General discussion


How savvy are you about online security? Take the test & find out.

By deepsand ·
Before reading the findings of a study, conducted by the Univ. of Pennsylvania, based on this test, try it yourself.

Seventeen Facts American Shoppers Need to Know - But Don't

For the press release, see
For the full report, see


Topics > Privacy & Security > Privacy > Online Privacy >

How Savvy Are You About Your Online Security?

U.S. residents are "dangerously ignorant" of the data that Web site owners collect on them, a study shows.

Juan Carlos Perez, IDG News Service
Wednesday, June 01, 2005

U.S. Internet users are dangerously ignorant about the types of data that Web site owners collect from them and how that data is used, a new study has found.

This lack of awareness makes U.S. Internet users vulnerable to online exploitation, such as personal information misuse, fraud, and overcharging, according a study conducted by the University of Pennsylvania's Annenberg Public Policy Center.

For the study, titled "Open to Exploitation: American Shoppers Online and Offline" and released today, 1500 adult U.S. Internet users were asked true-or-false questions about topics such as Web site privacy policies and retailers' pricing schemes.

Failing Grades
Most respondents failed the test, correctly answering, on average, 6.7 of the 17 questions. The study's interviews, conducted between early February and mid-March 2005, yielded some findings the authors consider alarming, including:

75 percent of respondents wrongly believe that if a Web site has a privacy policy, it will not share their information with third parties.
Almost half of respondents (49 percent) can't identify "phishing" scam e-mail messages, which information thieves dress up to look as though they came from a legitimate company, such as a bank or store, to lure users into entering sensitive information. Requested information might include Social Security numbers, passwords, and bank account numbers.
62 percent of respondents don't know that an online store can simultaneously charge different prices for the same item based on information it has on different shoppers--a practice that can make users victims of what the study's authors call "price discrimination."
To address the problems identified in the study, the Annenberg Public Policy Center is proposing three measures:

The U.S. Federal Trade Commission should mandate that Web sites replace the term "Privacy Policy" with "Using Your Information" to combat users' misconception that those documents are Web sites' pledges not to share their information with third parties.
Consumer education and media literacy should be taught in elementary, middle, and high schools in the United States.
By government decree, online retailers should be required to disclose what data they have collected about customers, and when and how they will use that data.
If you'd like to take the test yourself, go here.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Took the test...

by geekchic In reply to How savvy are you about o ...

I missed one because I misread the sentence. I would love to use this for some of my employee training classes on security. I especially liked the included explantions for the correct answers.

Collapse -

Excellent score.

by deepsand In reply to Took the test...

Now, start educating you family members, friends, etc..

Only when a sufficiently large portion of the populace truly understands their vulnerabilities will we see any real demand for better safeguards and/or more care given to using those that already exist.

Until then, we should not expect the con artists to seek greener pastures.

Collapse -

interesting test

by Jaqui In reply to How savvy are you about o ...

got one wrong, cause I don't trust any company to not screw me over.
( should have guessed true about that law. )

just goes to show ya, being security aware and non-trusting doesn't always cross into tests as such.

Collapse -

Still, you're way above average.

by deepsand In reply to interesting test

Given how poorly the sample population did, it's little wonder that it's become so easy for so many to take advantage of the weaknesses in the manner in which so much information is handled.

And, why there has been no greater public outcry for stronger safeguards.

Collapse -


by Oz_Media In reply to How savvy are you about o ...

I mad eit through most of the test, got bored. But it was pretty logical actually, I don't se ehow peopl ewouldn't see this as common knolwedge for day to day information and not JUSt computing. I suppose being in sales and promotions, I have learned how information is gathered, long befor ecomputers it was mainly done through contests and entry forms.

Though most rules are applicable in Canadian law, there were one or two that weren't. Canadian chairties have to get a check mark in a box or have you agree to the terms of the donsation etc. by signing it and thus approving the information share.

And one other but I forget which it was.

I think Jaqui didn't have a problem because even being Canadian, he said he doesn't trust anyone with that information, and rightly so in MOST cases.

But thanks for the excersise, it was interesting to see many people are clueless to these basic security measures, yet they are just common sense and in several cases are not unique to computer use but have applied to written information provided too.

P.S. Beyond securing a few ports and having anti-virus, anit-spyware installed, I am definitely NOT a security tech.

Collapse -

Dreadful that so many are so clueless re. non-computer related issues.

by deepsand In reply to Well

With all these sheep, why would the wolves even think about seeking new hunting grounds?

Collapse -

Why do they still print credit card numbers on recipts?

by jmgarvin In reply to How savvy are you about o ...

I scratch them out, but I just don't see the point. If you have the auth number, the last four of the CC, and the name of the person it is reasonable to assume you have the right number.

I've heard the crap that you can't fight the charges in court, etc, but it is all FUD.


Oh, the test was good, but pretty common sense.

Collapse -

It's a carry-over from the days when imprint slips had to be deposited ...

by deepsand In reply to Why do they still print c ...

by the merchant at his acquiring bank.

With the advent of the modem based POS terminal, and now the i-net virtual terminal, and the ensuing ubiquity of both, it's become an anachronism.

The on-net associations (VISA & MasterCard), along with the off-net issuers (AmEx & Discover) have issued new merchant policies addressing this practice, such that it will soon be the case that all receipts bear the 4 terminal digits (which are actually check-digits) only.

Collapse -

Many states...

by Synthetic In reply to It's a carry-over from th ...

already have laws making it illegal for the full card number to be displayed. I know in LA this is now the case. I make sure to nicely point out that this is now law, and hope to hear an acceptable answer concerning how this issue is being resolved by the business. If I do not get this, I report them, and make sure I let the owner/ general manger know they are in violation of the law, and that I will wait to resume my business with them until the have brought themselves into compliance.

Collapse -

Not controllable by the merchant.

by deepsand In reply to Many states...

POS terminals are dedicated processors, with embedded programs provided by either the manufacturer or the merchant's card processor.

All currently now on the market can be reprogrammed via a download from the merchant's processor. There are also many older machines in use that either cannot be reprogrammed, or cannot support the latest upgrades.

The mere passage of legislation banning the printing, on the POS tape, of the full account no. in the clear is not sufficient to make it so.

That rule needs to 1st be promulgated to both the merchants and the card processors. Merchants then need to wait until their card processor has a suitable upgrade available for their particular POS equipment; if their's cannot be upgraded, they then need to 1st procure new equipment.

None of this happens overnight.

In fact, merchants generally would not receive notice of such directly from the state, as the state has no way of knowing who needs to know such! Rather, they rely on the on-net card associations (Visa & MasterCard) and/or the off-net issuers (AmEx & Discover) , with whom they have merchant accounts, to keep them apprised of such.

As an aside, I notice that your post used the word "display," stating that "many states" prohibit such. What states prohibit, & what constitutes, the "display" of a credit/debit card account number?

Related Discussions

Related Forums