Continuing our series of end of 2017 / start of 2018 articles, Richard Menear, CEO of Burning Tree takes a look at the opportunities for cybercriminals to take advantage of the ever-increasing online spending of consumers – a trend that’s only going to continue in 2018.
This Christmas thousands will be spent online and in the Cloud by consumers buying gifts or taking advantage of sales before and after the big day. It’s the time of year for big-ticket purchases on new technology, white goods, and luxury items, as well as large volumes of smaller value sales on many individual transactions.
With e-commerce sites hitting peak traffic over Christmas and New Year, it also a time when cybercriminals are active, finding it easier to go undetected because of so much seasonal activity. E-commerce businesses will already have increased their security measures to handle this spike in volume, but it also falls to the consumer to protect themselves and ensure they don’t get scammed and their data is not used fraudulently.
If you’re thinking of hitting the online January sales, or have some last minute present buying to do, here are our tips for protecting your valuable data and your bank account:
Shop on trusted websites
It can be tempting to grab a bargain on an unfamiliar site when a product is offered at a very competitive price. However, you may find that these sites are actually scams designed to entice customers with bargain prices, take your money and then disappear overnight.
The adage that ‘if it’s too good to be true, it probably is’ is worth reminding yourself of if you think you’ve found a bargain. Moreover trusted websites like Amazon, Argos etc. generally have very competitive prices at this time of year, often with free shipping or click and collect, and therefore offer similar bargains anyway.
Look for security badges
Reputable e-commerce sites will also display security or ‘trust’ badges, such as Norton, McAfee and TRUSTe. If these are present it demonstrates that the company has taken measures to protect your data and that transactions are secure. Look also for the green padlock symbol at the front of the URL for a website. That indicates that webpage is secure and has been verified by a 3rd party authority.
If in doubt use PayPal or another alternative payment method
Many e-commerce sites use a hosted payment gateway to process card payments online. You will be redirected to a payment service provider like SagePay, WorldPay or Secure Trading and this should give you confidence that your payment card data will be processed in a PCI DSS compliant environment (removing it from the retailer’s IT environment). However, some companies have a self-hosted payment gateway, which will be branded as the business. For trusted websites like the big retail giants, you can be reasonably confident that they will have the security tools in place to handle your data securely, but for less well-known retailers you may want to question whether proceeding with a transaction is a good idea.
PCI DSS compliance is an expensive process and therefore most small retailers will use a payment service provider. If you’re unsure about the security of a transaction but wish to go ahead, we recommend that you use an alternative payment method like PayPal. This means that you won’t need to share your payment card details directly with the retailer, keeping this data secure.
Keep passwords and login details safe
Many of us have accounts with popular online retailers that enable us to make quick and easy purchases without needing to enter our details time and time again. Personal details can also be easy to access on our devices when forms have pre-populating fields.
Should your device or laptop fall into the wrong pair of hands it may be possible for a criminal to access your favourite e-commerce sites, make a purchase, change a delivery address, and pay using your PayPal account or even a payment card. Mobiles are most vulnerable as these are easier to lose or have stolen, and m-commerce websites and apps are designed to enable friction-free transactions. Make sure you use robust passwords on all accounts (don’t save them on your device), and most importantly protect your phone or tablet with a unique password.
Watch out for email and social media scams
An advert on Facebook or an email landing in your inbox could entice you to part with your hard earned cash for no reward. By clicking on a link (especially from an email) you could be a victim of a phishing attack or be redirected to a bogus site.
Best practice in this situation is to search for the site online and find the business directly. If the offer is genuine you will be able to find it by searching for the product from there.
While reputable online retailers are incentivised to keep your data safe (though fines for non-compliance and potential reputational damage if they suffer a data breach), there are plenty of cybercriminals looking to exploit the season of goodwill. Be sensible and protect your data, and always question whether a link, redirect or business is genuine.