This Holiday Season, Shoppers Find It More Invasive to be Targeted In-Store than Online

By   ISBuzz Team
Writer , Information Security Buzz | Dec 02, 2013 02:53 am PST

ISACA survey reveals negative attitude toward location-based intrusion

ISACA, a not-for-profit global IT association, has conducted research in four different countries (UK, US, Mexico and India) of more than 4,000 consumers’ holiday shopping habits and opinions on privacy. The study revealed that the UK and India consumers are most resistant to location-based marketing tactics on mobile devices, such as stores sending unrequested discount coupons to their mobile phones and stores texting information about special offers when consumers walk past, with more than 70% of respondents in both countries saying that they would find these to be invasive.

Interestingly, according to the IT Risk/Reward Barometer, people in all four countries reported receiving a text message from a store as they walk by almost as invasive as if they were to go into a shop where the clerk knew them by name without ever having met them before. Sixty-nine percent of UK consumers would be happy to be sent a coupon on their mobile device so they can bag a bargain, but 47% would be unhappy if a shop assistant who didn’t know them greeted them by name. Across all countries, people were more receptive to being given discount codes on their mobile phones rather than being texted special offers that may not be relevant.

Out of all the countries surveyed, Mexican participants find short message service (SMS) location-based marketing the most acceptable, with more than 40% saying that they would not find it invasive. However, Mexicans are more reserved when it comes to online privacy and Mexico was the only country to find online recommendations based on browsing history and recent purchases more invasive than offline SMS and location-based marketing techniques.

“These insights into what consumers find invasive is particularly topical given the buzz around big data and marketing. There are plenty of exciting and inventive applications and ways marketers can sell a brand, but it is important not to lose sight of what consumers consider an invasion of their privacy,” said Ramsés Gallego, international vice president of ISACA. “It would be wise for brands to heed consumers’ feelings about the invasion of privacy—or at least provide transparency about the information they are collecting and how it will be used.”

Consumers in the UK and US are happier to be marketed to online rather than in-store, while respondents from India find online and offline marketing equally invasive. Nearly half (46%) of Indians find it invasive for web sites to recommend products online based on browsing history and 43% say even recommending products based on recent purchases is invasive. However, the UK, US and Mexican consumers don’t find this tactic as invasive as a website knowing their geographic location.

“Despite how much information people share online, they still cherish the concept of personal privacy,” said John Pironti, risk advisor with ISACA and president of IP Architects. “Retailers that use technology to try to save shoppers time and money without asking permission first may actually do more harm than help to their bottom line this holiday season.”

When it comes to holiday shopping, 18% of the UK, 23% of the US, 31% of Mexico and 49% of India consumers say they plan to do more holiday season shopping online than last year. The average time the UK consumers expect to spend shopping online is four hours, while the other countries nearly triple the UK figure, with each around 12 hours.

The figures from the related survey of more than 2,000 of ISACA’s global members showed that 39% thought their employees would do more holiday shopping this year.

ISACA offers the following tips to protect shoppers’ privacy and security this holiday shopping season:

·         Read privacy policies. Understand what personal information websites and mobile apps are requesting and how it will be used. If there is no privacy policy, it’s a red flag—your personal data may be sold without permission.

·         Be smart about location-based services. Don’t opt-in to beacon-type mobile apps unless you trust the retailer and their security and privacy practices.

·         Don’t shop from public wi-fi hotspots. When you surf the Internet on an open hotspot, hackers can spy on your activities and steal data such as passwords and credit card information as you enter it.

·         Beware of phishing. If you receive an e-mail asking for financial information because there is a problem with your order or account, call the retailer to confirm. Don’t reply to the email and don’t provide confidential information, like your credit card number.

·         Check it out before you check out. Before you pay, confirm that the site is secure by looking for the “s” in https:// in the site’s URL and check the lower-right corner of the page for the lock symbol.

For full survey results, including related infographics, visit

About the 2013 IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of 110,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2013 online polling of 2,013 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,216 consumers in the US, 1,001 consumers in India, and 1,001 consumers in Mexico. The US survey ran 16–18 September 2013, and the India and Mexico surveys ran 25 September–5 October 2013. At a 90 percent confidence level, the margin of error for each individual country sample is +/- 2.8 percent. A UK survey of 1,000 employed consumers was conducted by OnePoll on 2 October 2013 with a margin of error of +/- 3.9 percentage points at the 95 percent confidence level. To see the full results, visit


With more than 110,000 constituents in 180 countries, ISACA® ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT®, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x