Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:00 PM

Online Shopping Surge Puts Focus on Consumer Security Habits

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

With many Americans home-bound for the holidays, online US sales are expected to continue their massive increase throughout November and December. But Internet-infrastructure and security firms are warning retailers that consumers expect security in their interactions with applications and sites in addition to a seamless shopping experience.

While nearly three-quarters of online shoppers think retail sites are as secure now as in the past, about 15% of consumer have abandoned at least one purchase because of perceived security issues, Internet-infrastructure firm Akamai stated in its mid-year "Shopping Behavior Holiday Report" released on Nov. 17. Privacy concerns took a toll as well, with 14% of shoppers declining to buy due to concerns over how a site might handle their data.

Related Content:

Businesses Improve Their Data Security, But Privacy — Not So Much

The Changing Face of Threat Intelligence

New on The Edge: We Secured the Election. Now How Do We Secure Trust in Results?

Consumers are becoming more aware of security as part of the overall experience, says Tara Bartley, senior manager of e-commerce at Akamai.

"A lot of retailers have talked about short-term solutions, and I think that that will significantly shift in the coming months," she says. "When retailers had more budget this year, they put it toward marketing, but to keep their customers, I think they will put more toward security next year because they will have to."

Despite any security concerns, online shopping is expected to grow sharply during the holidays by as much as 25% to 35%, while total retail sales will only rise slightly by 1% to 1.5%, according to estimates from consulting firm Deloitte

Many retailers, however, will have to get the user experience — including security — part right, says digital security firm ForgeRock. In its The New Normal: Living Life Online report, the company found that consumers are quick to dump mobile apps and online sites that do not meet ease-of-use expectations. Among some of the chief frustrations have to do with security: A third of consumers would cancel an account or delete an app if they have trouble logging in, while getting locked out of an account rates as the top frustration for three-quarters of users. 

"The first thing that users see when interacting with an app is authentication," says Ben Goodman, senior vice president at ForgeRock. "The choice that we have had to make between end user security and ease of use — but we are reaching an inflection point, where we don't have to be separate between the two anymore."

Increasingly, consumers want to ditch passwords and use biometrics or another easy-to-use technology, Goodman says. While they expect security, they do not want the additional protections to come at a cost of usability. 

Overall, consumers seem on the whole to consider online shopping secure. Almost three-quarters of US shoppers — 73% — say the security of retail sites online are about the same now as in the past, and a significant portion — 21% — feel more secure in their online interactions, according to the Akamai report. Almost two-third of US shoppers — 62% — feel very or completely secure in their online purchases, while only 8% felt slightly secure or insecure.

Yet, with the average American doing most of their shopping online for the holidays, cybercriminals will likely follow. About a quarter of shoppers believe they have been targeted by a holiday-themed phishing attack or scam, while another 13% are not sure, the report found. 

Privacy Worries

Perhaps the most serious concern for consumers, however, is the privacy of their data. In the ForgeRock survey, 70% of consumers say a top consideration in evaluating apps is preventing the developers from selling their data to third parties. 

Retailers and advertisers should consider if they need a specific piece of user information. For legitimate retailers, minimizing collected data should be an ongoing discussion, says Akamai's Bartley.

"Is your CISO sitting down with your CMO and asking why they need this information? Why do you need someone's birthdate? Why not just ask for the month and year," says Akamai's Bartley. "You are only putting your company at greater risk of the data being mishandled or stolen."

This is especially true because consumers do not always do what they say. Almost three-quarters of consumers (72%) will part with their name and e-mail address to get discounts from loyalty programs, but that's not all: 56% will also give up their birthdate and another 53% will give up their address. 

The real head-scratcher, however: 12% will give up their user account password, while another 8% say they would part with the Social Security number for a deal.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-21
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form F...
PUBLISHED: 2021-06-21
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
PUBLISHED: 2021-06-21
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
PUBLISHED: 2021-06-21
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however ...
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177