X

Web shopping thrives amid phishing fears

Fear of fraud is leading many people to curtail their online shopping, one report says. But e-commerce is on the rise, says another.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
See full bio
Dawn Kawamoto
2 min read
While consumers' concern over phishing and pharming attacks is leading some to curtail their online shopping, e-commerce still continued to rise this year, according to two separate reports.

Nearly half of voters surveyed nationwide last month said fear of identity theft was keeping them from conducting business online, the Cyber Security Industry Alliance said in a report released Wednesday.

In addition, 97 percent of American voters told the technology industry trade group that identity theft was a problem that needs addressing, and 93 percent cited fears over spyware.

"Clearly, voters are concerned about the security of their personal information on the Internet, and that fear is inhibiting the full potential of e-commerce," Paul Kurtz, CSIA executive director, said in a statement.

Despite this, a survey of 135,000 businesses conducted by security company VeriSign found that e-commerce transactions rose 30 percent over the past year.

And in recent months, the average size of each purchase has increased slightly, according to VeriSign's survey, released Tuesday. In the first quarter of 2005, the average e-commerce transaction increased 4 percent to $150, from $144 in the previous quarter.

At the same time, VeriSign sounded a note of alarm over online fraud, noting in its report that phishing scammers have started to use more sophisticated techniques as a response to security countermeasures. The company highlighted the threat of pharming, which takes advantage of vulnerabilities in DNS servers to direct victims to a fake Web site in an attempt to steal sensitive information.

In March, for example, VeriSign said it detected a 300 percent surge in probes to DNS servers. That increase suggested an attempt was underway to "poison" the cache, or place malicious URLs on the servers so that people would be unwittingly directed to a fraud site instead of the vendor site they were trying to reach.

New laws are needed to fight such attacks and protect online privacy, according to 17 percent of voters in the Cyber Security Industry Alliance study.

Some 64 percent said they wanted the government to do more to protect computer security.

A spate of recent security breaches has prompted U.S. lawmakers to introduce measures to protect people's sensitive information.

The Cyber Security Industry Alliance survey of 1,003 likely voters had a margin of error of 3 percent. Members of the Cyber Security Industry Alliance include Juniper Networks, McAfee, RSA Security and Entrust.

Reuters contributed to this report.