Consumer Worries About Online Security On The Rise

The string of customer-data security lapses this year has exacerbated consumer tensions about online security, according to a survey released Thursday by RSA Security Inc. and LightSpeed Research.

More than four-fifths of 8,000 consumers surveyed reported feeling threatened or extremely threatened by online fraud and identity theft. The fears extended across all types of online transactions, including securities trading, banking, auctions, and retail. The survey was taken in May as reports of incidents involving lost data tapes, customer-data breaches, and system hacking were reaching a peak.

Consumers are taking information security into account when considering financial-services providers; 45% of respondents said they'd be more likely to switch brands if a new provider offered a stronger authentication method.

E-Trade Financial Corp. in March started giving customers with $50,000 or more in their accounts a free Digital Security ID device from RSA Security that displays a new six-digit code every 60 seconds. The online trader has signed up 10,000 customers for the service, which it is promoting heavily through its Web site. At the same time, E-Trade is urging competitors to come up with similar ways of assuring customers that it's safe to do business online. "As an industry, we need to think about other ways of securing transactions beyond a user ID and password," says Joe Raymond, E-Trade's director of product development.

Businesses, which tend to be tight-lipped about their security practices, should be more forthcoming in the interest of alleviating consumer concerns, says Orson Swindle, a former member of the Federal Trade Commission. "Companies need to tell their stories about what they're doing and how much they're spending on information security," he says.

Financial institutions are moving toward adopting stronger methods of authenticating customers. Wells Fargo earlier this year began using two-factor authentication for online money transfers taking place between customer accounts. And the Financial Services Technology Consortium, an industry research group, is in the midst of a project to investigate the use of one-time passwords and other standards for mutual authentication. It's also doing a detailed review of data-sharing practices with information aggregators.