Twelve Golden Rules for safer online shopping
Despite the carnage wreaked on the High Street by the credit crunch, online retail demand remains strong. Indeed, it’s projected to grow in 2009 as economic conditions remain tight and competition between web retailers for online spend heats up.
An early indication of this counter-cyclical trend was the significant growth of Christmas Day online trade in response to early January sales, and the substantial discounts available online from traditional High Street vendors.
Sadly, there’s a downside to all of this. As you might have expected, the credit crunch has also had the effect of bringing more scammers onto the Internet than ever before. As scammers become more sophisticated and people become more desperate to find ways of making money during the recession, consumers shopping online need to be far more vigilant and wary as to the various pitfalls involved.
As an IT security expert who shops frequently online, I’ve outlined some of the few basic Internet security measures and ‘must do’s’ that we in the IT security sector adhere to in order to make sure we shop safely online and avoid falling foul to the many scammers, exploiters and opportunists who are all-too-ready to pounce.
The Twelve Golden Rules for shopping safely online
Rule One
Most Malware exploits are known problems with software and operating systems. The hacker – or code writer – is relying upon people being lazy and not keeping systems up-to-date.
For this reason, it’s very important to keep your anti-virus product up-to-date with the latest signature files (this usually happens automatically in the background with most commercial anti-virus products) and operating system updates from Microsoft. This reduces the likelihood of malicious code or key-logging software running on your PC without your knowledge, transmitting your details to fraudsters across the Internet.
Rule Two
Never go online without ensuring you have your personal firewall enabled. This personal firewall adds a layer of protection to the PC by preventing unknown connections to it.
The personal firewall included within Windows XP and Vista is generally considered to be insufficient. They can control data coming in at the PC – in other words, an inbound filter – but cannot properly control outbound connections.
If your PC is infected by malware, you could be sending out Spam or other data on to the Internet without your knowledge. By adding a personal firewall you can control and stop unwanted outbound connections. There are a number of personal firewalls on the market, both free and paid for. Some anti-virus vendors include personal fire-walling as part of their products.
Rule Three
Don’t ever select the ‘remember my password’ option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some malware is designed and written to go and search your PC for these passwords. In addition to this, if you use a laptop that is lost or stolen, the passwords go with it.
Rule Four
Ensure that your credit cards are registered with your card provider’s online security services such as ‘Verified by Visa’ and ‘MasterCard SecureCode’.
Rule Five
Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
Rule Six
Be sure to use a credit card and not a debit card. The bank provides you security guarantees with a credit card that are not given with a debit card. Don’t be tempted to take your shiny new platinum card on an online shopping spree.
Check statements… and look for the padlock!
Rule Seven
Be sure to check your statements regularly, and if there’s any sign of irregular activity you absolutely must report it to your bank immediately.
Rule Eight
Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details. Recently, Verisign has added the green display bar to show a web site with an Extended Validation certificate (this means the encryption key has been made strong, and the site has external validation).
Rule Nine
Make a habit of checking the site’s privacy policy for details of how your personal information will be used and only provide the minimum of personal information, particularly in on-line forms.
Rule Ten
Never shop from sites that you arrive at from clicking links in unsolicited marketing (ie spam) e-mails.
Rule Eleven
It’s important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server. This creates a single big target for a hacker to go after.
If the vendor’s web site is breached, your details may well be compromised. The Payment Card Industry has recently introduced its own Data Security Standard to try and protect this data at rest. That said, the standards aren’t yet fully enforced and this risk exists for all credit card transactions, not just those conducted over the Internet.
Rule Twelve
Finally, don’t rely on previous customer’s testimonials. They are part of a sellng organisation’s marketing and not necessarily factual. The Golden Rule of commerce is still the same as it ever was…. if the offer looks too good to be true, then it probably is.
Don’t be lured into unsafe territory
These are the rules I follow as do many of my colleagues. Internet shopping is only going to become more popular, and the scams surrounding it more sophisticated, so make sure you’re not caught out by being lured into unsafe territory.
By following these rules, you can log on and access those Internet bargains both safely and securely.
Andy Dalrymple is the managing consultant for information risk management at Global Secure Systems (GSS)
Twelve Golden Rules for safer online shopping
Despite the carnage wreaked on the High Street by the credit crunch, online retail demand remains strong. Indeed, it’s projected […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources