• United States



by Paul Kerstein

Security Concerns Cloud Holiday Shopping

Dec 01, 20054 mins
CSO and CISOData and Information Security

The big increase in online sales expected this holiday shopping seasoncomes amid what appears to be unprecedented consumer concerns over dataprivacy, online fraud and identity theft.

The results of a new survey of 1,005 consumers released Wednesday showsthat while 78 percent of U.S. Internet users plan on shopping onlinethis year, more than 69 percent of those shoppers will limit theironline purchasing because of concerns about the possible misuse oftheir personal information.

The survey was conducted by San Francisco-based Truste, a nonprofitprivacy organization, and market research firm TNS Global in New York.It found that privacy concerns would deter more than 40 percent of therespondents from buying from smaller online retailers, and about 22percent said they will not be purchasing online at all.

The survey was conducted online between Oct. 27 and Nov. 1.

“There’s definitely a reason for both consumers and merchants to feelmore concerned” about data security and privacy issues compared withprevious years, said John Pescatore, an analyst at Stamford,Conn.-based Gartner Inc.

For consumers, the biggest risks come from the increasing use ofkeystroke logging and password acquisition tools by hackers, Pescatoresaid. Such remote access tools allow cyber thieves to capture sensitiveinformation such as credit card numbers from consumers who are doingbusiness online, he said. A Gartner study in March showed that despitea higher awareness of phishing scams, a large number of consumerscontinue to be fooled into visiting Web sites that download such hackertools.

Dan Clements, founder of, a Malibu, Calif.-based companythat enables consumers to check for stolen credit card numbers, saidthat the number of stolen credit cards and pieces of personallyidentifiable information appears to be growing. “There is a definiteunderground where you can buy and sell this stuff without the threat oflaw enforcement,” he said.

Much of the stolen information appears to have been snagged throughhacks into systems containing confidential data and from phishingscams, he said.

“Almost every day we see a new merchant being hacked” and informationbeing stolen from their systems, said Clements, whose company scoursknown hacker sites, chat rooms and other online locations for stolencredit cards and personally identifiable bits of data.

Over the past three years, Cardcops has alerted more than 500 merchantsabout data compromises resulting from potential hacks into theirsystems. Clements said the company has also found more than 1 millionstolen credit cards and between 7 million and 10 million pieces ofpersonally identifiable information associated with those cards, suchas last names and addresses, he said.

Most of the time, the merchants involved appeared unwilling to takeresponsibility for their security lapses, he said. “When you show themthe data, they only fess up to what is put in front of them,” Clementssaid.

But Cathy Hotka, senior vice president of technology and businessdevelopment at the Retail Industry Leaders Association in Washington,said that much of the concerns about online security is overblown.

“I don’t believe for a second that anybody’s enthusiasm has beendampened” by online security concerns, Hotka said. “The track record ofonline security is great. We’ve demonstrated safe e-commerce for years,and consumers love it. If anything, there’s concern about phishing andthe effect that it can have on brands.”

The results from the Truste survey appear to reinforce the findings ofother recent research that reveals similar consumer concerns.

In a nationwide survey of 1,009 consumers conducted by Forrester CustomConsumer Research for the Business Software Alliance, one in fourconsumers said they would not shop online because of Internet securityconcerns. Another survey of 2,008 consumers released on Nov. 22 by SunMicrosystems Inc. showed that 83 percent of the respondents thinkthey’re most susceptible to identity theft during the holiday season.

By Jaikumar Vijayan – Computerworld (US online)