One in four users have had an online service hacked but remain unhappy about additional security methods

Almost a quarter (24 per cent) of UK consumers have had their account hacked or data stolen for an online service, with five per cent having been compromised more than once, according to new research commissioned by CertiVox, a leading provider of authentication and encryption software and services. When asked about the services for which accounts had been hacked, the majority of incidents involved email or social media accounts, but it was found that 13 per cent of the incidents involved banking or credit card accounts.

Despite the number of consumers who have had data compromised, users do not believe that security should be implemented at the cost of user experience. When asked about specific security procedures that are common when using online financial services:

• 39 per cent said that needing to have a token generator (key-fob with separate password number) was either a hassle or a lot of hassle
• 40 per cent felt the same about having to answer additional security questions such as ‘first pet’s name’
• 53 per cent were not happy about having to verify security details over the phone before accessing accounts
• 46 per cent of respondents identified waiting for a password to be sent via text message as a hassle or a lot of hassle

Despite these findings the importance of security is acknowledged by users, with 43 per cent of respondents saying that their general attitude towards additional layers of security was that they could be a pain at times, but are needed.  Perhaps unsurprisingly, given the number of people who have had accounts or data compromised, the research also found that only 60 per cent of respondents trust the username and password authentication process as a secure way to access online services. 26 per cent don’t trust the process and a further 14 per cent are unsure.

The research, conducted by Populus among a representative sample of 2,012 UK respondents, also looked at the actions consumers would take following a data breach, and found that a huge 25 per cent of respondents said that they would terminate a service immediately if their account was compromised or data stolen. This is an alarming figure for financial services organisations coping with a growing number of security threats while trying to retain customers in an increasingly competitive market.

Commenting on the findings, Brian Spector, CEO of CertiVox said, “This research shows that many consumers are coming round to the thinking of the security industry: that the username and password authentication system is not secure enough to protect their data. However the same users are not overly happy about the user experience offered by additional security measures implemented by financial services organisations.

“It is also clear from the research that organisations which do not secure their users’ data adequately are likely to start seeing users move away. This should act as a prompt to organisations everywhere to consider their security more carefully than ever before while realising that it should not be at the cost of the user experience.”

Methodology
The research surveyed a UK representative sample of 2012 adults (18+) on their views on online security in December 2013. Specifically consumers were asked about their views on the username and password system, additional security measures, and their own experience of online security breaches.