The results of a survey conducted by the Gartner research firm and shared with IDG News Service show that online consumers are growing frustrated with the lack of security provided by banks and online retailers, and feel that passwords are no longer sufficient to secure their online transactions.
The findings are the latest conclusions drawn from a survey of 5000 adult Internet users, concluded in April, which shows that online consumers want providers to offer more than just passwords to protect online accounts, and that concerns about a lack of security may be hampering the growth of online commerce, according to Avivah Litan, vice president and research director at Gartner.
According to the data, almost 60 percent of those surveyed by Gartner said they are concerned or very concerned about online security. Even more important for online retailers: Over 80 percent of those surveyed said they would buy more from an online vendor who offered them more than just a user name and password to protect their accounts, she says.
"The data shows that consumers want more than passwords," Litan says. However, there are limits to how far consumers will go to secure their online activities, she adds.
When asked to choose among technologies to supplement password protections, respondents gave high ratings to low-tech options such as challenge-and-response features that ask shoppers to provide responses to tailored questions, or shared secret technology that displays shopper-selected images on Web pages to prove the authenticity of e-commerce Web sites. More complicated solutions like security software downloads, or so-called multifactor authentication--which couples smart cards or USB (Universal Serial Bus) tokens with user names and passwords--were less popular, Litan says.
The most popular choice for fixing the security of online shopping and banking sites is for providers to be made legally responsible for strict security measures, she says. Also, those surveyed by Gartner indicated that they want the choice of using stronger authentication, but do not want to be forced to use it.
"Our data shows that consumers think the system is easy to use, but they want something that gives them added protection," she says.
U.S. banks and online retailers have lagged behind their counterparts in the European Union and Asia in using strong authentication to secure online transactions, including smart card technology and one-time passwords, she says.
Gartner predicts that by the end of 2007, more than 60 percent of banks in the U.S., but fewer than 20 percent of banks worldwide, will rely on simple passwords for retail customer authentication.
But that may change, especially as retailers and banks contend with a wave of sophisticated online scams known as "phishing attacks" that lure customers to phony Web sites and steal their account and financial information, she says.
Recently, U.S. Bancorp. said that it will use a hardware-token-based authentication service from VeriSign to secure access to commercial banking services for its customers, and may soon introduce a similar service for consumer banking customers.
"We're getting more calls from banks and other providers that are looking to protect their customers and give them added security. They're worried that consumers are losing confidence in the online channel," she says.
Gartner will publish a research note on consumer authentication options in the near future, says Litan.