Data Worries Stunt E-Commerce, Online Banking

Increased phishing scams and a plague of data breaches that have exposed millions of consumers' financial information are making Americans more than jittery about E-commerce and online banking.
Increased phishing scams and a plague of data breaches that have exposed millions of consumers' financial information are making Americans more than jittery about e-commerce and online banking, a report released Thursday said.

"I think this is an inflection point," said Avivah Litan, the Gartner research director who led the May survey of 5,000 consumers. "It looks like the bonanza of e-commerce is going to stop."

According to Litan's report, 42 percent of online shoppers and 28 percent of those who bank online are changing their e-habits because of phishing and other attacks.

The bottom line, said Litan, is that security woes will pull down the expected growth of e-commerce and online financial dealings by 1 to 3 percent through the end of 2008. "That may not sound like a lot," said Litan, "but when you're talking billions in growth, it's serious." She declined to put a price tag on the impact, saying that Gartner had no refreshed its e-commerce financial data in some time.

The affect on banks and other financial institutions could be dramatic, since another report issued Thursday by Yahoo and OgilvyOne Worldwide noted that the majority of Americans now use the Internet for conducting financial chores and transactions.

"The biggest impact [of phishing] is a newfound and serious consumer distrust of e-mail," Litan wrote in her report. More than 80 percent of those polled say that their trust in e-mail is down, while 85 percent of those people just delete suspect e-mail without opening it, thinking it best to play it safe rather than worry about being sorry.

"This figure has serious implications for banks and other companies that want to use e-mail to communicate more cost-effectively with their customers," wrote Litan. It costs a company about half as much to send a bill electronically, for instance, than to send it through the U.S. mail.

While phishing continued to climb in the last 12 months -- something that took even Litan off-guard -- consumers are actually about twice as likely to be worried about unauthorized access to their personal credit or account data as they are about phishing.

And they want some help. Two-thirds, said Litan, want the government to pass laws that will let them "opt out" of releasing their personal data to a third party. That would give consumers the power to decide who did, and didn't, have the right to release their data without express consent.

"That'll never happen," said Litan. "The financial services companies will argue that opt-out would slow down the business of extending credit to consumers. And they spend millions on campaign contributions. The privacy groups, in comparison, have no money at all.

"It often comes down to who are the largest contributors to political campaigns," she added.

Nor are consumers happy with the one weapon now in their arsenal. By virtue of 2003's Fair and Accurate Transactions Act, Americans are allowed one free look annually at their credit report. (The mandated reports can be requested from, a site created by the three major U.S. credit bureaus -- Experian, Equifax, and Trans Union -- but 14 states in the Northeast won't get access until September.)

Only 14 percent of those polled by Gartner believed that the free reports were effective in protecting them from identity theft fraud.

"One of the themes of this report is that people feel they can't do anything about the problem," said Litan. And it might be a long time before things get better.

"There's just lot of inertia in the system," she said.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing