Over a third (36%) of Britons believe that online identity fraud or information theft is unavoidable in the future, according to a new study.
The study, from Experian Consumer Services also reveals the opportunity for online service providers to take more accountability in this area with 40% of survey respondents believing that responsibility should lie with their service provider.
Conducted amongst 2,249 adults across the UK, the results highlight consumer attitudes towards online identity fraud and the role online service providers play (in the following sectors: Mobile, Banking, Insurance, Gaming, Internet Service providers).
Despite over a third of consumers expressing significant concerns about the risk of identity theft, the results suggest that many still do not implement well established best practice online security measures, such as using different passwords for online accounts. Two-fifths of respondents (40%) believe that online service providers should be responsible for protecting consumers’ online identity with just under a half (47%) believing it is their personal responsibility. The research also showed that victims of Internet crime are slightly more likely to allocate accountability to service providers than non-victims (43% compared to 39%).
In the case of protecting and recovering data following the loss of a mobile device specifically, opinions about who should protect and recover their information are more fragmented. Just under a fifth (19%) of respondents currently believe accountability should lie with the mobile network provider, followed by their ISP (17%), companies holding their personal data (14%) and insurance companies (13%). 30% of consumers believe that none of the service providers would fulfil this role.
Consumers also associate varying levels of perceived harm from identity theft depending on the different online platforms they are using. For example, information misuse following online banking is perceived to have the greatest personal impact at 87%, followed by the risk of an e-mail account being hacked and messages sent out to their network (80%). General Internet use has a perceived risk of 76%.
Gamers believe they face the lowest perceived risks (54%) should a personal avatar or online identity be taken over by fraudsters, in-spite of the significant amount of personal information shared in creating such characters and online profiles.
During qualitative anonymous interviews, when online service providers were asked what was being done to minimise risks surrounding identity theft for their customers, most discussed authentication, encryption, storage and some proactive technologies, with an emphasis on transaction security and log-in protections. Very few highlighted processes or technologies to assist customers that are victims of identity fraud or information misuse
Peter Turner, Managing Director with Experian Consumer Services UK&I, commented: “The truth is that both consumers and online service providers have a role to play in protecting personal information shared online as a lapse by either party will result in an increased risk of online identity theft or fraud. Some online service providers are already rising to the challenge and providing services to help protect their customers. However all online service providers should be asking themselves what their role is in helping to protect consumers from identity theft.
“Taking a proactive approach to the protection of customers’ online identities, enhances customer relationships and builds trust in brands, which is extremely valuable to brand managers. Customers want to know that the processes and support exist, should they ever need to call on them”, continued Peter Turner.
Below is a summary of the key research findings for each sector:
86% of respondents believe the consequences of identity theft when banking online could be significant. Interestingly, a smaller proportion (65%) are concerned about the misuse or theft of their personal information as a result of using online banking platforms
While the vast majority of survey respondents (89%) logged out of online banking once they had finished on the site, 17% accessed online banking from a shared computer every month, and one in ten had done so from an open Wi-Fi hotspot, which is of a significantly higher risk than a private network.
Internet Service Providers
Consumers feel more secure when using their ISP to access the Internet, over other methods. 47% of respondents were at least “fairly concerned” about the misuse or theft of personal information when using their ISP. This figure rises to 61% when they are connecting in other ways, such as through public Wi-Fi.
ISPs are the second highest ranking industry expected to protect and recover personal information in the event of a lost mobile device.
Between a quarter and a third of mobile Internet users are showing signs of negligence in accessing websites or sharing information online. For example, on average every month 32% of mobile Internet users connect to a wireless network that requires no password, and 27% download an application without checking the safety of the developer. These risks represent a significant challenge for service providers.
From the study, 69% of mobile users consider that the act of online identity theft or misuse of personal information when using a mobile phone would carry some significance for them.
In the survey, less than a third of online gamers recognise a risk in buying or storing data on games, and only 15% are very concerned about data risk when buying or accessing online games, while another 15% are totally unconcerned
A fifth (20%) access online gaming accounts from public computers, 27% from a shared computer, and 33% from a mobile device, raising the risk of insecure Wi-Fi connections in public places. One quarter (24%) access gaming accounts from insecure public hotspots. Despite these risky log-ins, 22% admit to never logging out of their accounts manually at all.
25% of respondents stated they had insurance for a mobile phone, but only 10% have claimed insurance for tablet devices
Device insurance is still something that only a small percentage of users hold, with mandatory insurance, such as home and car, being far more prevalent. This type of insurance is still significant when considering the level of Internet users that protect against identity theft. Mintel (2012) estimates that only 6% of people have taken steps to protect their ID, the same as those that take out personal insurance against accidents in the workplace.
Here is a summary of the key findings on consumer security behaviour and attitudes towards identity theft
The value of personal networks and reputations
Nobody would dispute the value of personal networks has grown immensely since consumers use the internet more and more to manage and interact with them. Yet, we still take risks that could leave us exposed to the risks of identity theft. The personal reputation of consumers within their online networks, is having an impact on how users quantify risk online:
• Network sensitivity: 81% of respondents in the survey agree that they would worry more about the impact to their contacts and network than risk to themselves if their email account was hacked
• Financial sensitivity: Only 29% of respondents say that, if financial losses were refunded, they wouldn’t worry about identity theft or misuse of personal information
• Identity sensitivity: 74% strongly agree that they wouldn’t like the idea of someone pretending to be them
Despite the concerns outlined above and that consumers consider themselves to be mindful of Internet risks and to take measures to reduce online risk, many bad habits remain that contradict their good intentions. Good behaviour is represented by:
• 73% believe they generally use strong internet passwords
• 80% think they take adequate steps to avoid being a victim of information misuse or identity theft
• 80% have never shared a password for a website account online
Despite this, there is also a tendency to avoid Internet best practice:
• Only 33% have a different password for multiple accounts that they log into
• 25% have an electronic or paper note of their online usernames and passwords
• Only 25% change their online passwords monthly
• 33% have saved website usernames and passwords in their computer “cache”
2,249 interviews were conducted with adults in the UK aged 18+ who have in the past 12 months: accessed the internet through their internet service provider, used mobile data on their mobile phone, used internet banking or played games on their PC or a console, involving registering or paying for access.
15 in-depth interviews were conducted among those involved in protecting customer identity and information online, and working in banking, ISPs, Mobile providers, Insurance providers and Internet gaming organisations.
Interviews took place by telephone in January and February 2013. Research conducted by Loudhouse, an independent research agency based in London.