This story was contributed by Bob Bunge, cyber security expert and associate professor in the College of Engineering and Information Sciences at DeVry University.
Online purchases grew by approximately 10 percent from 2010 to 2011, with the average consumer spending $1,028. Convenience and variety make shopping online an attractive option for holiday shoppers who are trying to balance their personal and professional lives, while finding the perfect gifts for family and friends.
Drawn to the allure of e-commerce, many consumers do not realize that online retail and shopping websites are the fourth most infected kind. In fact, 61% of malicious sites are actually typically trusted web sites that have been compromised. And 1.5 million people fall victim to cybercrime every day. Here are some tips on how to avoid becoming one of them.
Password Security – Strengthen and lengthen your passwords
Mix in numbers and special characters, and avoid proper names and sequential number strings (i.e. 12345). And don’t use “password” as your password – the most popular password in 2011 was “password.”
The username and password combination is the most typical way to prove your identity on the web, but weak and ineffective passwords open the door for identity theft. The first general rule of password construction is to make it long. A short password can be cracked easily by a high speed program.
Use different passwords on different web sites and change them every so often. Failure to do this means loss of a password by one merchant could expose your accounts on all the others. Passphrases are a good way to generate strong, yet memorable passwords. Here is one example: “Oh say can you see by the dawn’s early light” becomes “0Scucb+de1.”
Trusted Websites – Only shop on reputable sites
Look for the SSL certificate and ensure the site starts with https:// and has a padlock icon.
The risks of shopping online are similar to face-to-face transactions. About.com offers the following general tips to minimize your risk. First, debit cards are the worst non-cash option. Why? If the card is stolen or the goods are not shipped, you are on the hook for any fraud or loss. PayPal and credit cards offer more robust dispute resolution and fraud prevention. PayPal will appeal to those who do not like to give out a credit card number. However, if PayPal is tied directly to your bank account, you need to monitor for suspicious activity in that account.
One good technique when considering a new merchant is to check that company name in one or more search engines. If the words “scam,” “fraud,” or “rip-off” pop up, consider yourself duly warned! Also verify that the URL matches the merchant. Scammers often load the left-hand side of the URL with real company names to lure you in.
Payment – Use only one form of payment: a credit card
Putting your debit card information online opens up details to your checking account. Consider using sites with the PayPal and VeriSign icons. Having a dedicated credit card for online shopping is a good idea; it helps you spot problems and reduces your risk to other accounts.
Secured Networks – Never shop on an open Wi-Fi network
If the network is open, your information is open.
Which network is safest for online shopping? Network security comes in layers. The first layer is physical. Wired or cabled connections beat wireless connections for security every time. Likewise, if you physically manage the network (at home or in a private office), you’re generally safer than in a public network. Home WiFi, if set up properly, is generally acceptable. Be sure you are using WPA2 security with AES encryption.
Shopping over airport WiFi is one of the most risky. Professional thieves hang out in large public gatherings and sniff the airwaves for names, passwords and card numbers.
Your data — Don’t Store Information
Merchants you visit often can serve you better if they keep some information about you. Cookies are one technique for maintaining an online relationship. As long as the relationship is safe, this is not a problem.
But be cautious about giving information. Remember: if the deal sounds too good to be true, it probably is. A deal offering brand name merchandise for pennies is probably a scam. Similarly, “free” gifts that require you to pay shipping up front are scams.
If you have to give more than an email address, a shipping address and a fraud-secured credit card number, then you should consider taking your online business elsewhere.
Robert (Bob) Bunge is an associate professor in the College of Engineering and Information Sciences at DeVry University. He has nearly ten years of teaching experience in computer information systems, network security and simulation development. As a cyber security and cloud computing expert, Bunge has presented on various subjects at numerous events, including the NWSec Conference and the Washington Association for Skilled and Technical Sciences Conference.