http://www.computerworld.com/securitytopics/security/story/0,10801,98083,00.html
By Paul Roberts
DECEMBER 06, 2004
IDG NEWS SERVICE
A survey conducted by Gartner Inc. shows that online consumers are
growing frustrated with the lack of security provided by banks and
online retailers and feel that passwords are no longer sufficient to
secure their online transactions.
The findings are the latest conclusions drawn from a survey of 5,000
adult Internet users. The survey, which concluded in April, showed
that online shoppers want retailers to offer more than just passwords
to protect their accounts, and indicate that concerns about a lack of
security may be hampering the growth of online commerce, according to
Gartner analyst Avivah Litan.
Almost 60% of the respondents said they're concerned or very concerned
about online security. Even more important for online retailers: Over
80% of those surveyed said they would buy more from an online vendor
who offered them more than just a username and password to protect
their accounts, she said.
"The data shows that consumers want more than passwords," said Litan.
However, there are limits to how far consumers will go to secure their
online activities.
When asked to choose among technologies to supplement password
protections, respondents gave high ratings to low-tech options such as
challenge and response features, which ask shoppers to provide
responses to tailored questions, or shared secret technology that
displays shopper-selected images on Web pages to prove the
authenticity of e-commerce Web sites. More complicated solutions like
security software downloads or so-called multifactor authentication
that couple smart cards or USB tokens with usernames and passwords
were less popular, said Litan.
The most popular choice for fixing the security of online shopping and
banking sites is for providers to be made legally responsible for
strict security measures, she said. Also, those surveyed indicated
that they want the choice of using stronger authentication but do not
want to be forced to use it.
"Our data shows that consumers think the system is easy to use, but
they want something that gives them added protection," she said.
Banks and online retailers in the U.S. have lagged behind their
counterparts in the European Union and Asia when it comes to using
strong authentication to secure online transactions, including
smart-card technology and one-time passwords, said Litan.
Gartner predicts that by the end of 2007, more than 60% of banks in
the U.S., but fewer than 20% of banks worldwide, will rely on simple
passwords to authenticate retail customers.
But that may change, especially as retailers and banks contend with a
wave of sophisticated online scams known as phishing attacks in which
people are lured to phony Web sites where they're tricked into
divulging personal information such as bank and credit card account
numbers, Litan said.
Recently, U.S. Bancorp. said that it will use a hardware-token-based
authentication service from VeriSign Inc. to secure access to
commercial banking services for its customers and may soon introduce a
similar service for consumer banking customers.
"We're getting more calls from banks and other providers that are
looking to protect their customers and give them added security," said
Litan. "They're worried that consumers are losing confidence in the
online channel."
Gartner will publish a research note on consumer authentication
options in the near future, according to Litan.
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
