Security Matters: Holiday buyers beware cybertheft



By Michael Carr

Internet retailers expect more than 50 percent of all holiday purchases to be made online this year. So, how can one buy online safely without being taken to the cyber cleaners?

Twelve simple tips for online holiday shoppers:

1. Protect your computer: Your computer should always have the most recent operating system patches applied, anti-virus and anti-spyware software updates installed, and a firewall turned on and kept on.

2. Only shop on trustworthy websites: Check the seller’s reputation and record for customer satisfaction (via the Better Business Bureau or the Federal Trade Commission). Confirm the online seller’s physical address and phone number in case you have questions or problems.

3. Protect your personal information: Take time to read the seller’s privacy policy and understand what personal information is being requested and how it will be used. If there isn’t a privacy policy posted, it should be taken as a red flag that personal information may be sold to others without permission.

4.    Use strong passwords: If you need to create an account using a password with an online merchant, be sure to create a strong password. Use more than eight characters (if possible) with a combination of numbers, special characters, and upper and lowercase letters.  To be really safe, don’t use the same passwords for online shopping websites that you use for any other account. And never share your password.

5. Don’t use public computers or free Wi-Fi: Public computers may contain malicious software that steals your credit-card information when you place your order, and criminals often steal credit-card numbers and other confidential information from people using public wireless networks (like at a coffee shop).

6. Beware of deals that sound too good to be true: If an offer on a website or unsolicited email sounds too good to be true, it probably is; especially offers with extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a “deal” that might cost them dearly in the end.

7. Beware of “phishing”: Legitimate businesses do not send emails claiming problems with an order or an account to lure the “buyer” into revealing financial information. If you receive such an email, pick up the phone and call the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction.

8. Confirm your online purchases are secure: Look in your Internet browser’s address box for the “s” in “https://” and in the lower-right corner for the “lock” symbol before paying. If there are any doubts about a site, right-click anywhere on the page and select “Properties.” This will let you see the real URL (website address) and the dialog box will reveal if the site is encrypted or not.

9. Pay with a credit card: It’s best to use a credit card because, under federal law, you can dispute the charges if you don’t receive an item. You also have dispute rights if there are unauthorized charges on your credit card and many card issuers have “zero liability” policies under which you may actually pay nothing if someone steals the credit card number and uses it.

10. Keep documentation of your order: After completing the online order process, there should be a final confirmation page or you might receive confirmation by email. If so, save a copy of the Web page and any emails for future reference and as a record of the purchase.

11. Check your credit card statements often: Don’t wait for paper statements. Check your statements for suspicious activity by either calling the credit card companies or by checking statements online regularly.

12. Know your rights: Federal law requires that orders made by mail, phone or online be shipped by the date promised or, if no delivery time was stated, within 30 days. If the goods aren’t shipped on time, you can cancel and demand a refund. There is no general three-day cancellation right but you do have the right to reject merchandise if it’s defective or was misrepresented. Otherwise, it’s the company’s policies that determine if you can cancel the purchase and receive a refund or credit.

Additionally, understanding the online retailers’ shipping, return, warranty and refund policies before you shop may save you hours of offline heartache later.

Michael Carr is UK’s chief information security officer. If you have questions about computer security or have ideas for future topics, contact him at [email protected]