Online security needs beefing up

Online users are growing frustrated with the lack of security provided by banks and online retailers, and feel passwords are no longer sufficient to secure their online transactions, according to a survey by Gartner.

A survey of 5,000 adult Internet users concluded that online consumers want companies to offer more than just passwords to protect online accounts, and that concerns about a lack of security may be hampering the growth of online commerce.

Almost 60 percent said they are concerned or very concerned about online security. And over 80 percent said they would buy more from an online vendor who offered them more than just a user name and password to protect their accounts, said Avivah Litan, research director at Gartner. "The data shows that consumers want more than passwords," she surmised. However, there are limits to how far consumers will go to secure their online activities.

When asked to choose among technologies to supplement password protections, respondents gave high ratings to low-tech options such as challenge and response features that ask shoppers to provide responses to tailored questions, or shared secret technology that displays shopper-selected images on Web pages to prove the authenticity of e-commerce websites. More complicated solutions like security software downloads or so-called "multi-factor authentication" that couple smart cards or USB tokens with user names and passwords were less popular, Litan said.

The most popular choice is for providers to be made legally responsible for strict security measures. Those surveyed indicated that they want the choice of using stronger authentication, but do not want to be forced to use it. "Our data shows that consumers think the system is easy to use, but they want something that gives them added protection," she said.

Banks and online retailers in the US have lagged behind Europe and Asia in using strong authentication to secure online transactions, including smart card technology and one-time passwords, she said.

Gartner predicts that by the end of 2007, more than 60 percent of banks in the US, but fewer than 20 percent of banks worldwide, will rely on simple passwords for retail customer authentication.

But that may change, especially as retailers and banks contend with a wave of sophisticated online scams known as "phishing attacks" that lure customers to phony websites and steal their account and financial information, she said.

Recently, US Bancorp. said that it will use a hardware-token based authentication service from VeriSign to secure access to commercial banking services for its customers, and may soon introduce a similar service for consumer banking customers.