materials. According to one report, the First Virtual system was moving more than $60,000 daily in payment transactions as of early this year.

The First Virtual system is a far different animal than most competitive approaches, which focus on complex encryption methods to secure credit card numbers during transmission on the Internet. (With an encryption-based approach, card numbers are scrambled using a mathematical formula for transmission, then descrambled by the intended recipient.) Instead, First Virtual relies on an e-mail communication system that allows consumers to purchase items without ever putting their card numbers on the Internet, and without the need for encryption.

To sign up with First Virtual, a consumer provides an e-mail address and registers his or her credit card number by telephone with First Virtual. The consumer is then assigned a so-called VirtualPIN, a number which serves as an alias for the card number for shopping on the Internet.

A consumer placing an order with a First Virtual- enabled Internet merchant sends the VirtualPIN on the Internet to the merchant, who in turn sends an e-mail message to First Virtual to check the validity of the VirtualPIN. First Virtual then sends an e-mail message to the consumer asking for confirmation of the transaction. Once the consumer confirms the purchase, First Virtual sends an e-mail to the merchant authorizing the transaction and routes the charge to the consumers credit card.

Consumers pay $2 and merchants pay a $10 fee to sign up for the First Virtual service. First Virtual charges merchants 29 cents per transaction plus 2% of the transaction price, as well as a $1 processing fee each time a payment is made to their bank account. Electronic Data Systems, Plano, Texas, maintains credit card information for First Virtual and handles electronic settlement of transactions. First USA Merchant Services Inc., in Dallas, serves as merchant acquirer bank.

The primary security feature of the First Virtual system is that it does not require credit card numbers to be transmitted over the Internet, where they could be stolen by computer hackers, Stein says. Indeed, First Virtual has gained notoriety in payments industry circles for its maverick stance that software encryption is inadequate to protect credit card numbers from hackers on the Net. That’s despite the fact that the major card associations, MasterCard, Visa, American Express and Discover, have endorsed the approach, and the majority of payment systems vendors are working to develop encryption-based Internet commerce systems based on common standards agreed to by the associations.

Early this year, in fact, First Virtual touched off a firestorm of controversy by demonstrating a software program that can capture credit card numbers as they are typed on a keyboard before they can be encrypted by security software on a personal computer.

Fatal Flaw

Such a keyboard sniffer program could be used for an automated attack to steal millions of credit card numbers on the Internet, First Virtual claimed, and as such, represents a fatal flaw for software-based encryption on the Net. The company said it had tested the program specifically using credit card encryption software from CyberCash Inc. and from Netscape Communications Corp. two of the best-established encryption-based systems and claimed that the sniffer undermines the security of both. First Virtual offered several possible solutions to this threat, one of which was its own payment system, which it said could not be compromised by the sniffer attack.

The response to the First Virtual announcement was rapid, intense, and often vitriolic. While some praised Stein and his team for raising the issue, competitors and others with a stake in encryption technology called the announcement self-serving, a publicity stunt, irresponsible and worse. It has long been known that such an attack is possible, some said, though it is highly improbable on the broad-scale described by First Virtual. And in any case, the problem could be prevented through some relatively simple steps, others claimed. The First Virtual announcement had all the earmarks of an ill-advised publicity ploy to promote the First Virtual system, critics said.

And some bankers agreed. I don’t hold it against them as businessmen, but from a financial services perspective, 1 think they saw a way to get a lot of free PR, and they seized the opportunity says David A. Fingerman, vice president, direct financial services group, for Rhode Island-based Fleet Financial Group. Unfortunately, this kind of thing has some downsides for consumer perceptions, so to some extent, one could argue that they did a disservice in the long run, both to themselves and the industry.

Some critics suspect that Stein’s background in the entertainment industry was a factor in the First Virtual announcement. He’s got sort of an instinct for publicity I suppose, and that’s how they got into this, says Allan M. Schiffman, chief technical officer for Terisa Systems Inc., a Los Altos, Calif., supplier of software tools for encryption-based Internet security.

But Borenstein, First Virtual chief scientist, disputes that. I have to take a big chunk of the blame myself for not anticipating the reaction, says Borenstein.

I didn’t think that by speaking what I believed was the truth, that we would be perceived as being as disingenuous as many people thought we were being. I still believe everything we said was true, Borenstein continues.

For his part, Stein concedes that when our scientists went on the Web talking about it, they could have been more modest in their approach. I can’t deny that. But Stein also stands by the claims. Before going public with the program, First Virtual shared the information with various federal agencies and the American Bankers Association, Stein says. He feels First Virtual acted responsibly in bringing a potentially serious security problem to the attention of the banking and Internet communities.

IKawika Daguio, an ABA federal representative agrees. They developed the demonstration to make a point about the approach their competitors were using. So to that extent, they were doing it for their own reasons, Daguio says. But they also made real to the banks and others a potential threat that had been incorrectly evaluated as being infeasible, he adds. And that was a service.

Daguio first met Stein in early 1995, and now shares information regularly with the First Virtual chief about developments in payment systems. He’s a very sharp businessman, says Daguio of Stein. He’s multitalented. He doesn’t think in a straight line and he got to the point where he is because he’s willing to talk with people about the things they’re interested in.

Indeed, it was that quality that led to Stein’s initial acquaintance with the group of computer scientists with whom he would found First Virtual. Stein met Stefferud in a Los Angeles airport lounge in early 1994 when he noticed Stefferud using a handheld PC with a wireless modem. Curious, Stein approached Stefferud to ask about the technology.

Clouds of Money

When the pair hit it off and discovered they were both booked on the same flight to Newark, NJ., they arranged to sit together.We had five and a half hours together on the plane, and I was describing how the Internet worked and how people just gave things away on the Internet, because it was too much bother and too complicated to pay for things, says Stefferud. And he was telling me about the investment world, and how there were clouds of money hanging over the Information Highway just looking for a place to land.

By the time they landed in Newark, the pair had agreed to a subsequent meeting, and that Stefferud would introduce Stein to other Internet scientists. One was Borenstein, who prompted by an e-mail mes- sage from Stefferud placed a phone call to Stein the next day in New York City Stein, as it happened, was in New York for a press conference to introduce a new music CD-ROM by Peter Gabriel, a rock star with whom Stein had been working on the project.

When Stein got the call from Borenstein, he invited him to come into the city that day for discussions. Borenstein obliged. And when Stein asked Borenstein to join him that night for dinner, little did Borenstein know that hed be visiting the Hard Rock Cafe to break bread with Peter Gabriel and the entertainment press. You dont have many days like that in your lifetime, as Borenstein puts it.

In fact, says Borenstein, the story reveals a lot about Steins flexible approach to business. If something comes along thats going to utterly change his plans, but it looks like a reasonable opportunity, Lee is open to it, says Borenstein. He doesnt get fixed on a particular plan. He brought me along to a dinner that had nothing to do with me or the Internet just because he wanted to keep pursuing the conversation. And Ive seen him do comparable things in many other situations.

Phase Two

On the fast-moving Information Highway there will likely be more twists in the road that may test Steins ability to adapt. But if all goes as planned, First Virtual this year will launch an ambitious second phase of operations that will go well beyond the companys first generation payment system. And the plan depends on e-mail, not only as a vehicle for ensuring security with out need for encryption, but also as a key element in Steins view of how products will be marketed and sold on the Internet.

For the phase-two operation, Stein plans to partner with credit card issuing banks that will issue VirtualPINs under their own brand names to their card holders. Dallas-based First USA Inc., which took an equity position in First Virtual last December, will be among the initial group of banks, says Stein. First USA will issue VirtualPINs to about 14 million cardholders, according to Stein. And Stein expects to sign up several other financial institutions that will also acquire equity stakes in First Virtual as part of an issuers round of financing. With these intitutions on board, our goal is that within the year, well issue 100 million VirtualPINs, Stein says.

Once enabled with VirtualPINs, this large base of cardholders will be directed to a select group of Internet merchants, numbering around 100 initially that will form a kind of merchants club, says Stein. These merchants will provide discounts, free gifts and other incentives for consumers to use their VirtualPINs for Internet shopping. And once commerce gets under way on the system, the merchants will be able to boost sales through electronic direct marketing programs, assisted by National Direct Marketing Corp., Arlington, Va., another First Virtual equity partner, Stein says. The success of these merchants and the large consumer base will attract additional merchants, Stein believes.

In developing the system, Stein drew from his background in the TV infomercial business, in which consumers who buy the initial product advertised on a 30-minute infomercial program are often enticed through follow-up marketing to buy additional, related products. He foresees a similar selling scenario on the Internet.

E-Mail Marketing

With the First Virtual system, the VirtualPIN serves not only as an alias for a consumer’s credit card number but also for the consumer’s e-mail address, Stein points out. And once VirtualPIN holders buying preferences are known, marketing messages can be delivered to promising prospects via their e-mail boxes, he notes.

Consumers will also be able to protect their privacy by using a set of electronic filters to screen out unwanted messages or sales pitches, Stein adds. The goal is to be able to use e-mail, which is the most direct one-on-one marketing mechanism that there is for the merchant, and at the same time be able to give consumers the ability to control what hits their mailbox, he explains.

Until now, one drawback of the First Virtual system for merchants is a 91-day holding period following transactions before sellers receive payment. But the phase-two system will feature immediate payment of merchants, as well as the ability to accept currencies other than dollars, Stein says. And while First Virtual-enabled merchants to date have primarily been sellers of soft goods, Stein expects the phase two system will attract plenty of hard goods catalog merchants as well.

Whether or not First Virtuals approach can be successful, of course, remains to be seen, especially in the face of huge market momentum aimed at encryption-based Internet payment methods. But Stein remains undaunted.

We see a lot of people on the encrypted side of life getting ready to compete with each other, but we really don’t feel we’ve got that risk right now says Stein. I can’t say that we don’t see any competition. But at the same time, were playing a much different game than everyone else.

Reprinted with permission of Faulkner & Gray, Inc. Eleven Penn Plaza, New York, NY 10001 800-535-8403