The Dutch Central Statistics Bureau recently reported that almost 450,000 Dutch consumers have been victim of online shopping scams. This is an increase of 0,4% from 2012. In the United Kingdom, a quarter of the population has been victim of identity fraud, as reported by a study commissioned by the UK Fraud Prevention Month. The report also said that UK residents are also more susceptible to identity theft than in other European countries.
So how can we protect ourselves from being a victim of online fraud when shopping online?
Is it safe to buy stuff online?
Online shopping, let’s say with Amazon or Apple is a very convenient way to get our hands on the stuff we need. Whether it is an electronic gadget, DIY equipment, Grocery items etc., we could easily place an order via an e-commerce website (e.g. www.tesco.ie) and expect the item on our doorsteps even on the same day. Clever isn’t it?.
Perhaps we could all agree that online shopping is heaven-sent particularly for people who only have few minutes to spend for this time-consuming chore; the pros’ list is obviously long but what about the cons, it has got to have some, well absolutely and security tops the list. The primary concern among online shoppers is still privacy and security of online transactions. While it is true that modern operating system -Windows 7/8 or Mac OSX Mavericks- and Internet Browsers -IE 10, Chrome and Safari- have better security features compared to their ancestors, and all the latest networking devices and protocols (technical stuff that makes the Internet work) are far better in combating hackers’ activities, the bad guys have found an effective way to circumvent all these security features by focusing on a the weakest links: Users and Web Applications (e.g. Facebook, Tweeter, Instagram). I am not claiming that Facebook is not secure; I am just saying that these types of web application, because of their popularity, have become an obvious and easy target. I had gathered volumes of information about data security as part of my Thesis Dissertation on the security of cloud computing, but since graphs and numbers are less exciting, I will save you from the pain, here are some of my key findings and recommendations.
The Problem: Credit Card Information theft
If you misplace your credit card, you could call the issuer and have them cancel the old one and give you a new card, problem solved. The problem with online transaction is that the purchaser doesn’t need to present the physical card, sure the e-commerce site will do all sorts of verification, but once a hacker got all the information necessary to pass the verification, you are in trouble. The hacker could study the pattern of your online transactions and use it to avoid detection. The people who can monitor their monthly bills are partially immune from this, but for people who buy a lot of stuff online and don’t review their monthly bills, bad news for you guys. While many credit card companies allow reversal for unauthorized transactions, the process is time consuming and the bank could turn down your request for if the evidence is not sufficient. Prevention and early detection are of course the best solution rather than remediation. So here are some of my top picks to prevent this problem.
Tip #1 – The most obvious don’t do, but people do it anyway.
Unless you absolutely trust an e-commerce site, never provide your Credit Card Details. The best alternative is the use of PayPal. PayPal has a very good reputation in keeping your financial details safe. It offers extra layer of protection by not showing your credit card details to the shop owner’s server.
I won’t enter my card details on to Charice’s online store for two obvious reasons It does not use HTTPS, which means the data can easily be intercepted and read by third party. The absence of the lock symbol means the data will be sent as is. It is like sending a letter with unsealed envelope via regular (unregistered) post.
I don’t know where my financial information will go, who will have access to my account and how safe Charice’s server is. Hackers normally use name of reputable companies as part of their website names so website name cannot be trusted, you have to make sure that the site is a legitimate website. Charice’s looks legitimate but it clearly doesn’t operate in a secured way.
However I didn’t have that problem with Amazon which has a very good reputation in terms of securing customer’s financial information. It is a huge company with adequate resources to put all the security components required to safeguard the online transactions. Notice the use of HTTPS and the lock symbol.
Tip #2 – Avoid doing online shopping when using a public network, do this at home using a private PC.
Having a dedicated PC for online transactions such as online shopping, booking airplane tickets, paying bills, online banking etc. is highly advisable. If possible don’t use this machine for reading emails, for social networking, general surfing and other non-essential and unsafe online activities to make sure that you will not accidentally download malicious program into it.
Tip #3 – Use a separate card with lower credit limit for online shopping.
Some credit card companies offer a separate card exclusively for online purchasing. For example BPI offers the BPI e-Credit card, you are free to set its credit limit, and it has a different card number so your main credit line is safe.
Tip #4 – Avoid opening any other websites while doing online shopping.
You don’t want to invite muggers to follow you to the shop and see what you bought and mug you afterwards right? Same concept here, some websites are actually mugging site, these websites serve as an attack point for hackers. The attack they employ is called Cross Site Scripting (XSS), this is a two day course so I won’t attempt to explain the technical details but the point of this attack is to use a mugging websites to penetrate a secured one (e.g. Online Banking Application, E-commerce, etc.) with the goal of extracting financial and personal details of the target.
As mentioned earlier, the weakest links are users and web applications. I could talk about this topic the entire day but I will summarize it this way, a click on a link or even a simple Facebook like could mean allowing hackers to download something into your machine and listen and watch on everything that you do, that also means that they could see your credit card and other personal information. That is why having a separate machine for less secured online activities is advisable. This way you don’t have to worry whether there are muggers waiting to mug you as you have nothing there for them to mug.
Tip #5 – Don’t share too much information on Social Networking Sites
You are not supposed to put your home address, mother’s maiden name, birthday (I understand if you want to share this anyway), visa Information, passport information, social security number, among others on a social networking site. Making sensitive information freely available on your Facebook page may not result to a credit card information theft, particularly if you don’t have one, but it may result to identity theft. The main point here is that, if the information is used by banks and other financial institution to verify your identity, never share it with anyone or any application online.
The bottom line
While nobody could guarantee the absolute security of online transactions, online shoppers can minimize the risks of being mugged by taking a number of steps to protect their financial and personal data. Even if you don’t do online shopping and you don’t have a credit card, you must still protect your personal data to avoid identity theft. You don’t want to wake up one day owing your bank a lot of money for the goods that someone else’s bought online using your credit card you didn’t even know you had.