Adding a timely note at the dawn of another holiday shopping season, a new survey by Sun Microsystems Inc shows that consumers are aware of their vulnerability to online identity theft, and are willing to punish online merchants whose security leaks compromise their identities.
According to the survey, one third of consumers have been victims of identity theft, or know somebody who has. Two thirds of them would stop shopping at an online retailer if their personal data is compromised; for banking and insurance, that figure is 50%.
What’s interesting is that consumers are aware of the risk and they are now becoming more vigilant, said Sara Gates, vice president of identity management of Sun. She listed actions such as strengthening of passwords to combinations of upper and lower case letters, plus numbers mixed with letters, to help foil identity hackers.
Over 80% of respondents considered themselves more vulnerable to identity theft during the holiday shopping season. Nonetheless, despite the risks, two thirds said they would shop online anyway.
And consumers are more than willing to pull the plug on online retailers or financial institutions that fail to prevent their identities to be stolen.
We don’t know how bad it is because laws that require notifications [of identity breaches] are just coming into play, Gates said.
Release of the survey comes a week before Black Monday, the first Monday after the US Thanksgiving shopping weekend. According to VeriSign Payment Services, Black Monday was last year the peak day for online shopping.
Sun obviously has a vested interest in reporting the results as the company sells identity management software.
According to Gates, the results mean that online entities must take protective measures at the data, network, and building security levels. That means data encryption, network perimeter security, and robust access control at the building doors.
Gates cited an instance of a stolen laptop at the University of California at Berkeley that contained student social security numbers, a lapse that she claims could have been avoided with encryption and an adequately guarded building.
Obviously, technology and facilities measures are only the beginning.
For instance, at international episodes, such as A.Q. Kahn, the father of Pakistan’s nuclear weapons program. He built the program, and allegedly purloined data to terrorists, by spiriting out data while employed by the European URENCO consortium that manufactured nuclear equipment back in the 1970s.
That’s similar to what happened at Equifax data broker spinoff ChoicePoint Inc., where con artists posing as customers stole identities in a breach that was feared to threaten up to a half million consumer identities earlier this year.
Although conventional measures to safeguard IT data won’t necessarily stop rogue employees or spies, Gates concluded, We are going to have to start somewhere