Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:00 PM

Online Shopping Surge Puts Focus on Consumer Security Habits

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

With many Americans home-bound for the holidays, online US sales are expected to continue their massive increase throughout November and December. But Internet-infrastructure and security firms are warning retailers that consumers expect security in their interactions with applications and sites in addition to a seamless shopping experience.

While nearly three-quarters of online shoppers think retail sites are as secure now as in the past, about 15% of consumer have abandoned at least one purchase because of perceived security issues, Internet-infrastructure firm Akamai stated in its mid-year "Shopping Behavior Holiday Report" released on Nov. 17. Privacy concerns took a toll as well, with 14% of shoppers declining to buy due to concerns over how a site might handle their data.

Related Content:

Businesses Improve Their Data Security, But Privacy — Not So Much

The Changing Face of Threat Intelligence

New on The Edge: We Secured the Election. Now How Do We Secure Trust in Results?

Consumers are becoming more aware of security as part of the overall experience, says Tara Bartley, senior manager of e-commerce at Akamai.

"A lot of retailers have talked about short-term solutions, and I think that that will significantly shift in the coming months," she says. "When retailers had more budget this year, they put it toward marketing, but to keep their customers, I think they will put more toward security next year because they will have to."

Despite any security concerns, online shopping is expected to grow sharply during the holidays by as much as 25% to 35%, while total retail sales will only rise slightly by 1% to 1.5%, according to estimates from consulting firm Deloitte

Many retailers, however, will have to get the user experience — including security — part right, says digital security firm ForgeRock. In its The New Normal: Living Life Online report, the company found that consumers are quick to dump mobile apps and online sites that do not meet ease-of-use expectations. Among some of the chief frustrations have to do with security: A third of consumers would cancel an account or delete an app if they have trouble logging in, while getting locked out of an account rates as the top frustration for three-quarters of users. 

"The first thing that users see when interacting with an app is authentication," says Ben Goodman, senior vice president at ForgeRock. "The choice that we have had to make between end user security and ease of use — but we are reaching an inflection point, where we don't have to be separate between the two anymore."

Increasingly, consumers want to ditch passwords and use biometrics or another easy-to-use technology, Goodman says. While they expect security, they do not want the additional protections to come at a cost of usability. 

Overall, consumers seem on the whole to consider online shopping secure. Almost three-quarters of US shoppers — 73% — say the security of retail sites online are about the same now as in the past, and a significant portion — 21% — feel more secure in their online interactions, according to the Akamai report. Almost two-third of US shoppers — 62% — feel very or completely secure in their online purchases, while only 8% felt slightly secure or insecure.

Yet, with the average American doing most of their shopping online for the holidays, cybercriminals will likely follow. About a quarter of shoppers believe they have been targeted by a holiday-themed phishing attack or scam, while another 13% are not sure, the report found. 

Privacy Worries

Perhaps the most serious concern for consumers, however, is the privacy of their data. In the ForgeRock survey, 70% of consumers say a top consideration in evaluating apps is preventing the developers from selling their data to third parties. 

Retailers and advertisers should consider if they need a specific piece of user information. For legitimate retailers, minimizing collected data should be an ongoing discussion, says Akamai's Bartley.

"Is your CISO sitting down with your CMO and asking why they need this information? Why do you need someone's birthdate? Why not just ask for the month and year," says Akamai's Bartley. "You are only putting your company at greater risk of the data being mishandled or stolen."

This is especially true because consumers do not always do what they say. Almost three-quarters of consumers (72%) will part with their name and e-mail address to get discounts from loyalty programs, but that's not all: 56% will also give up their birthdate and another 53% will give up their address. 

The real head-scratcher, however: 12% will give up their user account password, while another 8% say they would part with the Social Security number for a deal.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.
PUBLISHED: 2021-04-12
INTELBRAS TELEFONE IP TIP200 version allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...