Protect yourself from fraud while shopping online

By Marianne Curphey

Brits are spending more time and money shopping online or on their mobile phones. It makes for easy purchasing, but presents a special set of security risks. There are a few things you can do to help keep your information safe, though.

The majority of online purchases are made using credit cards, according to Centre for Retail Research's Online Retailing: Britain, Europe and the US 2014. According to the report, the UK online share of retailing is expected to rise from 12.1% to 13.5%. The report also forecasts that, in 2014, mobile online retail sales will grow in the UK by 62% (to £7.92 billion). This is equivalent to 17.6% of UK online retail sales.

With the numbers going up every day, it's vital to understand online security and protective measures. "Cyber security is really an arms race -- the smart guys get smarter and the bad guys get better at avoiding them," says Guy Bunker, senior vice president for products at Clearswift, which specialises in data loss prevention. protect-yourself-online

How fraudsters steal your identity
Bunker says fraudsters are looking for your credit card number, its expiry date and its CVC number (the card verification code on the back of your card).

"What criminals are developing now is a technique called ‘zippering,' where you take multiple pieces of information and build up a profile of the person," he explains.

Thieves might find out your house number or phone number from one website, glean details about your family or habits from social media profiles, or get you to register on a bogus site and inadvertently provide them with more details.

"As security, you are often asked for passport details, your postcode, date of birth and your mother's maiden name," says Andy Heather, vice president for the EMEA region at Voltage Security, which specialises in data encryption for international banks, merchants, retailers and healthcare organisations.

"These security questions are so common they are laughable," Heather says. "When criminals link that with some of the stuff that people are willing to put on social media and Facebook, they can soon build up a good knowledge base about someone so that they can send a phishing email that is very specific to their circumstances."

Dealing with a company that suffered a breach
If you plan to purchase from overseas retailers, you may be wary of companies that have suffered a high-profile data breach. While these retailers should have, in theory, ramped up security after the breach, you shouldn't rely on that theory.

"If a company has been breached in the past then hopefully their systems would now be locked and in better shape, but you really don't know," Bunker says.

In fact, many organisations that offer online services may not even be aware that their systems have been compromised, says Heather. "Sometimes breaches involve small amounts of data being stolen over a long period of time," he says, "and companies may not even know that it is going on."

Ways to protect yourself
If you have been careful with your password or other important security information, the financial risk -- and loss -- of fraudulent credit card use will rest with your bank. However, if your identity has been stolen, you may find that your credit record has been compromised, so it's vital to make every effort to shop safely.

"Put in as little information as possible when you are registering and do not use the same password on various systems," Heather warns. He says you should not leave your credit card details on a website unless you really trust that website.

Martin Warwick, a principal fraud consultant at FICO, suggests the following tips for safe online shopping:

  • Sign up for 3D Secure, e.g. Verified by Visa, which is a password protection scheme for online purchases that works similar to using a PIN at the ATM.
  • Try to shop where you see the secure padlock sign or ‘https' in the URL bar (the "s" stands for secure)
  • Banks will never ask for passwords, PINs or other secure personal information to identify you as a customer, so never disclose them -- that could be a sign of dodgy dealings

At the end of the day, "if you are shopping online, then just be aware that if a deal [seems] too good to be true, then it probably is and there could be a scam at the end of it," Bunker says.

See related: How easily can frausters hack contactless payments?, Old-style scams increasingly used by fraudsters

Published: 18 November 2014