An emerging threat is looming over the Internet, and the most up-to-date anti-virus or firewall protection may not be able to prevent it from affecting online businesses and causing millions of dollars in lost revenue.
The problem is the diminishing confidence among Internet users in online transactions, as several surveys have shown in recent months. Mistrust in the way companies are handling customers’ online information is driving down e-commerce activities.
According to a North American study by Forrester Research, concern about online phishing threats has caused 14 per cent of customers to stop using online banking or bill payments, and 20 per cent have not enrolled in online banking or bill payments at all.
More than one in ten Canadians say they have been victimized by identity theft, according to a survey by Leger Marketing for Fusepoint Managed Services and Sun Microsystems of Canada. A whopping 83 per cent of online customers are concerned about the privacy of personal information stored in online databases. And over half of Canadian businesses surveyed agree, saying their confidential and private data are at risk of an attack.
A similar trend has been seen south of the border, as 79 per cent of U.S. consumers fear their personal information is being sold to a third party, reported Forrester in a 2005 survey commissioned by the Business Software Alliance.
Another study released by the research firm in January also revealed that 50 per cent of American consumers surveyed mistrust financial firms’ handling of their personal information, and 94 per cent say the risks of providing personal information online are outweighing the benefits.
This is a new challenge that’s been brought on by increasing Internet connectivity of machines and devices, said Peter Cullen, chief privacy strategist, Microsoft Corp. in Redmond, Wash.
“Today we’re waging a different war [because] information is no longer safe,” he said, adding that the issue of online information security is building up “a lot of fear and mistrust” among online customers.
An FBI study revealed Internet crimes cost businesses US$67 billion last year, said Cullen, making the problem a “direct bottom-line issue” for businesses.
The good news, however, is that the industry has started to recognize this threat and is fighting back. “Through public and private partnerships, [the industry is working to] help close the trust gap,” said Cullen. Leading financial firms, which are among the biggest targets for information theft, have started implementing plans and programs to reassure their customers and win back their trust, according to Forrester analysts Jonathan Penn and Penny Gillespie in a research paper titled, Keeping Financial Transactions Online.
“These firms not only recognize their customers’ concerns but are also demonstrating that they are serving customers’ best interests through education, additional protection and guarantees,” the analysts stated.
Royal Bank of Canada (RBC) and Standard Bank of South Africa, for instance, provide free personal firewall software to their online banking customers. Others are offering “zero liability” for customers on stolen cards and unauthorized purchases, free identity theft insurance and personalized e-mail messages to ensure message authenticity, according to the Forrester study.
All these efforts, however, should be communicated to the customers as part of the initiative for rebuilding Internet trustworthiness, wrote Penn and Gillespie. “It doesn’t work anymore to avoid talking about security and consumer protection. People are scared and they show it by curbing their online financial activity.”
Microsoft’s Cullen said firms should also be “very transparent” with their customers about how their personal information is collected, used and protected, and wherever possible to provide “meaningful choice to the user.”
Adopting a “more holistic view of where information is [stored] in the organization and where it’s at risk” is also one way of mitigating the risks, Cullen said. “Everything from the operating systems and desktops to PDAs, cell phones and Web pages are equally capable of spilling customers’ information.”
Legislative initiatives also provide a mechanism to help users become “more comfortable and trusting” with their online transactions. And when it comes to privacy legislation, the Americans can take a page from their northern cousins, said Cullen.
The business sector played a role in creating the original model for the privacy code, said Cullen, which later became the basis for the Canadian privacy legislation. “So, I think, when this legislation came in Canada, business was pretty well prepared,” he said.
In comparison, privacy regulations in the U.S. vary depending on the U.S. state under which jurisdiction falls and the type of information and the media used to collect it. There are also different regulations that exist in different industries such as financial, telecommunications and health, Cullen said.
“So from a business perspective, it’s incredibly difficult to figure out what you need to comply with. It’s very, very expensive for business trying to meet these multiple level of compliance.”