Gadgets aim to clinch the Grinch.
In a recent survey, 43% of people said they'd do more than half their holiday shopping this year online. Yet, 80% of those big online shoppers fear having their identity stolen, says the study by security company Guard ID Systems. It's one of several firms recently out with improved safety-enhancing gizmos.
"Ninety-one percent of people use incredibly unsafe behavior for accessing and storing their most sensitive information," said Jerry Thompson, the company's chief executive.
Distracted shoppers have reason to worry -- they're especially vulnerable to ID theft, the Insurance Information Institute warned on Wednesday. Amid the rush, it's easy to become less guarded about personal information such as credit cards, personal checks, driver's licenses and Social Security numbers, the insurer trade group said. Some 3.7% of U.S. adults fell victim to some form of ID theft in 2005, the most recent year with such data, says a Federal Trade Commission study released in November.
Key fob-sized USB devices -- so you can take them with you and plug them into your PC when needed -- can raise the safety bar by storing and retrieving passwords, then automatically and securely pasting them into Web transaction forms when they're needed. Privately held Guard ID, based in San Mateo, Calif., has a gadget that does this. Its ID Vault product has a suggested retail price of $50 and is sold at Best Buy (NYSE:BBY - News) and other major retailers.
Smart Card Inside
Thompson says the value of the approach is that you can store passwords entirely off your computer, safe from malicious key-logging programs and worms. He calls it a "security envelope" for consumers who bank, shop or invest online.
"The hardware device looks like a little padlock. It's rubberized and kind of cute -- you can use it as a key fob," he said. "We happen to be the first company to take a smart card chip and put it on a USB device. The beauty of a smart card is (unlike programs on a PC) it can't be brute-force attacked."
Once the gadget's plugged into a computer, a user types in his PIN code to open it. But he only has three tries to enter the right code.
"If you don't, then it shuts down -- the processor kills itself and all the data inside is gone with it," Thompson said.
An application that comes with with the device is preprogrammed with a menu of more than 7,700 Web addresses, for financial institutions and major shopping sites. Users can click to automatically go to one and paste in their site usernames and passwords. That ensures they haven't accidentally typed in the wrong address or been lured to a phishing site that will steal their credentials.
The product will finish Christmas with more than 250,000 unique users and sales are expected to more than double this quarter over last, Thompson says. About a third of users are small-business owners.
Hush Communications' StealthSurfer USB drive (stealthsurfer.com) is another tiny device serving up security and privacy perks. It comes in several versions starting at $179. This gadget sports a self-contained Firefox Web browser, so a user can surf on a computer -- such as at an Internet cafe -- without leaving obvious Web tracks.
"It keeps all the surfing history on the USB device," said Ben Cutler, chief executive at privately held Hush, based in Austin, Texas. With the device, he says, Web travels are also encrypted to mask a person's IP, or Internet protocol, address and provide other protections.
Tells If Hooked By Phisher
The gadget also has a safe-keeper for passwords that automatically can fill out forms. Users get a year's subscription to secure Hushmail e-mail. And the device has space to carry along software programs a person can use, thanks to built-in virtualization technology.
"It basically runs Windows off your existing machine, but through the USB device," Cutler said.
An added benefit is that while surfing the Internet with the version of the Firefox browser that StealthSurfer uses, alerts can warn a person if they accidentally end up at a phisher's fake Web site.
"You get a fairly high degree of security when surfing the Web," Cutler said.
Forecaster comScore predicts $29.5 billion in online retail spending this holiday season, up 20% from last. The insurance institute says to make sure you're at a reputable retailer with a secure network.
One ID theft practice on the rise is phishing. E-mails typically pretending to be from a person's bank or a major retailer lure Web surfers to log on at what turns out to be a fake site, where their passwords, credit card and other data are stolen.
The number of phishing sites rose 18% in the first half of 2007, says security firm Symantec (NasdaqGS:SYMC - News), due in part to the availability of three phishing "tool kits" sold by hackers.
"They were heavily used to perpetrate phishing campaigns," said Oliver Friedrichs, a director for Symantec's security response section.