Web shopping thrives amid phishing fears

While consumers' concern over phishing and pharming attacks is leading some to curtail their online shopping, e-commerce still continued to rise this year, according to two separate reports.

Nearly half of voters surveyed nationwide last month said fear of identity theft was keeping them from conducting business online, the Cyber Security Industry Alliance said in a report released Wednesday.

In addition, 97 percent of American voters told the technology industry trade group that identity theft was a problem that needs addressing, and 93 percent cited fears over spyware.

"Clearly, voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," Paul Kurtz, CSIA executive director, said in a statement.

Despite this, a survey of 135,000 businesses conducted by security company VeriSign found that e-commerce transactions rose 30 percent over the past year.

And in recent months, the average size of each purchase has increased slightly, according to VeriSign's survey, released Tuesday. In the first quarter of 2005, the average e-commerce transaction increased 4 percent to $150, from $144 in the previous quarter.

At the same time, VeriSign sounded a note of alarm over online fraud, noting in its report that phishing scammers have started to use more sophisticated techniques as a response to security countermeasures. The company highlighted the threat of pharming, which takes advantage of vulnerabilities in DNS servers to direct victims to a fake Web site in an attempt to steal sensitive information.

In March, for example, VeriSign said it detected a 300 percent surge in probes to DNS servers. That increase suggested an attempt was underway to "poison" the cache, or place malicious URLs on the servers so that people would be unwittingly directed to a fraud site instead of the vendor site they were trying to reach.

New laws are needed to fight such attacks and protect online privacy, according to 17 percent of voters in the Cyber Security Industry Alliance study.

Some 64 percent said they wanted the government to do more to protect computer security.

A spate of recent security breaches has prompted U.S. lawmakers to introduce measures to protect people's sensitive information.

The Cyber Security Industry Alliance survey of 1,003 likely voters had a margin of error of 3 percent. Members of the Cyber Security Industry Alliance include Juniper Networks, McAfee, RSA Security and Entrust.

Reuters contributed to this report.

[Razzl]

statistical hash

CNET ran a story very like this a few months back quoting some security industry flack making the claim that phishing and other scams were going to kill off e-commerce, which of course statistics such as that quoted continue to show as thriving. So what gives? The numbers for people who aren't using the web for commerce need to be dissected more carefully: we know that the phenomenon of "early" versus "late" adopters are out there, so how many of the people answering the question this way have actually engaged in e-commerce to any degree? Has a percentage of active e-commerce users cut back their activity because of new fears, or do the numbers represent just the same old split of those who have gotten their feet wet and those who haven't? Without a deeper analysis it's hard to draw the kind of conclusions the article is trying to draw...