The recent onslaught of retail breaches, including one of the most expensive in U.S. history, has heightened consumer perceptions of security and privacy, new research suggests.
Although less than half of respondents in the Ponemon Institute study, “Consumers' Perception about Privacy & Security: Do They Still Care?” were victims of at least one data breach, 62 percent of respondents said they do not trust systems or websites that only rely on passwords to identify and authenticate users or consumers, according to the study. The same percentage didn't trust systems or websites if identity and authentication procedures seem too easy.
“Security needs to be less complex and seamless to the end user,” Rueben Rodriguez,principal product marketing manager, RSA Identity Protection & Verification, at RSA, which sponsored the study, told SCMagazine.com. “Ultimately, this is most likely going to involve a layered approach.”
The findings reinforced the security dilemma IT security professionals often face: how to create an easy-to-use, yet secure system. Consumers already expect security in their online financial actions, the study showed. The highest expectations were logged for filing a tax return, making mobile payments and banking.
Conversely, shopping, watching a video or listening to music, and using social media had the lowest expectations of security.
“The breach activity has definitely made consumers aware that their information could potentially be at risk,” Rodriguez said. “They are looking for the trust in the financial services sectors to be applied to the retail sector because that's where they're feeling the pain.”
Retailers, Rodriguez said, are beginning to thoroughly examine their backend infrastructure and devise ways in which to optimize security. However, they're not talking about it publicly. These enterprises must leverage the current threat landscape and users wanting more complex and secure systems, he said.
“Consumer behaviors and perception are changing, which, in general, allows the IT industry to take advantage of that,” Rodriguez said.
For instance, 63 percent of respondents thought voice verification would be an acceptable method of biometric authentication, and more than half believed biometrics and software tokens embedded in a smartphone or tablet would be a preferred authentication method.
“Users are becoming more wary, and they are accepting new security methods,” Rodriguez said. “It's a great time for the industry overall to take advantage of that and instill trust in the consumer.”