Safer Online Holiday Shopping

ByABC News
November 12, 2004, 12:57 PM

Nov. 16, 2004 — -- The good news for Internet shopping sites: U.S. consumers will spend more than $152 billion online this year -- a 25 percent increase over last year. The bad news: Fast-moving fraudsters are aggressively seeking to steal a bigger portion of that large sales figure by targeting online shoppers directly.

"Cybercrime used to be about hacking into servers of e-commerce sites and financial institutions," says Avivah Litan, vice president and research director of payments and security practices at Gartner Inc., a market research firm in Stamford, Conn. But now it "has moved to the end user: consumers."

Case in point: The rise of online "phish" or bogus e-mails that con Web surfers out of their personal information by masquerading as an official missive from a bank, online shopping site or credit card issuer.

"Fifty-seven million online adults said they received one of these phishing attacks last year," says Litan. "And about 3 percent recall responding to such e-mails and giving away information."

Such high-tech trickery has become an increasing part of the banking industry's larger concern: identity theft. According to a recent Federal Trade Commission report, ID theft already accounts for about $60 billion in losses annually. But by Gartner's reckoning, approximately $1.2 billion of those losses will come from phishes and other online scams.

In attempts to thwart the tide of Net losses, financial institutions are trying everything from increasing consumer awareness of Web scams to closer scrutiny of individual online transactions. Some banks and credit card issuers are even offering downloadable software designed to protect their members' security and privacy while shopping and banking online.

Last week, Citigroup announced it has made available online a suite of security programs from Webroot Software in Boulder, Colo. The programs will scour a member's computer for any hidden viruses and so-called "spyware," programs that clandestinely record data about a Web surfer as he or she cruises the Net.