Security concerns to stunt e-commerce growth

Security concerns are eroding Internet users' confidence and having such a chilling effect on their online behavior that U.S. business-to-consumer sales will grow more slowly than expected in coming years, Gartner warned this week.

Alarmed at the startling rise in phishing attacks, spyware intrusions, virus infections and the compromising of personal data, Internet users are limiting their e-commerce activities and this will slow down U.S. business-to-consumer sales growth between 1 percent and 3 percent in the coming years, according to Gartner.

"This concern is affecting online consumers' behavior and dampening their willingness to use the Internet to transact," said Avivah Litan, author of the study "Increased Phishing and Online Attacks Cause Dip in Consumer Confidence" released Wednesday. Consequently, ISPs (Internet service providers), financial institutions, online retailers and other companies selling goods and services to consumers via the Internet must address these concerns and put safeguards in place to protect their clients, Litan said.

Consequently, Gartner is warning that the total dollar value of business-to-consumer online sales could grow at a slower pace than the company previously predicted, by anywhere between 0.3 percent to 1 percent each in coming years, Litan said. Without accounting for the possible slower growth resulting from security concerns, Gartner expects the dollar value of business-to-consumer sales to increase 18 percent in 2005, 15 percent in 2006 and 11 percent in 2007, so each of those projected annual growth rates could fall by as much as a percentage point due to consumers' security concerns, Litan said.

Online consumers are increasingly dismayed and frightened over the rising rates of a variety of security threats. A big one is phishing, in which scammers dress up e-mail messages to make them look like they came from a legitimate organization, such as an online store or a bank. Between May 2004 and May 2005, phishing e-mail recipients grew 28 percent and about 1.2 million U.S. consumers suffered phishing-related losses totaling about $929 million, according to Litan.

This type of phishing e-mail message can cause harm in a variety of ways. For example, it can lure consumers to enter sensitive information such as credit card numbers, bank account numbers and passwords into a legitimate-looking Web site set up by scammers. Even if consumers don't enter data into the rogue Web sites, just landing there can trigger an automatic and transparent download of malicious software to their PCs.

Online marketplace eBay Inc. and its online payment unit PayPal are the two Web sites phishers most frequently try to spoof, and Citigroup Inc.'s Citibank is the most popular target among banks. But as large banks wise up to the scams, phishers are starting to target smaller, regional banks, according to Litan.

Another security problem frightening consumers is spyware, which is malicious software installed on a user's machine without knowledge or authorization. This type of software comes in different flavors, with some that furtively log users' keystrokes to steal passwords and other sensitive information and others that search hard drives for information and transmits it.