Security News > 2004 > December > Gartner: Consumers dissatisfied with online security

http://www.computerworld.com/securitytopics/security/story/0,10801,98083,00.html By Paul Roberts DECEMBER 06, 2004 IDG NEWS SERVICE A survey conducted by Gartner Inc. shows that online consumers are growing frustrated with the lack of security provided by banks and online retailers and feel that passwords are no longer sufficient to secure their online transactions. The findings are the latest conclusions drawn from a survey of 5,000 adult Internet users. The survey, which concluded in April, showed that online shoppers want retailers to offer more than just passwords to protect their accounts, and indicate that concerns about a lack of security may be hampering the growth of online commerce, according to Gartner analyst Avivah Litan. Almost 60% of the respondents said they're concerned or very concerned about online security. Even more important for online retailers: Over 80% of those surveyed said they would buy more from an online vendor who offered them more than just a username and password to protect their accounts, she said. "The data shows that consumers want more than passwords," said Litan. However, there are limits to how far consumers will go to secure their online activities. When asked to choose among technologies to supplement password protections, respondents gave high ratings to low-tech options such as challenge and response features, which ask shoppers to provide responses to tailored questions, or shared secret technology that displays shopper-selected images on Web pages to prove the authenticity of e-commerce Web sites. More complicated solutions like security software downloads or so-called multifactor authentication that couple smart cards or USB tokens with usernames and passwords were less popular, said Litan. The most popular choice for fixing the security of online shopping and banking sites is for providers to be made legally responsible for strict security measures, she said. Also, those surveyed indicated that they want the choice of using stronger authentication but do not want to be forced to use it. "Our data shows that consumers think the system is easy to use, but they want something that gives them added protection," she said. Banks and online retailers in the U.S. have lagged behind their counterparts in the European Union and Asia when it comes to using strong authentication to secure online transactions, including smart-card technology and one-time passwords, said Litan. Gartner predicts that by the end of 2007, more than 60% of banks in the U.S., but fewer than 20% of banks worldwide, will rely on simple passwords to authenticate retail customers. But that may change, especially as retailers and banks contend with a wave of sophisticated online scams known as phishing attacks in which people are lured to phony Web sites where they're tricked into divulging personal information such as bank and credit card account numbers, Litan said. Recently, U.S. Bancorp. said that it will use a hardware-token-based authentication service from VeriSign Inc. to secure access to commercial banking services for its customers and may soon introduce a similar service for consumer banking customers. "We're getting more calls from banks and other providers that are looking to protect their customers and give them added security," said Litan. "They're worried that consumers are losing confidence in the online channel." Gartner will publish a research note on consumer authentication options in the near future, according to Litan. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,98083,00.html