Most users think they’re savvy enough to shop securely online, but even the most security-minded and Internet-knowledgeable shoppers have been duped when making business purchases. Wise users need to overcome their over-confidence and brush up on online shopping best practices to avoid getting taken by a suave scammer.
Tips for Secure Transactions
The convenience of online shopping has transformed the Internet into a round-the-clock marketplace. Unfortunately, users’ familiarity with and frequency of online shopping can lead to careless consumer habits that have become a boon to clever cyber-criminals. Although online transactions will always have some risk, shoppers can protect themselves by applying online transaction tips:
Know who you’re buying from. If you’re buying from a site that’s new/unknown to you, taking the time to do a bit of research about the site and company could save you time, money, and frustration later. KrebsOnSecurity recommends you run a quick WHOIS search to find out more information about a site’s domain name. If it was recently created, be wary.
Don’t blindly trust the padlock. Many users have been trained to look for and trust the padlock symbol in the URL address bar as a sign that a site is secure. As mentioned in our earlier post, Don’t Be Fooled by Padlocks and SSL Certificates, more than 80% of respondents to a PhishLabs survey thought the padlock meant the website was safe/legitimate. However, this symbol really only means that the data going back and forth from your browser to the padlocked site is encrypted. The site itself could be a well-disguised phishing site just waiting for your “purchase.”
Trust credit over debit. Assume that every online transaction is part of a scam, and as such, you’re safer using a credit rather than debit card. Smart cyber-criminals can use your debit credentials to access—and empty—your checking accounts, leaving you with an empty account and stuck cleaning up the credit mess.
Fill the Online Security Gaps
Even using the latest best security practices, it’s possible to have vulnerabilities that make you more susceptible to online transaction risks. To find potential gaps, a security audit by an objective, experienced, and knowledgeable team can comprehensively identify deficiencies that could be putting your organization at risk of transaction-oriented fraud. Not to mention, it also opens certain types of organizations up to noncompliance with regulations such as HIPAA, SOX, and PCI. An effective audit will result in a clear view of your strengths and vulnerabilities as well as how to best address your company’s security shortcomings moving forward.