A Third of Web Users are Too Scared To Shop

By Craig Buckler
We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now

credit card web paymentsAlmost a third of website visitors consider online shopping to be insecure and unsafe. A recent report published by the UK’s Office of Fair Trading found that 30% of internet users would not hand over their credit card details. The report concluded that consumer confidence is growing, but it’s occurring at a slow rate. Online trading could be held back for many years, especially when UK online sales are twice as high as the European average.

The issue of trust is not helped when large-scale security problems are covered in the press. In the past few days, Albert Gonzalez and two un-named Russian assistants have been charged with breaking into systems run by Heartland, an online payment provider for several large retailers including the 7-Eleven chain. Prosecutors have accused the hackers of stealing the details of up to 130 million credit cards with the intent of selling the data. If convicted, Mr. Gonzalez could receive a 25-year jail sentence.

Embarrassingly for the shops concerned, the credit card details were accessed using a SQL injection attack. Although the Department of Justice states this is a “sophisticated hacking technique,” developers have been aware about these attacks for many years. Whilst no system can ever be 100% secure, SQL injections can normally be thwarted with rudimentary data sanitization and securely-formed SQL commands.

Hacking “success” stories have an immediate impact. 7-Eleven’s online sales have certainly been affected, but the case will have a domino effect throughout the web.

In general, web shopping is safer than handing over your credit card to another person. However, when online security issues do occur, the consequences are far greater, they affect many more people, and the theft receives substantial press coverage.

The fact remains that a large proportion of users do not trust the web. Online shopping will never reach its full potential unless we tackle that problem effectively.

Have you been a victim of credit card or identity theft on the web? Do you trust online stores? Should payment providers be more accountable for basic security breaches?

We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now
  • Lisa

    I have been a victim of credit card theft, but I still do most of my shopping online and I know that shopping online is safer than using your credit card locally. Don’t forget that you’re protected from risk by just about every bank out there.

    Common sense tips: Only shop on secure sites, be wary of emails asking for account passwords (a legit company will never ask for your password), and if you’re not sure about something, listen to your gut and shop elsewhere. It helps to stay on top of your account activity so you can catch a problem early.

  • KV

    I just had someone try to charge $1400 on my card to Public Broadcasting. Luckily my CC company caught it, declined it and informed me immediately. One thing I’ve done in the past is always kept my online buying to smaller purchases so I keep a low limit ($300 – $500) credit card just for that. If someone does use it, they can’t get too much out of it…

  • All data on the web can be reached if one try hard enough. If you can log in to your bank account, so can someone else. No matter how hard anyone try, it is impossible to stop hackers, but the question is how do you react on these attacks. If you react effective you might be able to stop these and gain the needed confidence from the public. Please note I am not stating that nothing should be done to prevent these, as prevention is better than cure, but you should have an effective strategy for when it does happen, to react.

  • W2ttsy

    in the wake of all these attacks, it may be beneficial for online stores to start selling pre pay cards (both online and in bricks and mortar affiliates). Itunes Music Store is a good example of this. You can use a CC (like I do) or you can walk into pretty much any retail outlet and buy one of the $x pre pay cards. Not only does this keep your CC safe, you can also give the card to others (birthday, christmas, etc) or use it if you dont have/arent eligible for a VISA/Mastercard.

    I am currently developing a product that makes use of this sort of technology for exactly these reasons. If you provide the extra payment methods, then people cant use the “its not secure to use my CC online” excuse when dealing with your store. There are also plenty of APIs or service providers out there that offer pre pay cards.

  • Steffan Klein

    Hmmm. I assume the positive twist would have been: More than 70% of online users are happy to shop online …

  • Most of the internet users in my country do not buy online through credit card. I know that it is always secure if you buy from a secured network but still i myself don’t buy online by credit card. I think web shops need to make buyers feel more secure.

  • @Jacotheron

    All data on the web can be reached if one try hard enough.

    Agreed, but these hackers used SQL injections — a fairly rudimentary method — to grab millions of credit card numbers.

  • markfiend

    SQL injection ‘is a “sophisticated hacking technique”‘? lol

    Little Bobby Tables will get you every time (see Exploits of a Mom)

  • Niubi

    The problem is, fundamentally, that almost almost all (“secure”) programs are written with a backdoor feature included. All the hacker has to do is locate this backdoor and then exploit it. But I guess that’s life for you – there is no such thing as a 100% safety. So the best thing for people spending money on the internet to do is to have a personal strategy if – or rather, when! – things go wrong. Off the top of my head, I can think of

    * Pre-pay cards
    * ‘credits’, a system being used by some websites, like dubli. Basically the credits make a sort of currency similar to that in a casino. Fundamentally worthless – like money, really! but

    Both of these systems provide the main solution to the problem of protecting one’s main wealth: adding an additional barrier to access it. I think that’s the way forward in future, but hackers as ever are really rather devious.

  • rozner

    I’ve been buying stuff online for years and never really had an issue. Generally speaking as long as the site I’m buying from is in SSL (otherwise I’d stay away) I feel pretty safe. I also generally choose not to store my credit card info and rather enter every time, it’s not that much of an inconvenience and would have prevented my card being stolen by some SQL injection attack (which I agree with Craig is a very rudimentary form of attack). I’d say giving your credit card online is probably safer than giving over the phone or physically handing it someone, although that last one is not so bad anymore if you have a pin code on the card.

  • Dorsey

    My preference is to buy online, but then I’ve never (yet) been burned. I also request new credit cards periodically just in case.

    Unless I need something immediately, I love the selection offered by a nation-wide “mall”, and find exactly what I want, or better alternatives that I otherwise would not have known about. Not for nothing, I also like shopping 24×7 when the mood strikes me rather than waiting for a store to open.

    The downside is that I refuse to pay a shipping premium, so I have to plan a week in advance. What might slam the air brakes on this for me is if and when the U.S. government gets hyper-greedy and taxes all Internet purchases, not just those of businesses with a presence in my home state. I’ll probably then survey the online market to find what I want/need and make a local purchase, if possible, before ordering online.