A new survey shows that while data breach fears have not stopped many consumers from shopping online, widespread concern over authentication and mobile applications persists.
The survey, which was performed by the Ponemon Institute and sponsored by EMC’s RSA security division, culled responses from more than 1,000 consumers in the U.S. While 48 percent of those surveyed said they shop online weekly, authentication and the security of mobile applications make their list of security concerns.
Sixty-two percent expressed a lack of trust in websites that only require a username and password at login. While 71 percent of respondents say they are most concerned about losing their password in a data breach, nearly a third admitted to only having one to two passwords for all their online accounts. Sixty-nine percent admit to using the same password for more than one device or site, and only 54 percent say that they regularly change their passwords.
“The implications are telling in that consumers are lacking trust when it comes to businesses which only use a username and password as a form of authentication,” said Rueben Rodriguez, principal product marketing manager for RSA Identity Protection and Verification, at RSA. “Consumers have stated with their responses that 62 percent do not trust systems or websites that only rely on passwords to identify and authenticate users or customers. This is applicable regardless of the type of business given the type of activity being conducted by a consumer, for example a retailer or financial services company.”
“Granted,” he continued, “various activities obviously garner more concern from a security expectation, but it has to be more than the standard username and password methods in order to gain consumers’ trust. I think retailers should take a play from the financial services industry’s authentication playbook and look at what has worked and what hasn’t and in some cases potentially leapfrog the methods currently in place.”
“Based on the findings we conclude that consumers perceive a loss of control over their personal information because of data breaches, the lack of trust in the security of the mobile apps they continue to use and increased government surveillance,” according to the report. “However, they still believe the privacy and security of their personal information is important.”
Nearly half of those surveyed had fallen victim to at least one data breach, and 45 percent said they are not confident they know all instances when their personal data may have been leaked. Seventy-seven percent of respondents said that prompt notification about the loss or theft of personal data is either very important (56 percent) or important (21 percent) to them.
“As the capabilities and convenience of the Internet continue to grow, so does consumer security concerns,” said Brian Fitzgerald, vice president of marketing at RSA, in a statement. “The results of the Ponemon Study show that while these concerns are top of mind, behaviors and attitudes of consumers are not changing. It is incumbent upon the industry, to deliver on promises of strong and convenient security methods to help customers take advantage of the Internet while significantly limiting the risk of threats – both simple and sophisticated.”