ID theft, phishing altering online habits

By Anne Saita, News Writer 19 Oct 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Consumers, increasingly fearful of identity theft, want more security before they'll engage in online banking and other Internet-based services, according to a survey released Tuesday. Such findings may indicate the marketplace has reached a tipping point in which security is now viewed by users as an imperative rather than impediment to online usage.

Results of an online survey of 2,000 consumers conducted Aug. 16-20 by Wilton, Conn.-based Greenfield Online shows the vast majority -- 80% -- are concerned someone can steal their online identity and almost as many would welcome a second factor of authentication to access their accounts.

"That's a clear indication that the vast majority of users are ready to change their user experience in order to get better security," said Chris Voice, vice president of secure identity management for Dallas-based Entrust, which commissioned the study.

More information Phishing: A whale of a problem for enterprises Phishing, an online fraud aimed at gullible users, is now hurting enterprises' reputations and bottom lines. Security Bytes: Do-it-yourself phishing kits online Do-it-yourself phishing kits on the Internet It doesn't take money or sophistication to engineer an online banking scam.

Online banking is especially problematic for consumers, whose confidence has been eroded by the proliferation of phishing, in which bogus e-mails prompt users to give up sensitive data later used to access accounts. "People are getting their fears reinforced in the media and in their Inboxes where they're seeing people actively trying to steal their identities," Voice said.

Although 85% of survey participants, who hail overwhelmingly from the United States but also include Canada, United Kingdom and Germany, use online services, only 59% were willing to use online banking. That, Voice said, shows people are far more willing to book travel arrangements or buy books online than conduct more sensitive transactions. In fact, almost a quarter said they'd consider switching banks to one that provided more secure identity management.

The survey results seem to back a growing trend where companies are teaming to provide two-factor authentication directly to consumers. A recent example is America Online's Passcode service, in which users may purchase a handheld, six-digit numeric code key for enhanced authentication.

In conjunction with the survey release, Entrust announced its new Entrust IdentityGuard technology that offers a simple, inexpensive second method of authentication by providing users with randomly generated numeric grids that can be issued on cards or even perforated sheets mailed to customers. When trying to log on to a service, a user is prompted to provide random coordinates from their grid in addition to username and password.

Among the Entrust Internet Security Survey's findings:

• 72% of users who don't currently bank online might change their mind if security was improved.



• 90% who do bank online would take advantage of "higher value" services if their identities were better protected.



• 65% would consider which financial institution to use if that business provided better secured online identities.



• 22% would be "very likely" to switch banks that provided better online identity protection.

Just because consumers appear ready to adopt more authentication tools for better online protection doesn't mean they'll embrace difficult, cumbersome or costly methods.

"The reality is it's probably not realistic and maybe even unfair to put the burden of ensuring security on the end user," Voice said. "We must realize that, especially in retail and other consumer-based transactions, we're dealing with a wide range of skills and knowledge in the marketplace."

Tags: Identity Theft and Data Security Breaches,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary