Internet shoppers should be wary when using a credit card to pay for their next online shopping binge, Massachusetts officials said yesterday at the State House.
Many Massachusetts legislators said yesterday that consumers are not sufficiently protected from online identity theft – leading to a decline in online shopping – during a seminar about state and federal efforts to increase security and protect consumer data.
According to a Consumer Reports survey, 86 percent of internet users have shopped less frequently online in response to the risk of identity theft, while one out of every four completely stopped shopping online.
Lois Johnson, senior counsel in Policy and Governments Division at the Office of the State Attorney General, said though the organization is working toward protecting online businesses, consumers lack similar policies at the federal level to protect their own information.
Johnson said 35 states across the country have acted to ensure consumer protection, but Massachusetts is not one of them. She said the commonwealth must revise laws to protect consumer identity and to help fraud victims.
“We need to update the theft bill that we have on the books,” she said. “The state has to decide what the definition of ‘personal information’ is.”
Fifty percent of Internet users in the United States had their personal information exposed on the Internet last year, said Douglas Maughan, Homeland Security Department cyber security research and development program manager.
“No single industry can secure the entire infrastructure,” Maughan said.
“We are looking for more incentives for industries to be concerned about this problem,” he added. “We are trying to work as much as we can with industries to see this technology commercialized.”
Maughan said the U.S. government is securing some Internet domains, beginning with federal information systems, before addressing the daunting task of securing cyberspace entirely.
The U.S. government is encouraging industries to become more involved in researching and publicizing new technologies that would prevent online identity theft, Maughan said.
Saugusbank President and CEO Kevin Tierney said the companies –not just the government — should be held accountable for protection of consumer data.
“It might be something to mandate that any commercial website provide a private-identity policy,” he said.
Tierney said companies should provide prompt notifications to consumers when they face data breaches.
Sen. Michael Morrissey (D-Norfolk), who chairs the Joint Committee on Consumer Protection and Professional Licensure, said Massachusetts lacks the necessary support to protect consumers’ information.
“I think the response we have at the state level is very slow and very concentrated,” Morrissey said.
Despite the cost of such a policy, Morrissey said the Legislature needs to address the issue of identity theft.
“It costs a lot of money,” he said.,”but it costs a lot more money if you don’t do it.”