Security concerns to stunt e-commerce growth

Security concerns are eroding Internet users' confidence and having such a chilling effect on their online behavior that U.S. business-to-consumer sales will grow more slowly than expected in coming years, Gartner warned this week.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Alarmed at the startling rise in phishing attacks, spyware intrusions, virus infections and the compromising of personal data, Internet users are limiting their e-commerce activities and this will slow down U.S. business-to-consumer sales growth between 1 percent and 3 percent in the coming years, according to Gartner.

"This concern is affecting online consumers' behavior and dampening their willingness to use the Internet to transact," said Avivah Litan, author of the study "Increased Phishing and Online Attacks Cause Dip in Consumer Confidence" released Wednesday. Consequently, ISPs (Internet service providers), financial institutions, online retailers and other companies selling goods and services to consumers via the Internet must address these concerns and put safeguards in place to protect their clients, Litan said.

Consequently, Gartner is warning that the total dollar value of business-to-consumer online sales could grow at a slower pace than the company previously predicted, by anywhere between 0.3 percent to 1 percent each in coming years, Litan said. Without accounting for the possible slower growth resulting from security concerns, Gartner expects the dollar value of business-to-consumer sales to increase 18 percent in 2005, 15 percent in 2006 and 11 percent in 2007, so each of those projected annual growth rates could fall by as much as a percentage point due to consumers' security concerns, Litan said.

Online consumers are increasingly dismayed and frightened over the rising rates of a variety of security threats. A big one is phishing, in which scammers dress up e-mail messages to make them look like they came from a legitimate organization, such as an online store or a bank. Between May 2004 and May 2005, phishing e-mail recipients grew 28 percent and about 1.2 million U.S. consumers suffered phishing-related losses totaling about $929 million, according to Litan.

This type of phishing e-mail message can cause harm in a variety of ways. For example, it can lure consumers to enter sensitive information such as credit card numbers, bank account numbers and passwords into a legitimate-looking Web site set up by scammers. Even if consumers don't enter data into the rogue Web sites, just landing there can trigger an automatic and transparent download of malicious software to their PCs.

Online marketplace eBay Inc. and its online payment unit PayPal are the two Web sites phishers most frequently try to spoof, and Citigroup Inc.'s Citibank is the most popular target among banks. But as large banks wise up to the scams, phishers are starting to target smaller, regional banks, according to Litan.

Another security problem frightening consumers is spyware, which is malicious software installed on a user's machine without knowledge or authorization. This type of software comes in different flavors, with some that furtively log users' keystrokes to steal passwords and other sensitive information and others that search hard drives for information and transmits it.

But the security problem online consumers find the spookiest is unauthorized access to their personal and financial information that criminals can use to steal identities and inflict serious damage to their finances and credit, Litan said. Examples of this are recent incidents of lost, misplaced or unsecured data at companies such as CardSystems Solutions, ChoicePoint, Citibank and Wachovia that could potentially affect millions of consumers.

In a recent survey of 5,000 U.S. Internet users done by Gartner, 42 percent said concerns about online attacks have affected their online shopping behavior. Among this 42 percent, three-quarters are more cautious about where they shop online and one-third buy fewer items than they normally would, Litan said.

Online banking activities are also being affected. Among the 5,000 respondents, 28 percent have modified their online banking behavior because of security concerns. Within this 28 percent, three-quarters log into their accounts less frequently, 14 percent have stopped paying bills via online banking and about 4 percent have completely given up on online banking, Litan said.

A major victim of consumers' distrust is commercial e-mail, with a majority of survey respondents saying they delete e-mail from unknown companies or individuals without even opening the messages. This trend is seriously damaging the effectiveness of e-mail as a legitimate tool for bonafide companies to communicate with their clients.

Gartner's survey also found that consumers expect the companies they do business with over the Web to be much more effective than they are now at detecting and preventing fraud. The survey also found consumers are underwhelmed by government initiatives to address online security problems, with about 66 percent of respondents saying they want laws that would let consumers opt out of having their personal data shared with third parties without their consent.