Dotcom trading is enjoying a boom, but its future depends on maintaining consumer trust. Lindsay Nicolle reports on the threats to confidence in online security
Like the Wild West, the internet has been largely tamed. But it still has more than its fair share of bandits. And today, they not only want your money, but your identity too. Online internet identity theft could be the next major high-tech crime wave to hit the UK, and the backwash in falling consumer confidence could create problems for even major retailers and banks.
So where does that leave the long-term viability of online retailers? Are we facing a potential internet crisis where consumers withdraw to the point that online will always be a secondary channel for business?
By all accounts, the weather pattern looks stormy. UK internet users are recklessly giving away too much personal information, inviting the rapidly rising crime of online identity theft, according to a poll by Winmark Research. As traditional identity theft, such as credit card fraud, becomes more difficult because of security initiatives such as chip and Pin, criminals are looking for new ways to conduct fraud.
Fraud-based and phishing websites are mushrooming roughly 50% month on month, according to the Anti-Phishing Working Group, whose members include financial institutions, online retailers and law enforcement agencies. The latest look like legitimate, unique online e-commerce sites. They trick both casual and corporate web users into being victims of identity theft, using highly creative and sophisticated techniques.
Identity theft could become the greatest threat to the future of the online business world. If users become disillusioned about internet security, consumers are likely to turn on the mechanism they feel has enabled the crime, along with any unfortunate business involved.
Crucially for online businesses, 57% of consumers already believe that the responsibility for protecting their online identities and personal information is chiefly the role of the companies running the websites, according to the Winmark research. Nearly 80%, when questioned in the street, unwittingly give away enough personal information for a fraudster to steal their identity. A surprising 60% would also willingly provide easy clues for passwords related to personal information such as their date of birth or family names.
On average, consumers have created more than 20 different online identities by providing personal information to websites, with 66% of people using the same password to access different types of websites - from e-mail to bank accounts. Most have little or no awareness of the existence of phishing scams and spyware.
Understandably, there is a fear that when consumers start to fall victim to rising online identity theft, confidence in e-commerce will plummet, leading to a backlash against e-tailers and online banks.
"If the criminals succeed and internet identity theft continues to escalate out of control, the consumer will rapidly lose confidence in e-business," says Tim Pickard, strategic marketing director EMEA at e-security specialist RSA Security.
A survey by analyst firm Gartner reports that of 5,000 online consumers, 30% have already had their identities stolen online, most in the past six months. Research by Vanson Bourne reveals that 33% of online traders are aware that the loss of consumer confidence is the most damaging aspect of the security breach. Indeed, the need to retain customers is starting to impede the take-up of e-business, with 30% of online companies refusing some customers access to their websites because of concerns about system security.
"Software suppliers must invest more in developing and delivering less vulnerable products," says Richard Stiennon, information security specialist at Gartner.
Clearly, this will become a valuable competitive differentiator for IT suppliers and online traders in the future. In the Gartner survey, 80% of consumers say they would have the confidence to buy more online if their accounts were protected by more than just a user name and password.
The lesson here is the need to protect against external threats to online systems, but what about weaknesses in internal controls? Eighty per cent of corporate frauds involve an insider, according to a survey by Nottingham Business School.
Online financial firms and e-tailers are understandably reluctant to go on record blaming their staff for security breaches, and instead talk up the role of cash machine pranksters and cloners in restaurants. However, Vanson Bourne research reveals that IT managers see the internal security threat to data as their biggest concern.
"We have seen an increase in security issues involving internal staff among our banking customers," says Paul Vlissidis, head of penetration testing at IT consultancy NCC Group. "Some banks' internal networks are weak. We can compromise more than 80% of networks we test. We are experts but quite often the way we do it is low-hanging fruit in security terms. But things are changing. Many of our banking projects are specifically designed to beef up internal security to recognised British and international security standards, so I think we will see a reduction in public banking data security breaches in the future."
But will this be enough to secure consumer confidence in e-commerce? UK retail industry organisation Interactive Media in Retail Group is predicting that internet shopping will grow five-fold by 2010, representing 33% of UK consumer spending.
Meanwhile, the number of companies offering online banking services is growing rapidly. IBM predicts that the number of supermarket banking customers will grow from 5.8 million today to 14.4 million in five years' time.
E-commerce is set for a rollercoaster ride in the coming months and years as electronic protection plays catch-up with the online identity thieves. In the end, consumers have the final say on the future of e-traders, no matter what their size, and no one can yet predict the winners.
Christmas boost for the e-tailers
The Interactive Media in Retail Group estimates that more than £3bn was spent online by UK shoppers in the run up to Christmas - a 64% increase on the previous year. Forrester Research says UK sales led the way in Western Europe, topping 33% of all online spending over the festive period.
The internet's biggest retailer, Amazon, recorded its largest number of shipments to date - more than 400,000 items on its busiest day. The UK's largest internet retailer, Tesco.com, experienced record sales with 750,000 shoppers visiting the site during December, placing more than 600,000 grocery orders.
Supermarket Sainsbury's reports that by increasing the reliability of its network and order management systems over the peak Christmas period by more than 90%, it added the equivalent of "tens of millions of pounds" in extra sales at one of its busiest times of year.
Meanwhile, at the other end of the business scale, small to medium-sized enterprises have also seen an upturn in online sales. SMEs reported an average 60% increase in web sales during November and December 2004, compared with 30% in the same period in 2003. A Christmas poll by e-commerce specialist Actinic Software surveyed companies ranging from start-ups created in 2004 taking a handful of orders, to mature e-commerce sites processing several thousand. The average number of orders over the period was 1,570.
The Actinic research reveals that in recent weeks some online retailers have been almost overwhelmed by an increase in orders. Chris Burslem of Online Paper says, "At one point during November we nearly switched the web catalogue off so we could catch up with the sheer volume of orders coming at us, not only from the UK, but from all over the world."
Sites also reported an average 80% increase in online turnover, indicating that the average order value has risen, as well as the average number of orders. Some, including Mega City Comics, noted a corresponding decline in offline sales. Julian McIntosh of outdoor gear supplier Safariquip says, "Web sales are expected to overtake over-the-counter sales early in 2005. The rate of web growth is making us consider e-commerce as a safer and less costly alternative to bricks and mortar growth into new branches."
Actinic chief executive Chris Barling says, "We may be seeing the first signs that the internet is affecting not just high street sales, but also the inclination of retailers to expand their real-world outlets. Each year adds to the feeling that the original dotcom boom hype wasn't so much wrong as too early."
Rise of the digital mafia >>