A quarter (22%) of shoppers use guest checkouts because they’re concerned about handing more personal data over to e-commerce providers, according to a new study.
E-commerce search specialist Empathy.co commissioned Censuswide to poll a representative sample of 4000 British consumers to better understand their online preferences.
It revealed widespread mistrust of online stores and a desire to gain more control over personal data.
Only 13% said they’re not concerned about how their data is used at all, while over two-fifths (42%) claimed that they’re extra careful when providing personal data and accepting legal notices.
A further two-fifths (40%) agreed that they don’t like being asked for unnecessary or sensitive data.
They’re right to be concerned. Although there are strict GDPR rules around what organizations can do with data subjects’ information and how they must protect it, online retailers remain a popular target for fraudsters.
A common tactic is account takeover (ATO), where scammers use credential stuffing or other efforts to crack open customers’ online accounts and raid them of personal data stored within or try to make purchases with stored cards.
A survey from April by fraud prevention specialist Ravelin revealed that 45% of global retailers have seen a spike in ATO of late. In October 2020, Akamai claimed 60% of credential stuffing attacks detected over the previous two years were targeted at retail, hospitality and travel businesses, with most of these (90%+) affecting retailers.
Empathy’s research also revealed 28% of consumers would like to take back information from brands they don’t like or trust, while 37% want more control of the data businesses have on them.
These sentiments may be a sign that consumers still aren’t aware of their rights under the GDPR, which has provisions for data subjects to have their information deleted under the “right to erasure” principle.
There are also parts of the law that make it easier for consumers to object to how their data is being processed and/or whether or not their consent for processing was informed and freely given.