Increasing reports of lost consumer data files and disclosures of unauthorized access to sensitive personal data are taking a toll on consumers' confidence in online commerce, according to the technology research and advisory firm Gartner Inc.
A Gartner survey of 5,000 U.S. adults showed that phishing attacks grew at double-digit rates last year in the United States. In the twelve months ending in May 2005, an estimated 73 million U.S. adults who use the Internet said they definitely, or think, they received an average of more than 50 phishing e-mails in the past year.
The number of consumers receiving phishing attack e-mails increased 28 percent in the 12 months ended in May 2005 compared with 12 months ended in April 2004, according to the Gartner data.
In last year's survey, an estimated 57 million U.S. adults reported that they definitely, or think, they received a phishing attack email. In both surveys, 5,000 participants were selected to match demographic characteristics of the U.S. online population.
2.4 million online consumers report losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey. Survey participants indicated most of the money stolen was repaid by banks and credit cards.
Impact on Consumer Trust
Gartner analysts said most online consumers do not open e-mail from companies or individuals they do not know from prior experience. Three of every four online shoppers said they are more cautious about where they buy goods online, and one of three reports buying fewer items than they otherwise would because of security concerns.
"Companies need to take steps quickly to beef up online security," said Avivah Litan, vice president and research director at Gartner. "We are seeing unprecedented levels in consumer transactions online. Yet businesses cannot rely on the Internet to lower costs and improve marketing efforts indefinitely if consumer trust continues to decline."
More than 80 percent of U.S. online consumers said their concerns about online attacks have affected their trust in e-mail from companies or individuals they don't know personally. Of these consumers, more than 85 percent delete suspect e-mail without opening it.
"This figure has serious implications for banks and other companies that want to use the e-mail channel to communicate more cost-effectively with their customer base," Litan said. "For example, a bill sent electronically costs about half of what a bill costs when sent through regular mail."
Phishing attacks are not slowing down. More than 40 percent of the adults who received phishing attack e-mails received them in the two weeks preceding the survey; another 23 percent of respondents said they received these e-mails two weeks before that - so more than 63 percent of consumers who received one of these e-mails did so in the month prior to the survey.
"In general, consumers expect companies they do business with to provide secure online communications and to protect consumer data from thieves at no additional cost to consumers," Litan said. "They want guarantees - authentication - from merchants and other businesses that their Web sites are genuine. Consumers want this reaffirmed every time they go online."
Implications for Online Banking
Approximately 77 percent of online Americans shopped online in the 12 months ended in May 2005, according to Gartner. An estimated 73 percent of respondents regularly logged on to banking accounts and 63 percent paid bills online.
"While online banking customers continue to access bank accounts over the Internet, they are changing their usage patterns," Litan said. "Nearly 30 percent of the online bankers say that online attacks have influenced their online banking activities. Over three-quarters of this group log in less frequently, and nearly 14 percent of them have stopped paying bills via online banking."
In the survey, nearly twice as many consumers said they worry more about thieves getting undetected access to private credit reports and other sensitive financial data than defending against phishing attacks.
Consumer Response to Government Action
The U.S. government recently mandated that consumers be given unlimited free access to their credit reports by September. The goal is to make it easier for consumers to monitor any unauthorized requests for credit.
Yet few consumers believe the step will be "extremely effective" in shielding them from identity-theft schemes, according to the survey. In contrast, nearly one third are "extremely concerned" that they will suffer some type of identity theft fraud due to unauthorized access to their data.
Phishing occurs when a cyber thief sends e-mail with a link to a false Web site. The false sites typically are disguised to look like sites of banks or well-known e-commerce merchants. Recipients of these e-mail attacks are asked to provide personal account information.