informa
/
Attacks/Breaches
Quick Hits

How Online Fraud Is (& Isn't) Changing Consumer, Retailer Behavior

New Gartner research shows that few consumers are willing to pay for additional online security - and few retailers actually disclose breaches

Online consumers in the U.S. are a bit fickle when it comes to how they handle the rising threat of online fraud. While over one third of consumers in a recent Gartner survey said that online fraud has affected their e-commerce and email behavior, few are willing to actually pay for more security.

“I think they are being conditioned by the banks and financial services sector to not have to absorb the cost. They don’t have to participate and pay for security,” says Avivah Litan, vice president and distinguished analyst at Gartner, who released details on some Internet fraud surveys Gartner has conducted over the past few months.

Then there are the retailers, who are apparently getting savvy about the insider threat, but still not disclosing all of their data breaches. In a recent survey of 50 major U.S. retailers by Gartner, only 11 percent of those who had been attacked had disclosed their data breaches. “I was shocked that so many breaches didn’t get reported,” Litan says. Eight percent said they had been fined by credit card companies for noncompliance in their security protections, and 22 percent said they had been threatened with a fine.

Seventy percent of retailers said they are most concerned about an insider gaining unauthorized access to their system. “The fraud rates are really increasing... and insider fraud is becoming bigger because of the black market for data. It’s easier to get rewarded for stealing data” from inside, Litan says. “In the past, you had to know how to steal money and data. Now all you have to know is how to steal the data and then sell it on the black market. It’s easier to turn into cash.”

Outside hacks were retailers’ second-biggest concern, with 60 percent.

About 35 percent of consumers surveyed by Gartner, meanwhile, said concerns about identity theft and Internet-based attacks had affected their online buying and email communications over the past 12 months. Of that group, online payment and shopping were hit hardest: Thirteen percent said they have stopped online shopping altogether, according to Litan. And 23 percent said they spent less money than usual online, and 68 percent said they were more cautious about their online purchases. Around 65 percent said they are more careful about giving out personal and financial information now.

Even so, most consumers are unwilling to ratchet up security -- especially if it will cost them. Nearly 45 percent today pay for one or more desktop security products; around 10 percent don’t use any of these tools at all; and the remaining 45 percent use only free security software.

“I concluded that consumers don’t want to do much,” Litan says. Their preferred authentication method is the basic user ID and password and challenge-response questions. Their least favorite is the more secure separate authentication device (think token), according to Litan.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Gartner Inc.

  • Recommended Reading:
    Editors' Choice
    Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
    Joshua Goldfarb, Director of Product Management at F5