Consumers need to develop “sixth sense” when transacting online

Jennifer Brown  May 12, 2006  

As consumers continue to grow more nervous about transacting online, technology leaders are trying to work more closely with government to address concerns buyers have about providing credit card and other personal information online.

“There needs to be rigorous cooperation between government and the private sector to target cyber criminals in an effort to bring confidence back to the online world,” said John Thompson, president and CEO of Symantec Corp, delivering the keynote address at the company’s Vision conference in San Francisco May 8.

Symantec is working with government officials in countries such as Malaysia to address the issue of cyber crime, but Thompson said what is really needed is a standard approach to data protection compliance regulations. Currently 27 different states in the U.S. have as many different forms of compliance regulations.

 “Inevitably, we will have 50 different states with 50 different approaches. There ought to be one national piece of legislation.”

He also called for a uniformity of laws between nations, indicating that European countries are now looking at that idea.

In the meantime, Thompson said consumers are re-thinking their approach to doing business online.

While people continue to buy things like books online and pay bills, each time they do they are having serious concerns about whether their date will be intercepted by a criminal element, says Enrique Salem, Symantec’s senior vice-president of consumer products. Even he limits the information he provides online.

“If I’m presented with a web form the only information I will provide is my email address,” he said.

Thompson cited a recent survey conducted by the Conference Board of 10,000 households in the U.S., in which 41 per cent said they are purchasing less online due to concerns around security of their personal information. And, 53 per cent of Internet users have said they want to stop providing their personal information online.

“It won’t just hurt the digital economy, but the economy as a whole,” said Thompson. “In the physical world, it’s easy to walk into a store and get a sense of what kind of place it is. You get a feeling about whether it’s smart to give them your business, much less your credit card. We have a sixth sense in the physical world. We don’t have that in the online world and we need to help consumers develop a sixth sense online. They want to be confident their information is protected and the business they are dealing with is real and not a phishing scam.”

To demonstrate just how important online transactions are to companies, banks estimate it costs them $10 to initiate a loan transaction online, compared to $200 in a branch.

While consumers do seem to be pulling back from online commerce, analyst Steve Hunt of Chicago-based 4A International, points out that concerns like that have been around since the late 1990s.

"Anything that is going to inhibit that free-flow of communication is technical and security related and can be addressed. The one wild card is trust," said Hunt. "I'm not as worried as John Thompson with respect to the future of the economy — these are technical challenges."

Symantec is working on web technology that will help consumers have greater confidence in evaluating whether an online vendor can be trusted and whether their transaction will be secure.

Thompson said the main threat to personal and corporate information these days isn’t the “large-scale, fast-moving” virus or worm of a few years ago, where the creators were primarily looking for notoriety. Today’s cyber criminal is more interested in staying anonymous and gathering persona information and financial gain.

In the U.S. last year there were at least 130 large-scale data breaches and, while some of those breaches were executed internally, others were the work of outside criminals.

Of particular concern is the protection of data such as a company’s email, which can contain up to 75 per cent of an organization's intellectual property. When an email system is attacked, productivity grinds to a halt, but worse, if stolen, can have long-term damaging effects on a business brand and consumer trust.

Other messaging systems that are a growing concern for security and privacy experts include instant messaging and the concern that intellecutal capital is , voice over IP and all means of web collaboration.

According to market research firm, Radicati Group, 85 per cent of businesses of all sizes say instant messaging is taking place on their networks.  But are those interactions secure?

Symantec  says that since only one quarter of companies have a clear IM policy in place — and many consider that if they say "don't do it" they have a policy — they leave themselves open to theft of intellectual property.

The security software giant recently acquired Boston-based IMlogic, which provides the safeguarding of public and corporate networks and monitors and archives instant messaging traffic. Earlier this year it was reported that IM networks experienced an 826 per cent increase in security attacks.

But some analysts caution that numbers like those may just sound alarming because in previous attacks on IM systems have not been significant.

"IM does expose a company to new security risks, but most of us don't hear many stories about problems caused by IM breaches," said Hunt. "Unless it was a targetted attack, standard anti-virus tools can catch many of these things."

Thompson also spoke of a Symantec tool — Database Security and Audit technology — that monitors database transactions in real time, flagging sensitive data requests that don’t comply with company policy or might indicate an external attack.