View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 21, 2005

Online buyers more aware about identity theft

Adding a timely note at the dawn of another holiday shopping season, a new survey by Sun Microsystems Inc shows that consumers are aware of their vulnerability to online identity theft, and are willing to punish online merchants whose security leaks compromise their identities.

By CBR Staff Writer

According to the survey, one third of consumers have been victims of identity theft, or know somebody who has. Two thirds of them would stop shopping at an online retailer if their personal data is compromised; for banking and insurance, that figure is 50%.

What’s interesting is that consumers are aware of the risk and they are now becoming more vigilant, said Sara Gates, vice president of identity management of Sun. She listed actions such as strengthening of passwords to combinations of upper and lower case letters, plus numbers mixed with letters, to help foil identity hackers.

Over 80% of respondents considered themselves more vulnerable to identity theft during the holiday shopping season. Nonetheless, despite the risks, two thirds said they would shop online anyway.

And consumers are more than willing to pull the plug on online retailers or financial institutions that fail to prevent their identities to be stolen.

We don’t know how bad it is because laws that require notifications [of identity breaches] are just coming into play, Gates said.

Release of the survey comes a week before Black Monday, the first Monday after the US Thanksgiving shopping weekend. According to VeriSign Payment Services, Black Monday was last year the peak day for online shopping.

Sun obviously has a vested interest in reporting the results as the company sells identity management software.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

According to Gates, the results mean that online entities must take protective measures at the data, network, and building security levels. That means data encryption, network perimeter security, and robust access control at the building doors.

Gates cited an instance of a stolen laptop at the University of California at Berkeley that contained student social security numbers, a lapse that she claims could have been avoided with encryption and an adequately guarded building.

Obviously, technology and facilities measures are only the beginning.

For instance, at international episodes, such as A.Q. Kahn, the father of Pakistan’s nuclear weapons program. He built the program, and allegedly purloined data to terrorists, by spiriting out data while employed by the European URENCO consortium that manufactured nuclear equipment back in the 1970s.

That’s similar to what happened at Equifax data broker spinoff ChoicePoint Inc., where con artists posing as customers stole identities in a breach that was feared to threaten up to a half million consumer identities earlier this year.

Although conventional measures to safeguard IT data won’t necessarily stop rogue employees or spies, Gates concluded, We are going to have to start somewhere

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.