Online Shopping Surge Puts Focus on Consumer Security Habits

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.

4 Min Read
Dark Reading logo in a gray background | Dark Reading

With many Americans home-bound for the holidays, online US sales are expected to continue their massive increase throughout November and December. But Internet-infrastructure and security firms are warning retailers that consumers expect security in their interactions with applications and sites in addition to a seamless shopping experience.

While nearly three-quarters of online shoppers think retail sites are as secure now as in the past, about 15% of consumer have abandoned at least one purchase because of perceived security issues, Internet-infrastructure firm Akamai stated in its mid-year "Shopping Behavior Holiday Report" released on Nov. 17. Privacy concerns took a toll as well, with 14% of shoppers declining to buy due to concerns over how a site might handle their data.

Consumers are becoming more aware of security as part of the overall experience, says Tara Bartley, senior manager of e-commerce at Akamai.

"A lot of retailers have talked about short-term solutions, and I think that that will significantly shift in the coming months," she says. "When retailers had more budget this year, they put it toward marketing, but to keep their customers, I think they will put more toward security next year because they will have to."

Despite any security concerns, online shopping is expected to grow sharply during the holidays by as much as 25% to 35%, while total retail sales will only rise slightly by 1% to 1.5%, according to estimates from consulting firm Deloitte

Many retailers, however, will have to get the user experience — including security — part right, says digital security firm ForgeRock. In its The New Normal: Living Life Online report, the company found that consumers are quick to dump mobile apps and online sites that do not meet ease-of-use expectations. Among some of the chief frustrations have to do with security: A third of consumers would cancel an account or delete an app if they have trouble logging in, while getting locked out of an account rates as the top frustration for three-quarters of users. 

"The first thing that users see when interacting with an app is authentication," says Ben Goodman, senior vice president at ForgeRock. "The choice that we have had to make between end user security and ease of use — but we are reaching an inflection point, where we don't have to be separate between the two anymore."

Increasingly, consumers want to ditch passwords and use biometrics or another easy-to-use technology, Goodman says. While they expect security, they do not want the additional protections to come at a cost of usability. 

Overall, consumers seem on the whole to consider online shopping secure. Almost three-quarters of US shoppers — 73% — say the security of retail sites online are about the same now as in the past, and a significant portion — 21% — feel more secure in their online interactions, according to the Akamai report. Almost two-third of US shoppers — 62% — feel very or completely secure in their online purchases, while only 8% felt slightly secure or insecure.

Yet, with the average American doing most of their shopping online for the holidays, cybercriminals will likely follow. About a quarter of shoppers believe they have been targeted by a holiday-themed phishing attack or scam, while another 13% are not sure, the report found. 

Privacy Worries

Perhaps the most serious concern for consumers, however, is the privacy of their data. In the ForgeRock survey, 70% of consumers say a top consideration in evaluating apps is preventing the developers from selling their data to third parties. 

Retailers and advertisers should consider if they need a specific piece of user information. For legitimate retailers, minimizing collected data should be an ongoing discussion, says Akamai's Bartley.

"Is your CISO sitting down with your CMO and asking why they need this information? Why do you need someone's birthdate? Why not just ask for the month and year," says Akamai's Bartley. "You are only putting your company at greater risk of the data being mishandled or stolen."

This is especially true because consumers do not always do what they say. Almost three-quarters of consumers (72%) will part with their name and e-mail address to get discounts from loyalty programs, but that's not all: 56% will also give up their birthdate and another 53% will give up their address. 

The real head-scratcher, however: 12% will give up their user account password, while another 8% say they would part with the Social Security number for a deal.

About the Author

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights