Risky online shopping practices, retailer data breaches contribute to scary stats as consumers head into busiest shopping time of the year, says survey by ITRC and CyberScout
The Identity Theft Resource Center, a nonprofit organization dedicated to the understanding of identity theft and related issues, and CyberScout™ (IDentity Theft 911®) today announced findings from their 2014 survey titled Data Breaches, the Holidays, and You. The survey, conducted by ITRC, was sponsored by CyberScout, a leader in data risk management, breach response, resolution and education services.
During the holiday shopping season, millions of Americans will take advantage of the convenience, speed and ease of online shopping: Spot it, love it, click it, and it’s on the way.
The study found that 77 percent of the survey participants, from the more than 200 who responded, said they shop on the Internet. This year, the National Retail Federation predicts online sales during November and December to jump 8 to 11 percent over 2013, accounting for $105 billion.
According to the survey, many consumers have already shared or are willing to share unnecessary pieces of personally identifiable information while online shopping:
- 75% birthday
- 47% mother's maiden name
- 31% birthplace
- 20% PIN
- 16% driver’s license
- 14% Social Security number
- 7% relative’s birthday
“Any of these components can be one important piece of the identity mosaic that helps an identity thief more effectively impersonate a victim," Adam Levin, chairman and founder of CyberScout said. “Consumers may not be able to control how or when data breaches happen, but they can effectively manage the amount and type of information they’re handing over to companies. If the entity asks for any information out of the norm like an address or Social Security number to buy something, challenge them and ask why.”
Americans have mixed feelings about the act of using credit or debit cards to buy something online: Many consumers—more than half (56 percent) of survey respondents—already experienced having their information compromised in a retail breach. Additionally, more than 59 percent of the participants are either “extremely concerned” (26.2 percent) or “moderately concerned” (32.9 percent) that shopping online will put them at risk of becoming a victim of identity theft.
“Consumers are at a crossroads – they are concerned about identity theft, yet feel control is out of their hands,” said Eva Velasquez, ITRC CEO. “Consumers trust organizations – retailers, medical offices, schools, employers, and other entities, every single day with their sensitive PII and they expect these organizations to be good stewards of it. Unfortunately organizations have routinely suffered compromises of this information exposing Social Security numbers, financial data, medical records, and more. This leaves consumers both at high-risk for becoming an identity theft victim – a situation which can haunt you for years, sometimes even life, and questioning the proposition of convenience versus security.”
High-profile data breaches at major retailers also have put a damper on shoppers’ holiday cheer, whether it’s on- or off-line. When we asked respondents how concerned they were about identity theft originating from a breach at retailers such as Target, Michaels, Nordstrom or Home Depot, 39.8 percent said they were “extremely concerned.”
“Data breaches and the identity theft that flows from them are the third certainty in life,” said Levin. "Monitoring and damage control are critical to deterring a personal economic extinction-level event. Keep a close eye on accounts, especially during the holiday season when thieves are looking to capitalize on consumers being distracted and eager to grab a bargain – perhaps from an unknown website.”
With all this fretting, you’d think consumers would be on high alert, checking their credit card and banking statements more often and keeping personal data close to the vest. Not so, according to the survey results. Nearly 42 percent of respondents said they didn’t check such statements any more often during the holidays than compared with other times of the year.
CyberScout has a few simple suggestions for online shoppers this holiday season:
- Shop on secure sites. Only use websites with “https” in the URL and a yellow padlock in the browser bar. Double-click on the lock to see a digital certificate of the website. Review these certificates on unfamiliar sites.
- Never enter personal information, especially your Social Security number or password, to email and bank accounts as part of the buying process with online retailers.
- Leave suspicious websites immediately. Don’t click on any of the site’s buttons, run content or download software.
- Use a credit card, not a debit card. Your debit card is cash. If you buy from a fake website, it’s gone . . . and it’s hard to get back.
- Consider using a virtual credit card number, instead. These are single-use (also called disposable, secure or virtual) credit card numbers. A single-use credit card number is basically an alias for your actual credit card number offered by most of the major credit card issuers. When shopping online, you use this number instead of your real account number. Purchases that you make with your temporary number show up on your statement like all of your other transactions.
Finally, if you suspect you're a victim of identity theft or wish to proactively manage your identity, check with your insurance company, financial institution, or employee benefits provider. Many companies offer LifeStages™ Identity Management Services from CyberScout for low or no cost. To learn more, visit idt911.com or call 1-888-682-5911.
About the ITRC
Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization which provides victim assistance and consumer education through its toll-free call center, website and highly visible social media efforts. It is the mission of the ITRC to: provide best-in-class victim assistance at no charge to consumers throughout the United States; educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation; and, serve as a relevant national resource on consumer issues related to cybersecurity, data breaches, social media, fraud, scams, and other issues. Visit www.idtheftcenter.org. Victims may contact the ITRC at 888-400-5530.
About CyberScout™ (IDentity Theft 911®)
Founded in 2003, CyberScout™ is the nation’s premier consultative provider of identity and data risk management, resolution and education services. The company serves more than 18.5 million households across the country and provides fraud solutions for a range of organizations, including Fortune 500 companies, the country’s largest insurance companies, employee benefit providers, banks and credit unions and membership organizations. A subsidiary of CyberScout, CyberScout Consulting™ provides information security and data privacy services to help businesses avert or respond to a data loss incident. Together, the companies provide preventative and breach response services to over 770,000 businesses in the United States, Canada and the United Kingdom. CyberScout is the recipient of several awards, including the Stevie Award for Sales and Customer Service and the Phoenix Business Journal Tech Titan award for innovation in breach and fraud-fighting services. The company is the organizer of the Privacy XChange Forum, an annual conference that brings together high profile privacy thought leaders. For more information, please visit www.idt911.com, www.idt911consulting.com, www.facebook.com/idt911 and www.twitter.com/idt911.