- From: Steingruebl, Andy <asteingruebl@paypal-inc.com>
- Date: Thu, 28 Apr 2011 04:49:25 -0600
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
At the risk of embarrassing myself (as I haven't read the underlying report yet) an article about a recently released bit of research from Ponemon says: http://www.darkreading.com/authentication/167901072/security/client-security/229402309/few-consumers-victimized-by-online-fraud-report-it.html .......... Our survey results help validate the need and consumer preference for technology, such as device identification, to authenticate identity as opposed to using personally identifiable information," said Larry Ponemon, chairman and founder of the Ponemon Institute. "Consumers expressed much more willingness to share data like ISP, computer serial number, type and make, rather than information like date of birth and telephone number." Among the information they are willing to use for online authentication verification: serial number of their computers (88 percent); computer type and make (83 percent); ISP (76 percent); browser type (65 percent); IP address (59 percent); types of software apps running (54 percent); email address (46 percent); purchase history (39 percent); planned purchases (35 percent); birth date (34 percent); telephone number (17 percent); home address (16 percent); name (14 percent); ZIP code (9 percent); Social Security number (4 percent); and driver's license number (2 percent). Eighty-five percent say they are worried and unhappy with the protection online sites provide today, the survey found. A full copy of the report can be downloaded here. ...... I didn't dig in yet to see if they asked users how to expect to be asked to share that data, what they consider consent, etc. Still, perhaps an interesting data point. -- Andy Steingruebl Sr. Manager, Internet Standards and Governance PayPal Information Risk Management
Received on Thursday, 28 April 2011 10:49:51 UTC