Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:00 PM

Online Shopping Surge Puts Focus on Consumer Security Habits

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

With many Americans home-bound for the holidays, online US sales are expected to continue their massive increase throughout November and December. But Internet-infrastructure and security firms are warning retailers that consumers expect security in their interactions with applications and sites in addition to a seamless shopping experience.

While nearly three-quarters of online shoppers think retail sites are as secure now as in the past, about 15% of consumer have abandoned at least one purchase because of perceived security issues, Internet-infrastructure firm Akamai stated in its mid-year "Shopping Behavior Holiday Report" released on Nov. 17. Privacy concerns took a toll as well, with 14% of shoppers declining to buy due to concerns over how a site might handle their data.

Related Content:

Businesses Improve Their Data Security, But Privacy — Not So Much

The Changing Face of Threat Intelligence

New on The Edge: We Secured the Election. Now How Do We Secure Trust in Results?

Consumers are becoming more aware of security as part of the overall experience, says Tara Bartley, senior manager of e-commerce at Akamai.

"A lot of retailers have talked about short-term solutions, and I think that that will significantly shift in the coming months," she says. "When retailers had more budget this year, they put it toward marketing, but to keep their customers, I think they will put more toward security next year because they will have to."

Despite any security concerns, online shopping is expected to grow sharply during the holidays by as much as 25% to 35%, while total retail sales will only rise slightly by 1% to 1.5%, according to estimates from consulting firm Deloitte

Many retailers, however, will have to get the user experience — including security — part right, says digital security firm ForgeRock. In its The New Normal: Living Life Online report, the company found that consumers are quick to dump mobile apps and online sites that do not meet ease-of-use expectations. Among some of the chief frustrations have to do with security: A third of consumers would cancel an account or delete an app if they have trouble logging in, while getting locked out of an account rates as the top frustration for three-quarters of users. 

"The first thing that users see when interacting with an app is authentication," says Ben Goodman, senior vice president at ForgeRock. "The choice that we have had to make between end user security and ease of use — but we are reaching an inflection point, where we don't have to be separate between the two anymore."

Increasingly, consumers want to ditch passwords and use biometrics or another easy-to-use technology, Goodman says. While they expect security, they do not want the additional protections to come at a cost of usability. 

Overall, consumers seem on the whole to consider online shopping secure. Almost three-quarters of US shoppers — 73% — say the security of retail sites online are about the same now as in the past, and a significant portion — 21% — feel more secure in their online interactions, according to the Akamai report. Almost two-third of US shoppers — 62% — feel very or completely secure in their online purchases, while only 8% felt slightly secure or insecure.

Yet, with the average American doing most of their shopping online for the holidays, cybercriminals will likely follow. About a quarter of shoppers believe they have been targeted by a holiday-themed phishing attack or scam, while another 13% are not sure, the report found. 

Privacy Worries

Perhaps the most serious concern for consumers, however, is the privacy of their data. In the ForgeRock survey, 70% of consumers say a top consideration in evaluating apps is preventing the developers from selling their data to third parties. 

Retailers and advertisers should consider if they need a specific piece of user information. For legitimate retailers, minimizing collected data should be an ongoing discussion, says Akamai's Bartley.

"Is your CISO sitting down with your CMO and asking why they need this information? Why do you need someone's birthdate? Why not just ask for the month and year," says Akamai's Bartley. "You are only putting your company at greater risk of the data being mishandled or stolen."

This is especially true because consumers do not always do what they say. Almost three-quarters of consumers (72%) will part with their name and e-mail address to get discounts from loyalty programs, but that's not all: 56% will also give up their birthdate and another 53% will give up their address. 

The real head-scratcher, however: 12% will give up their user account password, while another 8% say they would part with the Social Security number for a deal.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-20
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...
PUBLISHED: 2021-01-20
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...
PUBLISHED: 2021-01-20
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an af...
PUBLISHED: 2021-01-20
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
PUBLISHED: 2021-01-20
Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.