Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:00 PM

Online Shopping Surge Puts Focus on Consumer Security Habits

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

With many Americans home-bound for the holidays, online US sales are expected to continue their massive increase throughout November and December. But Internet-infrastructure and security firms are warning retailers that consumers expect security in their interactions with applications and sites in addition to a seamless shopping experience.

While nearly three-quarters of online shoppers think retail sites are as secure now as in the past, about 15% of consumer have abandoned at least one purchase because of perceived security issues, Internet-infrastructure firm Akamai stated in its mid-year "Shopping Behavior Holiday Report" released on Nov. 17. Privacy concerns took a toll as well, with 14% of shoppers declining to buy due to concerns over how a site might handle their data.

Related Content:

Businesses Improve Their Data Security, But Privacy — Not So Much

The Changing Face of Threat Intelligence

New on The Edge: We Secured the Election. Now How Do We Secure Trust in Results?

Consumers are becoming more aware of security as part of the overall experience, says Tara Bartley, senior manager of e-commerce at Akamai.

"A lot of retailers have talked about short-term solutions, and I think that that will significantly shift in the coming months," she says. "When retailers had more budget this year, they put it toward marketing, but to keep their customers, I think they will put more toward security next year because they will have to."

Despite any security concerns, online shopping is expected to grow sharply during the holidays by as much as 25% to 35%, while total retail sales will only rise slightly by 1% to 1.5%, according to estimates from consulting firm Deloitte

Many retailers, however, will have to get the user experience — including security — part right, says digital security firm ForgeRock. In its The New Normal: Living Life Online report, the company found that consumers are quick to dump mobile apps and online sites that do not meet ease-of-use expectations. Among some of the chief frustrations have to do with security: A third of consumers would cancel an account or delete an app if they have trouble logging in, while getting locked out of an account rates as the top frustration for three-quarters of users. 

"The first thing that users see when interacting with an app is authentication," says Ben Goodman, senior vice president at ForgeRock. "The choice that we have had to make between end user security and ease of use — but we are reaching an inflection point, where we don't have to be separate between the two anymore."

Increasingly, consumers want to ditch passwords and use biometrics or another easy-to-use technology, Goodman says. While they expect security, they do not want the additional protections to come at a cost of usability. 

Overall, consumers seem on the whole to consider online shopping secure. Almost three-quarters of US shoppers — 73% — say the security of retail sites online are about the same now as in the past, and a significant portion — 21% — feel more secure in their online interactions, according to the Akamai report. Almost two-third of US shoppers — 62% — feel very or completely secure in their online purchases, while only 8% felt slightly secure or insecure.

Yet, with the average American doing most of their shopping online for the holidays, cybercriminals will likely follow. About a quarter of shoppers believe they have been targeted by a holiday-themed phishing attack or scam, while another 13% are not sure, the report found. 

Privacy Worries

Perhaps the most serious concern for consumers, however, is the privacy of their data. In the ForgeRock survey, 70% of consumers say a top consideration in evaluating apps is preventing the developers from selling their data to third parties. 

Retailers and advertisers should consider if they need a specific piece of user information. For legitimate retailers, minimizing collected data should be an ongoing discussion, says Akamai's Bartley.

"Is your CISO sitting down with your CMO and asking why they need this information? Why do you need someone's birthdate? Why not just ask for the month and year," says Akamai's Bartley. "You are only putting your company at greater risk of the data being mishandled or stolen."

This is especially true because consumers do not always do what they say. Almost three-quarters of consumers (72%) will part with their name and e-mail address to get discounts from loyalty programs, but that's not all: 56% will also give up their birthdate and another 53% will give up their address. 

The real head-scratcher, however: 12% will give up their user account password, while another 8% say they would part with the Social Security number for a deal.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting