Data Loss and ID Theft Fears Altering Consumer Purchasing Behavior

Data Loss and ID Theft Fears Altering Consumer Purchasing Behavior

With the headlines announcing almost on a weekly basis another data breach at businesses, educational institutions and medical facilities, a recent study shows consumers are modifying their purchasing behavior, including online buying, out of concern for the security of their personal information.

The "2007 Consumer Survey on Data Security" conducted by the Ponemon Institute, found that 62 percent of the respondents have been notified that their confidential data has been lost.

The high percentage of individuals that have been notified of a data loss event has contributed to increased security concerns, as the vast majority of those notified reported concern about the event. "Our research clearly shows that data breaches are affecting consumers’ trust in the organizations with which they share their data and, ultimately, their buying behavior,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. These data breaches have had a direct impact on consumer buying behavior, including reluctance to use their credit or debit card to make a purchase with a Web merchant they don’t know, and unwillingness to provide their Social Security number online.

“There a few big picture items in the study for financial institutions to ponder. One is that the average consumer has a different view of data breaches, and where they’re occurring. Financial institutions and brokerages are held to a higher standard, than say a retailer like TJX,” Ponemon noted. “For whatever reason, consumers tend to hold certain groups to a higher standard.”

Second implication Ponemon sees, “Consumers are aware that some data is more valuable than others, so they tend to know that social security numbers, and drivers license numbers, and other highly sensitive information like credit card and debit card numbers have greater value than other pieces of information. Those are the ‘holy grail’ pieces of information, and consumers tend to hold banks and other financial institutions to a higher standard, because they have given the institution this type of information.”

“It’s clear to us that consumers are getting smarter. Three or four years ago when we asked the same questions, (pre-data breach notices) they were less aware of the difference of say your social security number and the valuation of it, say compared to your mailing address.”

One other note Ponemon made regarding the types of data breaches, “It appears to us that many companies, including financial institutions, assume that if data is lost, say a tape falls off a truck, that it would be viewed by consumers as better than say if a criminal stole the information.” He added that if a criminal steals the information, and uses it in identity theft schemes, it would have longer, more costly implications for the firm.

“But what we found was that consumers don’t see it that way. The consumers feel more anger with a company who loses the information through negligence than if stolen by a criminal.”

The study finds that a majority of respondents are changing their purchasing behavior due to heightened security concerns:

  • 62 percent of respondents have been notified that their confidential data has been lost.
  • 84 percent of those respondents reported increased concern or anxiety due to data loss events.
  • 62 percent of respondents said that they would be more upset with a company that lost their information due to negligence than if that company lost their information as the result of theft.
  • 36 percent of respondents stated that they would not use their credit or debit card to make a purchase with a Web merchant they don’t know.
  • Respondents who have received notification are more cautious when sharing their credit card (43% vs. 32%) and debit card (44% vs. 32%). In other words, the findings suggest that breach notification may affect consumer behavior.
  • 45 percent said they would not provide their Social Security number on a website.

In addition, the study identified the top five consumer data privacy concerns: medical records, pharmaceutical history, credit card number, debit card number, social security number. A majority surveyed stated that they would be most concerned if their healthcare provider, pharmacy or employer lost their information. In this wide open world where information can very easily be copied, sent or shared, and over 100 million consumers have been notified of a breach of their personal information. Unfortunately, this has led consumers to have significant concerns about the security of their data, especially sensitive financial and medical information.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network