Increasing reports of lost consumer data files and disclosures of unauthorized access to sensitive personal data are taking a toll on consumers" confidence in online commerce, according to Gartner.
A Gartner survey of 5,000 U.S. adults showed that phishing attacks grew at double-digit rates last year in the U.S.
In the twelve months ending in May 2005, an estimated 73 million U.S. adults who use the Internet said they definitely, or think that, they received an average of more than 50 phishing e-mails in the past year.
The number of consumers receiving phishing attack e-mails increased by 28 percent in the 12 months ended in May 2005 compared with the 12 months ended in April 2004, according to the Gartner data.
In last year"s survey, an estimated 57 million U.S. adults reported that they definitely, or think, that they received a phishing attack e-mail. In both surveys, 5,000 participants were selected to match demographic characteristics of the U.S. online population.
The survey found that 2.4 million online consumers reported losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey. Survey participants indicated that most of the money stolen was repaid by banks and credit cards.
Gartner analysts said most online consumers do not open e-mail from companies or individuals they do not know from prior experience. Three of every four online shoppers said they are more cautious about where they buy goods online, and one of three report buying fewer items than they otherwise would because of security concerns.
"Companies need to take steps quickly to beef up online security," says Avivah Litan, vice-president and research director at Gartner. "We are seeing unprecedented levels in consumer transactions online. Yet businesses cannot rely on the Internet to lower costs and improve marketing efforts indefinitely if consumer trust continues to decline."
More than 80 percent of U.S. online consumers said their concerns about online attacks have affected their trust in e-mail from companies or individuals they do not know personally. Of these consumers, more than 85 percent delete suspect e-mail without opening it.
"This figure has serious implications for banks and other companies that want to use the e-mail channel to communicate more cost-effectively with their customer base," Litan says.
"For example, a bill sent electronically costs about half of what a bill costs when sent through regular mail."
Phishing attacks are not slowing down. More than 40 percent of the adults who received phishing attack e-mails received them in the two weeks preceding the survey; another 23 percent of respondents said they received these e-mails two weeks before that -- so more than 63 percent of consumers who received one of these e-mails did so in the month prior to the survey.
"In general, consumers expect companies they do business with to provide secure online communications and to protect consumer data from thieves at no additional cost to consumers," Litan says.
"They want guarantees -- authentication -- from merchants and other businesses that their Web sites are genuine. Consumers want this reaffirmed every time they go online."
Approximately 77 percent of online Americans shopped online in the 12 months ended in May 2005, according to Gartner. An estimated 73 percent of respondents regularly logged on to banking accounts and 63 percent paid bills online.
"While online banking customers continue to access bank accounts over the Internet, they are changing their usage patterns," Litan says.
"Nearly 30 percent of the online bankers say that online attacks have influenced their online banking activities. Over three-quarters of this group log in less frequently, and nearly 14 percent of them have stopped paying bills via online banking."
In the survey, nearly twice as many consumers said they worry more about thieves getting undetected access to private credit reports and other sensitive financial data than defending against phishing attacks.