E-commerce isn't just increasing, it's evolving. The exponential rate of e-commerce growth has far surpassed mainstream security measures set in place to properly regulate online commerce and prevent consumer identity fraud. Every time a new e-commerce innovation is released, a new security risk is posed for consumers. With US e-commerce sales alone expected to grow 12 per cent in 2013 and e-commerce sales worldwide projected to hit $1.298 trillion (£850 billion) this year, the burden of determining how to transact safely online has fallen hardest on the individual consumer.
Today's consumer is confronted by a maze of different online commerce opportunities, choices, and decisions, none of which were available or even fathomable 20 years ago. E-commerce is gaining momentum and acceptance; previously risky online activities such as banking are now considered safe and reliable, yet popular methods used to access sensitive information online present serious security risks. Most consumers accept terms and conditions too easily and without a second thought, compromising online anonymity and privacy.
Although online commerce does present security risks, the consumer benefits of e-commerce far outweigh a return to in-store shopping. After all, driving to the shopping centre introduces the risk of a car accident; swiping a credit card at a checkout places us at risk of credit card skimming. There will always be risks, but as the e-commerce world evolves, we should embrace this dynamic industry and keep the following five fundamental security tips in mind.
1. Share with caution
Share only what is required. You should never share any more than is absolutely required, particularly when it comes to highly sensitive personal information such as national insurance or driver's licence numbers. Sellers create online checkout forms with fields for irrelevant details to gather customer data – but don't require such fields be completed. Skip the questions that aren't marked "required" with an asterisk and you'll significantly improve your shopping anonymity
Think before sharing devices. Reassess how freely you share the devices you use to make purchases. If you have a digital wallet app, it's not the best idea to let a stranger use your phone to make a call. If you keep yourself logged into shopping sites on your home devices, simply ask that guests use a different browser. Consider any device you use to make purchases comparable to your wallet. Sharing without thinking twice or taking basic precautions is just asking for a problem down the road.
Extra caution is advised if you use your mobile phone for any e-commerce activity. Jailbroken phones are generally not suitable for secure commerce usage, as rogue downloads are likely to lack reliable security features. Be wary of storing usernames, passwords, banking numbers, and other sensitive information on your phone, including within apps assumed to be secretive. If email is connected to your phone, never send highly sensitive information to others or even to yourself. Treat your phone like your credit card; if it's lost or stolen, one of the first steps to reduce collateral damage should be contacting your financial institution or credit card provider.
Furthermore, if you actively shop on a mobile device, you may want to consider a password manager, or other mobile security tool for advanced protection.
Shared Wi-Fi = unsecure Wi-Fi. As a rule of thumb, assume all shared Wi-Fi networks are unsafe for your sensitive data. Everything from an online bank statement to a Gmail account can be compromised when surfing the web on a shared Wi-Fi network. It's nearly impossible to accurately gauge how secure a Wi-Fi network is, and thus it's best to err on the side of caution.
You also want to ensure you are not connected to a shared Wi-Fi when making mobile transactions. Saved network passwords within your phone settings will automatically connect to previously used Wi-Fi networks without any notification. As a precaution, it's best to disable Wi-Fi on your phone before beginning any type of mobile transaction.
2. Verify all URLs
Verify URLs for secure connections. Regular online shoppers know to check URLs for "https" security when making transactions online, but many don't know how frequently to check. In every step of the checkout process, the URL of the site should be encrypted, that is, it should read "https" rather than "http."
It's also important to check for "https" when making purchases on the mobile web. Mobile purchases thrive off ease-of-use and convenience, making it even more important to take the time to check the URL.
Use URLs to verify site legitimacy. Verifying URLs is especially important in deciphering the legitimacy of sites discovered through advertisements and hyperlinks. Any link presented in an email, social media comment, or advertisement can bring you to a fraudulent website. To make matters worse, deceitful sites are often virtually indistinguishable from the legitimate sites. Regardless of how you come to a website or how clean-cut it appears, examine the URL. You don't need to understand all parts of it, but if the root domain name (the part following "www.") does not match the site content, chances are you should purchase elsewhere. If in any doubt, err on the side of caution, as ever.
3. Question before you buy, save without question
Question every site. One of the easiest ways to avoid online scams is to ensure you’re shopping with a legitimate site. Beyond checking the URL for validity, a simple two-step process will help ensure the site is authentic. First, check that the site you plan to make a purchase on has a valid "About us" or "Contact us" page with contact information listed. Second, confirm the company has some type of social media presence.
Google the site's domain; its Twitter, Facebook and/or LinkedIn accounts should be present on the first few result pages. Genuine companies will have active social accounts and an online conversation in place with consumers, whereas fraudulent sites are likely to show Google results of consumer complaints, warnings, or other scam indications.
Record all purchase details. After every purchase, make sure you have proof the transaction took place. You should always receive a confirmation number or emailed receipt along with tracking information for shipments. Keep all receipts and confirmation numbers, along with a copy of the site's contact information.
If you are uncertain about a transaction from the get-go, screenshot your confirmation page and any post-purchase information you receive on screen. Screenshots allow you to save details you don't yet know you need, such as opt-in boxes left checked for on-going payments or membership activations. Overall, the more documentation you have, the better.
4. Keep payment methods separate from bank accounts
Opt for credit, not debit card payments. Although both credit cards and debit cards can be used as a plastic payment method in-store, credit cards are best for shopping online thanks to the online fraud protection most offer. When you pay via credit card, the payment is technically coming from the credit card company as a loan, rather than a monetary payment deducted directly from your bank account. Any processing errors or excess charges can be easily caught on your credit card statement, if not even sooner by the credit card company's standard fraud protection measures in place.
Alternatively, debit card payments deduct money directly from your bank account, and can be much more difficult to retrieve or correct after the event. Debit card information is also a prime target for hackers, as it provides an easy route for accessing and draining your accounts.
Use virtual credit cards as needed. Some financial institutions and credit card companies offer virtual credit cards (VCC) for certain online purchases. Virtual credit cards are temporary payment cards, and come in the form of a physical plastic card, or as a generated credit card number, and they’re separate from your bank information. This type of disposable credit card payment method contains a pre-set spending amount, has a shorter-than-usual expiration date, and is equivalent to a regular credit card for most payments purposes.
Virtual credit card payments are usually charged to your credit or debit card, rather than directly to your bank account, essentially offering an additional layer of protection. When you pay with a virtual credit card, your banking information remains separate from your individual purchase, thus ensuring if the card number is stolen, hackers cannot access your accounts or re-use the card fraudulently.
5. You only have one online identity, so protect it
If you think you don't have an online identity, you're wrong. All you need is one email address or a Facebook account, and you already have an online identity formed. No matter how cautious you are in the e-commerce sphere, the best way to protect yourself is to monitor your online identity actively.
Protect your online identity on the social front. Online purchasing is getting more and more social, with 50 per cent of web sales projected to occur via social media by 2015. Each time you join a new site through the "Login with Facebook" option, you're extending your online identity further. In fact, an abundance of sites will first prompt you to become a member not by email, but by connecting a social media account. When you then go on to transact on these third-party sites while logged in via Facebook or Twitter, you are essentially connecting the account with a credit card.
Is it a direct connection? Technically, no. Will it be used to shape your online identity? Absolutely. Your social media presence defines your digital footprint to the point where companies are looking to use your social media identity to combat online payment fraud and your social signals to tackle identity fraud in the near future.
Once you realise that the majority of your online activity is interconnected, you can better defend yourself from making thoughtless choices that may endanger your data. Just like you shouldn't post something you don't want your employer to see on Facebook, you also shouldn't post anything you don't want a hacker to see, like a picture of your driver's license or passport, anything with a home address and any snapshots that include a visible credit card or credit card number. It's also smart to choose passwords, passphrases, and answers to security questions that cannot be derived from your online social presence.
Image Credit: Rexhep Bunjaku