Chapell & Associates

Wednesday, May 31, 2006

Most Americans Are Taking Steps To Prevent Identity Theft, Poll Shows

Wall Street Journal Online - May 11, 2006
Few Americans say they have been victims of identity fraud, according to a new Wall Street Journal Online/Harris Interactive personal-finance poll. But a strong majority of them are taking steps to prevent the theft of personal and financial information that can lead to fraud.

About 3% of 2,120 adults polled said their identity has been used to open a phone, utility or other type of unauthorized account; 1% had a mortgage or line of credit opened in their name; and 2% said their personal information was used for nonfinancial fraud. Another 6% reported some other type of identity theft. Still, nearly three-quarters of respondents said they watch for suspicious activity on their accounts or shred mail that contains their account numbers.

The Chapell View
There's a lot of interesting data in this report, but there are a couple of points that seem particularly striking:

- First, one in four consumers report that they have begun to limit their "online banking transactions." This may make some amount of senese, given that banking information is some of most sensitive that consumers use online. But 80 % also say that they trust banks to "prevent others from accessing [their] sensitive personal information or account number." If so many consumers trust banks in this ways, why are they choosing to scale back their online banking?

- Second, retailers fare rather badly in the poll. Only 43 % of respondents said that they trusted retailers to safeguard their information. In addition, 30 % reported restricting their purchases from online retailers. Given the amount of purchases consumers make from retailers every day - and the limited number of data breaches caused by retailers (notwithstanding DSW, Sam's Club, and so on) - this is somewhat surprising. What reason to consumers have to distrust retailers over other businesses? And do consumers really feel so insecure every time they charge a latte at Starbucks?

Both of these questions have been asked before, as more than one report (for example, last year's Consumer Reports WebWatch poll) has made it clear that consumers view the online space as less than entirely conducive to their privacy and security. What is clear, I think, form this WSJ / Harris poll, however, is that the distrust that many consumers feel for the internet is beginning to bleed over into other areas of their business interactions.

Although only a minority of consumers will ever be victims, Identity Theft is a real enough threat, and consumers are rightly nervous. There is also the perception that identity theft is more likely to occur because of a consumer's online (rather than offline) actions. So although consumers may trust their banks, they're hardly sure if online banking is safe; and when it comes to businesses with whom they are have a less established relationship - such as retailers - consumers would much rather be safe than sorry.

When unsure of the risks, 'safe' means providing less personal information, and shopping less, online.

Consumers also reported taking a number of active steps, including checking their credit reports, shredding mail that has account numbers, and so on. These are all quite useful and effective methods of limiting identity theft, but only when ID theft occurs because of a consumer's own actions. In many cases, however, we're finding that ID theft occurs because of business mistakes (see last week's theft of 26 million SSNs at the Department of Veteran Affairs), and there's nothing a consumer can do.

Unfortunately, many consumers feel that the best way to avoid ID theft is to simply limit the information they provide online. This is a potential danger for any online business - and it hits especially close to home for those in the online marketing space. As John Greco, president of the DMA, put it in April, "Consumers are increasingly concerned about the level of trust they can place on marketers." Greco has argued that the way to build consumer trust (and avoid penalizing legislation) is to self-regulate the use of consumer data. Marketing data, he argued, should be used in line with "three r's: relevance, responsibility, and results." Although these are admittedly somewhat vague terms, what I think Greco is getting at is the idea of demonstrating value to the consumer.

Online marketers are hurt by consumer distrust because security fears lead them to provide no data at all to businesses - including less sensitive marketing data. If marketers can, through an effective self regulatory program, demonstrate that they are providing value from that provided marketing data, then this distrust may be limited. Which is to say, if a marketer learns that I'm interested in buying a new car, and uses this to provide valuable advertisements, is open about the knowledge he has about me, and ultimately leads me a purchase, I'm a lot happier.

If, on the other hand, I were to receive broadly targeted ads that lead nowhere, with no explanation, I might start to worry about who knew what about me.

Overall, this sort of industry self-regulation may go a long way to help consumers see that they gain some benefit from shared data - and let them focus on the steps they can take to ensure the safety and security of their data. Without such assurances - and something of a push in the right direction - they're likely to remain convinced that it's better to be 'safe' than 'sorry.'
posted by Isaac on Wednesday, May 31, 2006

© 2005 by Alan Chapell & Associates LLC