Safe Use Of Online Shopping
When you use the internet, it doesn’t matter where you are in person. You can view the same web pages and shop on the same online store without having to physically enter the store. This provides huge advantages for online shopping over conventional shopping. No traffic hassles, no parking problems, no “fighting” the crowds of people visiting in the shopping center!
Before the World Wide Web, people used to shop around looking for the best gift for the best price. Now, the story is a different. You can do everything you’re your own home 24 hours a day, 7 days a week. You can browse and select products; purchase and gift wrap; and even organize delivery of the goods online, anytime and anywhere in the world.
But, just like any other good thing….there are risks that come with online shopping. You can easily become a victim of phishing, identity theft and fraud. So you must take precautions to ensure that you and your family are always safe when you’re shopping online.
As noted many times in this book, the most common examples of online fraud are phishing scams, auction fraud, credit card fraud and online shopping fraud. In chapter 4 we have looked a number of examples of how these scams work. If you are unfamiliar with these scams please review them before continuing.
“Defense in Depth” is the Best Security Strategy
As I have said many times, everyone has to take responsibility to protect them from online fraud. You are a wise person because you are educating yourself about internet fraud by learning and adopting simple proven internet safety practices.
In chapters 16 & 17, we looked at protecting your home computer network using a “Defense in Depth” security strategy. Here, we looked at seven different layers of security. If you’re not sure about this strategy then you should re-read this chapter. This is the best security strategy you can use when you’re shopping online. This chapter builds on the principle taught in these chapters.
Fighting Against Spam
If you intend to surf the Internet, then the best thing you can do is to install an internet security suite.
Many internet security suites like Nortons Internet Security have spam & phishing filters as a standard features or at worst an optional downloads. The spam filters use in-built rules to detect and filter spam & phishing e-mail into separate files.
Spam filters also blacklist the offending mail preventing it from reaching you. If your spam filter is working well, you will never see the spam unless you locate the file in the security directory and view it.
However, even if you have the best anti-spam software in the world, spam can still evade your spam filter and end up in your inbox. You also need to know how to detect spam and deal with it correctly.
Here are some of the important features that you should look for when choosing the “ideal” spam filtering subscription….accuracy and false-positive rating.
Accuracy ratings refer to the percentage of legitimate e-mails that successfully reaches the user’s inbox after being filtered. The accuracy of several spam filtering subscriptions are continually being tested by passing thousands of e-mails through the spam filter.
Today, a spam accuracy rating of 80% is very poor. You should expect a minimum rating of 95% and some anti-spam subscriptions have accuracy ratings as high as 98% to 99%. The False-Positive rating is the percentage of legitimate e-mails that have been wrongly identified as spam. This rating should be less than 1%. Different computer publications such as PCWorld and PCMagazine offer reports on the accuracy and false-positive ratings of spam filtering subscriptions.
The cost of spam-filtering subscriptions has to be measured against the services it provides….ultimately you get what you pay for! A subscription may be expensive but it may be worth paying for its quality features, speed and control. Sometimes choosing a lower cost provider means paying more in lost time and poor output performance.
A good spam filter should fit your specific needs. It should be flexible in its configuration so that it meets your needs. It should also provide automatic updates.
There are some simple rules that you should follow:
When you detect spam in the email box, never respond to the spammer.
Avoid opening your spam messages at all….just delete it.
Whenever a pop-up window appears from someone you don’t know…just delete it! They are mostly scams.
Do not close your mail box or blog without signing off completely.
Use usernames and passwords that are hard to guess. You should review Chapter 17 for rules about creating and using strong passwords.
How does shopping online increase the risk of identity theft?
Using shopping carts in unsecured websites dramatically increases the risk of you becoming a victim of identity theft.
I learnt that lesson the hard way! In chapter 1, I told you my story as to how I twice became an identity theft. The first time was 1995 by people with whom I shared a residence. At the time, this was the most common method of identity theft.
In 2001, I became a victim of identity theft victim a second time. Online shopping sites were in their infancy and internet security technology was not as advanced as it is today. Unfortunately, I made a credit card payment for a product sold on an unsecured website. My personal data was stolen and my credit card was charged with a number of fraudulent purchases. Fortunately, I discovered the fraud early and the bank was able to stop it and limit the damage.
Be warned! There are still unsecure online shopping sites operating today.
Please do not use them!
In chapters 3 & 4 our story, our poor fall guy Victor, uses the internet for online shopping. He has no sense of security and suffers immensely. If you are not sure about what can happen to you when you are on the internet, then you would do well to reread these chapters.
Learn how to read a websites’ privacy policy
One of the most important steps to protecting your privacy is to be able to know how to read a websites’ privacy policy.
Australian privacy laws don’t enforce the use of privacy policies or the information that should be included in the policy or how it should be presented. Further there is no industry body which regulates online privacy policies. Therefore you should know what to look for when reading the privacy policy of the website you are visiting.
You should expect that a privacy policy be made available to you in writing if you are asked to provide personal information. In the “bricks and mortar” world, financial institutions, health facilities or other businesses that collect your private information, can be asked to show you their privacy policy before you give them that information.
If the company does not you with a privacy policy, then you should consider doing business elsewhere. Websites should show of respect to their customers and tell them how their information will be used.
In the online world, you will find privacy policies posted on their websites. The privacy policy tells you the steps they will take to protect your identity or to inform you of how they will treat the information you provide to them. Simply having a privacy policy does not guarantee you any level of protection, at all. However, to understand what information is protected and what is shared you must read the websites’ privacy policy.
Each website has its own criteria for its privacy policy. Some websites give full protection including encryption of passwords. Further, they will not provide your information to any third party. Other websites will tell you that your information will be shared with any affiliated companies or business they feel you would be interested in hearing from. Therefore, you must read the policy to be aware of the steps being taken to protect you.
Here are some of the items to look for on a privacy policy:
What Information is Collected and Why?
When a business is requesting personal information from you, it is reasonable to ask what information will be collected and why it is needed. If they request information that isn’t relevant the website should clearly state why they need it.
If there is no explanation for the request try to avoid giving the additional information or ask them why they need it. Asking for your income or the name of your spouse is the kind of information you might question providing without reasonable cause.
How is the Information Collected?
While filling out paper forms are straight forward in the “bricks and mortar” world, providing information is very different in the online world.
You need to find out from websites how the information is being collected. Information can be collected in web forms or by electronically “behind the scenes” programs called cookies that are automatically installed on the visitor’s computer. Cookies track information about the web pages users click on, how long they spend there and the web address.
This information can be tracked with or without your consent. Usually it is done to facilitate the company’s marketing research or to assist you by using your information from previous visits. You should be able to find out what information is automatically stored by reading the privacy policy.
What is the Information used for?
If the online business asks for your personal or financial information you have a right to know what it will be used for.
You must know if it is only used to complete the transaction? Or will they view a purchase as permission from you to market to you again in the future? Or will they sell your private information to other businesses? This information should be available in the websites’ privacy policy and information on how you can ‘opt-out’ if you wish.
Who Will Have Access to Your Information?
Will the private information you have provided be sold or rented to other people or businesses? Will the website share your name, email address or purchasing habits with other affiliated businesses? These policies should be clearly outlined in the privacy policy. If they do sell or rent the names on their list, then you may wish to limit the information you provide to them…or deal with them.
Watch out for terms like “partners”, “affiliates” or “sponsors”, since you will have no idea who will be receiving your private information.
How Secure is Your Information?
What steps has the website taken to protect your personal information? Any transaction where you enter and submit personal information should have SSL (Secure Socket Layers). SSL will encrypt the information so that it can’t be read by others during transmission. We will discuss website security in detail later in this chapter.
Can You Correct Your Personal Information?
You should be able to review and/or correct information that will be collected about you. The steps should be clearly stated in the privacy policy and should be convenient and inexpensive.
Can You ‘Opt-Out’?
Wherever your information may be shared you have the right to ‘opt-out’. In some cases you can click an opt-in or opt-out box when entering your information. Make sure that these small boxes haven’t already checked as “default”, since legally you are implying that you are accepting the offer even if you haven’t personally checked the box.
The privacy policy should also give you directions on how you can opt-out if you weren’t given the option when you entered your information.
While this list is not exhaustive these are the main features you should look for in a websites’ privacy policy. The other information that should always be listed in the websites’ privacy page is a contact name, address and telephone number. You should always be able to speak to a real person regarding the websites privacy policy.
How do you detect online shopping scams?
Scammers love online shopping because it is very easy for them to target victims. Shoppers’ have to distinguish between an honest trader and a scammer. This is not as easy as you may think!
Scammers are professional sales people who use proven social engineering techniques to trick you into doing something you wouldn’t normally do. For example, scammers may pretend to sell you a product online at very cheap prices; but they are actually looking for your credit card or bank account details. They may take your money and send you a faulty or worthless product – or even send you nothing at all.
The important thing is that when they make a sale, they have captured what they want…..your sensitive data like name, address, credit card number, bank accounts etc. They have tricked you into giving them your sensitive details in exchange for a worthless product!
Buyer Protection Schemes
Many online businesses put a lot of effort into protecting their customers from scammers. Some websites provide buyer protection schemes that will cover you if you are the victim of fraud.
Credit card companies Visa and MasterCard; payment processing companies PayPal & ClickBank; and banks around the world have buyer protection schemes.
If you buy something through eBay or PayPal and it never arrives, or if it arrives significantly different than originally described by the seller, then you’re eligible for a full refund. Check out PayPal’s Buyer Protection policy, and learn how to open a dispute.
If you ever see a transaction in your PayPal account that you didn’t authorize, you should report it immediately to PayPal. They will begin an investigation and help you get your money back. You can learn more about this process here.
You should also be aware of sellers on online auction sites. They may offer to make a deal to you outside of the terms of eBay website. This is usually a good sign of a scam. You will also lose any fraud protection that eBay may provide.
You must stay one step ahead of the scammers. The SCAMwatch website provides detailed advice about online shopping & auction scams, internet scams and many other scams that target you. You can learn how scams work, how to protect yourself, and report a scam via SCAMwatch.
Basic Tips for protecting yourself when shopping online
Here are some important safety tips for online shopping:
Use your credit card instead of a debit card: Credit cards offer better protection against identity theft than debit cards. For instance, when you use a credit card, your liability for any fraudulent charges is maximum $50, on the condition that you report the fraud within 30 to 60 days and you weren’t party to the fraud.
On the other hand, when someone gains access to your debit card, and they clean your savings account, you may not be able to recover any of money at all.
Use disposable credit cards: A recommended way to use a credit card is to get a disposable credit card. This works like any gift card from a bricks and mortar shop. You load it with a specified amount of money and the card is good until that amount is consumed. Then the card becomes worthless.
This will protect you from identity theft. If a disposable credit card is stolen, the criminals will only gain access to the unused amount on the card. They cannot reload the card with additional funds.
Check the website security. Before making any payments online through shopping cart sites, you should check the site’s security. There are different levels of security available.
You can check the URL web address. This is the box in the web browser where you type the website’s online address e.g. www.anystore.com.
A secure website will start the URL web address with HTTPS:// instead of the usual HTTP: //. Also, you should see a small lock icon in the screen which indicates that the site is a secure.
This security level means that the online stores database and data transmissions for your transaction that made over the internet have been fully secured. The transaction is locked and receiver must use the correct key to open the transaction….just like a key to a house!
Data transmissions that should be secured include:
Notification emails;
Online downloads; and
Payment transfers between the site and other sites.
A single online transaction will access the databases of a bank, a payment processing company, a credit card company and a secure online storage company etc.
Don’t shop online from public computers. If you want to shop online, then do so from the comfort of your own home. This ensures that you use your own secured computer which is free from internet nasties like viruses and worms, malware and spyware & botnets.
Shopping online at an internet café can be very dangerous because the computer and the wireless network may not be secure. Hackers can easily steal your private data from internet café’s.
Read and understand the website’s terms & conditions and privacy statements. Before buying online, make sure that you understand exactly what is involved in the purchase. The terms and conditions of your purchase should be outlined by the seller on the website. They may be located on a separate web page to the advertisement.
The terms and conditions should be clear to you and outline any extra warranties or guarantees, security policies, privacy and returns. Make sure that you understand all the disclaimers of responsibility before you accept the terms and conditions.
Credit Card Security codes. If you use a credit card with a magnetic stripe, then online stores will require the CVV or card verification number when you make a purchase.
You will find the CVV code on the back of your credit card in the signature bar. The last 3 digits of the code are required to be entered into the website online payment page. This number is designed to prevent fraudulent purchases from someone who does not have your card but may have stolen your personal details like name; card number and expiration date.
Advanced security measures. Another security feature credit card companies are using is to create a second level of security by adding an additional password. An example of this is Verified by Visa or Mastercard Secure Code. These are optional security features provided by selected websites or payment processing systems.
If you activate the code and shop on sites that carry the Verified by Visa or Mastercard Secure Code logos, the check out process will require the entry and validation of additional secret password or PIN that you previously have set up. The purchase cannot be authorized without successful validation of this second password or PIN.
Automatic teller machines (ATM) and point of sale terminals also have this option to enter a PIN number for magnetic stripe cards. Modern Micro-chip & PIN technologies also provide a pass-over option where you don’t have to swipe your card through an electronic reader…you just pass your card by the electronic sensor and it reads all the cards details. You then enter a PIN into the machine for verification. These technologies are designed to prevent skimming attacks by hackers [1] .
Phishing Emails – Don’t Get Reeled In. Be aware of email scams designed to gain access to your credit card information. Phishing scams have been discussed at length in chapters 3, 4, 16 & 17 in this book.
Use a secure web browser when surfing online. How you pick the best web browser to use? There are many choices in how you can experience the world-wide-web. Some popular internet browsers include Firefox, Internet Explorer, Opera, Chrome, and Safari to name a few.
You should choose a popular browser is always safe but it also needs to have extra security features. By this I mean that it has additional security add-ons available.
Internet Explorer has been active since the beginning of the internet. This web browser is preloaded on every computer that uses the Microsoft operating system. Unfortunately, history has proven that Microsoft’s Internet Explorer isn’t the safest web browser available on the market.
A competitor called Mozilla Firefox is quickly dominating the field. As of July 2010, Firefox has become the second most widely used Internet browser. Google Chrome, Opera and Safari are also fast becoming major players in the market.
Read this review of web browsers from PCWorld.
What makes Firefox special?
This web browser features pop-up blocking, tab-browsing, easy to use privacy controls and an integrated Google search bar. In addition, Firefox provides you with over 1 billion add-ons and has about 120 million users.
Many of its add-ons offer additional protection for a safer online buying experience. For example, the add-on Web of Trust shows a traffic-light rating based on four factors: trustworthiness, vendor reliability, privacy and child safety of a web page. McAfee SiteAdvisor is a similar add-on and Adblock Plus stops banner ads and pop-ups. Pop-ups can also carry computer viruses which can infect your system.
You can also download a program called NoScript which forces web-programming like JavaScript, Java to only run from the trusted domains you have chosen. These are just a few samples of many add-on protections Mozilla Firefox offers their users for safe online shopping. They can be downloaded free from Firefox’s home page along with Mozilla Firefox. Check out the security features of Firefox here.
What about other web browsers like Opera, Chrome & Safari?
You may think that the latest Internet browsers: Opera, Chrome, Safari, etc. are best to web browsers to use. However, they’re mostly brand new and still in the beta stages of testing. This means that not all the bugs and glitches on them have been all figured out. On the other hand Mozilla Firefox is already a proven web browser. Today, it’s considered a full operating web browser.
In the near future, Opera, Chrome or other web browsers may overtake Firefox. Firefox is also continually updating its browser. However, for the moment, Firefox is the safest online shopping and security due to its many layers of security add-ons and customization.
Before you do any online purchasing, you need to be sure your computer is secure with anti-virus software. This has been discussed thoroughly is chapters 16 & 17 of this book. By following these tips using Mozilla Firefox with adequate anti-virus protection will give you the confidence you need to have a safe online shopping experience.
Online auction scams and how to avoid them
Buying and browsing items online is a real treat and online auctions like eBay can deliver some real bargains! However, as usual there are many scams to trap you.
Here are some really good tips for avoiding eBay scams and having a really great online shopping experience.
Take note of the shipping prices. These can have a great effect on the total cost of the item. Some sellers will absorb the shipping costs, while others require you to pay the cost. If you have two vendors selling the same items with similar prices, then check out the best shipping offer.
Check the online auction seller feedback scores: The most important precaution you should make is to check the online auction sellers’ feedback score. This score is vital because it is the reflection of the sellers’ credibility.
This score tells you whether a seller can be trusted or not. If the online seller has feedback score greater than 95%, then it is most likely that the seller is reliable. You should also see the detailed feedback about the seller. Check the most recent buyers’ comments because they are a great hint as to how your prospective seller is like to do business with.
Follow up on any negative comments and ask the complainant what the real problem is. If there are a number of negative comments about postage times, shipping, and delays, then the seller is not reliable.
Keep On Browsing: Just like in real life shopping at bricks and mortar stores, there are online vendors that sell overpriced items. Prices vary from seller to seller….some offering a good deal, other not so good! It is important that you browse through a number of sellers that offer the same item to get the best price. Browsing through a sellers’ page is absolutely free so explore your choices. This is the best thing you can do make sure that you don’t get ripped off.
Pay for online auction purchases through PayPal: If you want to use a secure online payment system, then PayPal would be the service to have. PayPal and the eBay auction site merged in 2002 to form the largest online auction site in the world.
The PayPal payment systems are the most reliable and secure payment processing you can get. There are no extra charges to pay and payment conversion is automatic.
PayPal has an excellent after sales service, particularly in resolving disputes and returns. If the seller hasn’t contacted you and your item hasn’t arrived, then you can go to your eBay account and fill in a complaint form. This is transferred directly to PayPal and they organize your refund.
PayPal have a very quick and efficient dispute resolution system. It should only be used if your seller hasn’t contacted you within a month.
Ask Questions: It would be best if you ask your prospective seller questions regarding the product. This way you will not encounter any misunderstandings and will have an understanding. Questions about price, quality, quantity and shipping are important.
What Are They Selling? You should always be suspicious and check out thorough what the person has been selling over time. For example, if you see that they has been selling cheap magazine clippings in the past year and now are selling Gulfstream jets, there is obviously a reason to be suspicious.
How to Avoid Internet Scams on Adult Websites
Adult sites are very popular but criminals use these websites for identity theft purposes?
There are two ways by which identity fraud can happen on adult websites. The most common method is the scammer enticing the unsuspecting user to download a file from the website containing a virus, malware or spyware, which in turn harms your computer. You can protect yourself from this fraud by installing a good anti-virus or anti-malware program (see chapter 16 & 17)
You can also be an identity theft victim of when you unknowingly download a keylogger or dialer program or pop-up advertisement. This allows criminals to hijack your computer and steal vital information. For example, if you shop online regularly, they can use your credit card details to make online purchases.
Before you become a member of the site, make sure that the site is a legitimate site. You can check this out by reading the User Agreement and Privacy Policy carefully. They are usually long documents and will take some time to review them. You must do this check these documents thoroughly, if you want to keep safe on the internet.
You can also check the ownership of a website using the free search tool on the website Whois MyDomain. This website contributes to user confidence in the Internet by promoting legitimate uses of the websites including digital inclusion and e-commerce. The site helps users to identify the persons or entities responsible for web content and online services.
If other family members use the computer, limit their access to see white-listed websites. This prevents others from accidentally downloading something into the computer. If your children are alone, you need to blacklist or block adult sites so they can’t visit adult sites.
Most internet users won’t know if the adult website is fraudulent or not. Therefore it is advisable to install a website monitoring system. This program is designed to keep a log all the programs that are installed and visited. Website Monitoring programs can also be setup to automatically enforce a “no downloading policy” and “no unsupervised surfing” policy. For example, if your teenage child visits a blacklisted pornographic website, a message will appear informing the web surfer that the site cannot be visited. This ensures that your child will not be victimized when they are online.
If you use Adult websites, you should always review your credit card bill or phone bill for any charges which you knew were never made. The earlier that you report these calls, the earlier the credit card or the telephone company will be able to adjust your account.
Adult internet sites are not the only websites that are used by fraudsters. Charities, auction sites and commercial websites are also being used as a front by criminal gangs. If you think the site you are visiting is not legitimate, leave the site and report it to the police.
Dating and Romance scams
This scam takes advantage of your romantic side by befriending you. You may be a single person looking for love and are very vulnerable to attack.
The scammers are professionals who can pretend to be whatever you think they are. In the online world you are anonymous, so you can pretend to be some-one else.
For example, a male scammer could pretend to be a gorgeous female who is really interested in you. Female scammers can also pretend to be some-one else…and so on!
The scammers know the right emotional buttons you have and form an “online relationship” with you. When they have your complete confidence, they often start asking you for money. Normally this type of scam happens on dating sites and online social networks like MySpace or FaceBook.
Online scammers are NOT interested in having a relationship with you no matter how attractive you may be. They have only one interest and that is to take advantage of you and defraud you!
Never trust anybody you meet on the web unless you know and trust them in real life. In the real world, you need to spend quite some time with a person before you get to know them well enough to enter into a relationship with them.
Here is an example of a dating and romantic scam that I received in my e-mail
Good day, dear!
I am looking for a strong, kind, caring man. In my life I have almost everything except love. Everything I want is to be loved by a man like you.
You seemed to me very interesting and different from others. And I think you are the man I was looking for such a long time.
You can be sure, I will make you the happiest man in the world! I will make true all your fantasies. And I can be for you not only a perfect lover, but the best friend and good wife. We will spend all our free time together.
I need you here. I need you like my lungs need air.
I do not find strange that my second half is so far away, my destiny and life has been all over the world, but now that I found you, I really need you near me as soon as possible.
Please write me. I will be waiting for your letter http://finebeautifulwomen.net/6184/
See you later
Uli M
I immediately deleted the e-mail as spam. I am happily married…
Online Gambling Scams
There are many risks involved in online gambling. The game itself involves a lot of risks….but there are other internet based risks as well.
The main risk for an online gambler is determining whether the casino web page is a legitimate site or not. The scammers are professionals and even security experts are tricked. Fraudulent casinos copy the documents of a legitimate casino and create fake documents, certifications and memberships.
The only way you can ensure that you have entered a legitimate casino is to properly check out their credentials. In Australia, casinos and betting agencies must be approved and registered by a state based government regulatory agency. Check the online gambling certifications and ensure that they are legitimate websites.
Most online gaming websites have search functions that you can use to search for members. In scam casinos, the online scammers don’t become members. They have to easily change their name to avoid detection.
Using Secure Online Banking
Do you consider online banking in its current state to be secure? In your experience, what are the biggest mistakes that financial services providers — and their customers — make that expose them to security risks?
The world is changing at a staggering rate and technology is considered to be the key driver for these changes around us (Papers4you.com, 2006). An analysis of technology and its uses show that it has permeated in almost every aspect of our life.
Many activities are handled electronically due the acceptance of information technology at home as well as at workplace. Internet can be seen as a truly global phenomenon that has made time and distance irrelevant to many transactions. The transformation from the traditional banking towards e-banking has been a ‘leap’ change.
The evolution of electronic banking started from the use of automatic teller machines (ATM) and has passed through telephone banking, direct bill payment, electronic fund transfer and the revolutionary online banking. The future of electronic banking according to some is the acceptance of the more secure WEP enabled banking and interactive-TV banking.
Online banking is the future of electronic financial transactions. The rise in the e-commerce and the use of internet in its facilitation along with the enhanced online security of transactions and sensitive information has been the core reasons for the penetration of online banking in everyday life (Papers4you.com, 2006). According to the latest official figures from the Office of National Statistics (ONS, 2006) indicate that subscriptions to the internet has grown more than 50% from 15 million in 2000 to 35 million in 2005 in the UK. It has also been estimated that 60% of the population in the UK use internet in their daily lives.
Why people refuse to use internet banking?
Today, there are still many internet users who refuse to do their banking online. Their main reason for not doing so is the lack of online banking security. One of the reasons why they feel insecure about banking online is because of misinformation….not knowing the correct information about internet security.
A study from the University of Michigan by Atul Prakash looks at design flaws that many online banking sites have today. He concluded that they fail to protect users who don’t know the basics about internet security.
The study focussed on design flaws rather than actual software programming weaknesses. Website design flaws are decisions or assumptions that were made by the web developers when they designed the online banking website. For example, the developers assumed that online banking users were educated about internet security. In fact, the opposite is true….many online banking users are uneducated about basic internet security. This assumption can be taken advantage of by unscrupulous hackers.
Some of the design flaws of online banking security are:
Being able to access the site by using insecure HTTP,
Being redirected to an untrusted site,
Low security password thresholds and e-mailing confidential data to users.
These are all examples of website design flaws that can lead to confidential data being leaked!
Strong Passwords: As far as user password information goes, many of the sites involved in the study don’t require password restrictions for users. Having low quality passwords invite themselves to being disclosed by brute-force attacks. The study also noted that having a strong password does not protect against phishing sites and key loggers.
Many banks find it to be just an inconvenience for their users to force strong passwords. The online banks claimed that by enforcing a ‘three-strike’ [2] lockout policy when incorrectly typing in a password makes brute-force attacks on low quality passwords unrealistic.
However, the study found that even when a ‘three-strike’ lockout policy is enforced, it can be broken if low quality passwords are allowed. For example, if you use a password that is very weak like “password”, hackers can successfully use automated attacks to compromise your login. This is so, even if the online bank enforces a three strike policy.
The design flaw here is that online banks have assumed that users will always use strong passwords. Online banks must not assume that some online users understand basic internet security and enforce the creation of strong passwords.
Well-designed online banking sites enforce strong passwords by using JavaScript [3] to immediately test the password’s strength. If the password is not strong enough, the user will immediately be advised by an on-screen error message or a graphic. Click here to create a password and test whether it is a strong password.
Hackers and intruders have an easier time figuring passwords out when they are not frequently changed. You must change your passwords regularly, especially for your online banking password. When you change your password, the hackers would have to start over again.
Online banks with strong password security policies automatically enforce users to change their passwords periodically. Typically a password creation screen will appear and you will be asked to update your password twice. You will also need to know the old password.
It is harder for hackers to figure out your password if you use a number of different characters… especially if it is a combination of letters, numbers, and symbols found in your keyboard. Of course, it will be harder for you to remember the new password, so you have to make sure you memorize the combination.
A useful tip: never use passwords that are codes like your birth date, spouse’s name, or other relevant information because your password can be deduced quickly and easily. These “coded” passwords are used by a lot of people, particularly in ATM machines and email passwords. By doing this, you simply make yourself a big target to hackers.
Chain of Command: The University of Michigan study by Atul Prakash also mentions websites that break the chain of trust. Often time, bank websites will redirect you to other websites without notice. These sites may not be secured by using SSL [4] . Many times the certificates [5] used are not affiliated with the bank at all and there is no way for the user to tell if they are still on the banks website or not. This makes it hard for even knowledgeable users to know if they are on a phishing [6] site… or not!
Some online banking sites may present secure login options within an insecure webpage. While their online banking site may offer secure logins via SSL and HTTPS [7] , that same webpage may be available insecurely through a HTTP [8] version. While redirection to a secure page may occur, if the user had already entered in credential information under the insecure page, then their credentials are at risk of being compromised.
While many sites exhibited 1 or 2 of the noted flaws, there were many on the list that didn’t show any flaws and offered very good security. It also went on to note that some of the sites may have even fixed the flaws noted in the study at the time when the study was released.
Online Banking: Tips for Doing It Safely
With the increasing popularity of the Internet as a virtual marketplace, consumers and criminals alike have capitalized on this growing community. As a result the issue of Internet security has become one of great importance, especially when it comes to online banking. However, safe banking online is not as difficult as it may seem. It simply involves making the right choices. Here are some tips that will help ensure a safe banking experience on the Internet.
First, make sure that the bank you choose is legitimate. If they do not have a branch you can visit locally, then you won’t have the convenience of checking them out in person. In such cases, it is advisable to read pertinent information about the bank on its site.
Most financial institutions will have an “About Us” tab where you can read more information about the bank and its history. You should even be able to the find name and address for the bank’s headquarters along with a toll free number you can use to speak with a live person.
Second, be aware of criminals who put up fraudulent websites under a name or web address similar to that of a credible bank. Unfortunately, these hackers and scammers have caused some concern when it comes to online banking. However, they can be fairly easy to spot and avoid. These sites are designed to trick you into entering their website and providing your personal information (i.e., social security number, account number, password).
Be sure you have typed the appropriate web address for your bank before accessing your account online. This can be easily ensured by “book marking” your bank’s site or adding it to your “favourites” in your web browser. Doing this virtually guarantees you will visit the correct site in the future.
Third, safeguard your private information. Thieves would love to get a hold of your credit card numbers, banking info, social security number and other private data. Review your bank’s security practices. This information is usually available on their website, but you should also be able contact the bank directly if necessary.
Fourth, a secure online banking site will provide strong encryption [9] . In this process, private information is scrambled in order to prevent the wrong eyes from seeing it. Some web browsers will show an icon at the bottom of your screen that looks like a key or a lock. This icon indicates that your transaction is secure and your private information has been encrypted.
Finally, make sure that you logout of the online banking website completely. When you are finished with your online banking session, you need to be sure that you log out. If you do not physically click the log out button, you may stay signed in. Anyone who uses the computer that you used to check your bank account could then get into your bank on-line account. It could also give more time to those people who want to crack into your bank account.
Checking for the lock that indicates a secure log in is crucial to being careful when using online banking. It helps you to ensure that you are giving your password and information over a secure connection. Password protection, and having a secure password, will allow you to make it difficult for others to log into your account. By logging out, you can be sure that you have stopped the connection, preventing anyone (both online or in person) from finding and using your account. You need to be responsible when using online banking to ensure that your finances are safe.
It should be clear that safe online banking is not an impossible task. It simply involves being well informed and making the right decisions.
Order Now