Security fears restricting mobile commerce

August 17, 2014 |

According to a survey of 2,000 US consumers found that 44% will not use mobile banking services and 48% will not use billing payment apps. In a similar survey in the UK the figures are even starker with 53% not being prepared to use mobile banking services, half avoiding money transfer apps and 24% not feeling safe shopping on their handsets.  That apps are causing concern for consumers should not come as a surprise.  The weaknesses of privacy protection in apps are notorious and have been a regular feature in press coverage.  Worldwide privacy regulators focused on the privacy problems with mobile apps, (which is a real concern on Android devices), earlier this year and the FTC has taken some action for egregious breaches.  But there is a difference between making statements, taking the occasional action and enforcing adequate privacy standards on apps.  It does not help that the privacy regulation is inadequate.  In Australia, for example, the $3 million turnover threshold between being covered, for those over the threshold, by the Privacy Act (not the gold standard of privacy regulation by any means) and exempt, for those under, generally means most app developers and start ups are under it. Helpful that is not.

The statement by Intercede in relation to the US survey, titled Security fears restricting mobile commerce in the US, according to wide-reaching consumer survey relevantly provides:

Leading digital identity expert Intercede today revealed the results of its new research The Rise of the Identity Centric Economy, which found that 44% of US consumers would never use mobile banking services and 48% would never use bill payment apps. The data reveals that while adoption of smartphones is widespread in the US (close to 80%), and more than half say that security is a primary factor in choosing a new smartphone, current security measures are inadequate for consumers to fully utilize mobile technology.

The survey of 2,000 US consumers also found that over one third would never use PayPal on a mobile device, while one in five do not feel safe shopping on their cell phones. Furthermore, 63% are worried about the level of security on their mobile device, with 84% of those concerned about data loss in the event their mobile device was stolen citing identity theft as their biggest worry.

Richard Parris, CEO of Intercede commented: “Nearly every week we read about another high profile hacking story in the news. From major attacks such as Heartbleed to eBay’s recent data breach, it’s not surprising that consumers just don’t trust mobile security. This is throttling the mobile economy. But with smartphone use so widespread and with the mobile device boom set to continue, it’s clear that security needs a radical revamp.”

In the wake of the Heartbleed security breach, almost two thirds (63%) stated that they are worried about the level of security on their mobile device. Consumers are keen to address this and recognise security as a top priority. When asked what was most important to them when choosing their device, functionality came out top, followed closely by security then ease of use. Brand was the least important consideration.

When asked why they were so concerned about security, respondents cited a lack of trust in current mobile login and authentication options, and worries about identity theft. One respondent said, ‘I feel like even with a password, access to my banking accounts can still be easily stolen’, while another said ‘I’m not convinced mobiles have adequate security’. Others pointed to fears over hacking saying ‘hackers are getting better at breaking through all security measures’ and it’s ‘so easy for information to be stolen’.

“It’s clear that consumers are fast losing confidence in traditional authentication solutions – passwords are the weakest link and no longer fit for purpose,” continued Parris. “We need to regain consumer trust if the mobile economy is to really take off. We all already have multiple digital identities, from online banking to social networking to email and others, but these identities are becoming more and more prevalent, and how we secure them is a growing concern for consumers. The industry needs to sit up and listen – we need more sophisticated forms of trusted identity.”

The research also looked at what steps consumers are taking to protect their digital identities when they are using mobile applications. Worryingly it found that many leave back doors open to hackers as they sign up for automatic log on and select ‘Remember me’ and ‘Keep me signed in’ options:

  • 52% of social media users on mobile devices are automatically logged in on their cellphone. This figure stands at 59% for those accessing email, 21% for users of Amazon and other shopping sites, 17% for online banking, and 12% for PayPal
  • When asked if they were automatically logged in on more than one more device, the figures stood at 52% for social media users, 61% for email, 20% for online banking, 25% for shopping sites, and 15% for PayPal
  • 51% of consumers admit they know the log in details for a friend’s, family member’s or colleague’s mobile device
  • 52% rely on their memory to remember all passwords, suggesting they are choosing weak and easy to remember combinations

All figures are based on an independent survey of 2,054 US consumers across all adult age groups conducted by Atomik Research during June 2014

In relation to the UK survey Mobile Commerce in  Security fears throttling mobile commerce in the UK reports on the findings and consequences as follows:

Digital identity expert Intercede today revealed the results of its new research The Rise of the Identity Centric Economy which found that 53% of UK consumers would never use mobile banking services, while many avoid using any mobile financial services at all – including Paypal, money transfer apps and even shopping websites.

The survey of 2,000 UK consumers also found that half avoid money transfer apps, and almost a quarter (24%) would not feel safe shopping on their handsets. Furthermore, 75% of those concerned about data loss in the event their mobile device was stolen cited identity theft as their biggest worry.

‘Nearly every week we read about another high profile hacking story in the news,’ said Richard Parris, CEO of Intercede. ’From major attacks such as Heartbleed to eBay’s recent data breach, it’s not surprising that consumers just don’t trust mobile security. This is throttling the mobile economy. But with the mobile device boom set to continue, it’s clear that security needs a radical revamp.”

In the wake of the Heartbleed security breach, only a minority of consumers (18%) still feel confident that they are secure.  Concerns over mobile security and the safety of personal financial information were rife across all generations surveyed – overall 54% of consumers are worried about the level of security of their device.

However, 18 to 24 year olds are the most distrustful of mobile financial services, with 62% saying they would never use mobile banking compared to 53% overall. 60% of 18 to 24 year olds would never make mobile payments compared to 50% overall, over half (52%) would never use Paypal on their mobile compared to 43% overall, and 87% cited identity theft as their biggest concern with data loss in the event that their phone was lost or stolen.

When asked why they were so concerned, respondents cited a lack of trust in current mobile login and authentication options, and worries about identity theft.  One respondent said, ‘I must be confident only I will be able to log in and use them [apps] – at this stage, I just don’t trust apps, especially financial ones,’ while others commented, ‘I don’t want anyone to steal my phone and be able to access my money,’ and ‘Apps are too hackable’.

‘It’s clear that consumers are fast losing confidence in traditional authentication solutions – passwords are the weakest link and no longer fit for purpose,’ continued Parris. ‘We need to regain consumer trust if the mobile economy is to really take off.  We all already have multiple digital identities, from online banking to social networking to email and others, but these identities are becoming more and more prevalent, and how we secure them is a growing concern for consumers. The industry needs to sit up and listen – we need more sophisticated forms of trusted identity.’

The research also looked at what steps consumers are taking to protect their digital identities when they are using mobile applications.

Worryingly it found that many are leaving back doors open to hackers as they sign up for automatic log on and select ‘Remember me’ and ‘Keep me signed in’ options. Of consumers using social media on mobile devices, 75% are automatically logged on to their mobile accounts. This figure stands at 72% for e-mail users, 37% for customers of shopping sites such as Amazon, 23% for mobile banking, and 27% for PayPal.

When asked if they were automatically logged in on more than one mobile device, the figures stood at 76% for users of social media, 45% for mobile banking, 46% for Amazon and shopping sites, and 54% for PayPal. 

28% of consumers admit they know the log in details for a friend’s, family member’s or colleague’s mobile device, and 60% rely on their memory to remember all passwords, suggesting they are choosing weak and easy to remember combinations.

One Response to “Security fears restricting mobile commerce”

  1. Security fears restricting mobile commerce | Australian Law Blogs

    […] Security fears restricting mobile commerce […]

Leave a Reply