Life & Work

How to remain secure when shopping online

onlinne shopping

Your best bet is to have a pre-paid card with a set amount that you can keep replenishing. PHOTO | FILE

Shopping from the comfort of your living room or office as you work is one of those little joys of the internet, but when a credit card bill at the end of the month reflects a few Sh100,000 transactions not authorised by you, then it becomes a source of panic.

Face-to-face transactions have been viewed as considerably safer with the introduction of chip-and-pin security features on the cards.

“It is expected that fraud will move to the online platform with the increased security for face-to-face transactions,” says Salome Makau, Visa country manager for sub-Saharan Africa.

Card Fraud

Kaspersky Lab indicates that some of the methods that are being used to commit online card fraud include web page infiltration where extra fields ‘injected’ into the bank’s login page, capture confidential customer data such as the CVS card number for use in ‘card-not-present’ attacks.

Fake (phishing) pop-ups which work by adding the hacker’s own ‘pop-up’ request for additional data, perhaps a mobile phone number so that two-factor verifications can be intercepted. Transaction tampering, for example, where customers are instructed to ‘repay’ money falsely recorded as entering their account in error, or to make a ‘test’ transaction to assist the bank.

Some banks have taken measures to safeguard themselves and customers from the liability of online card fraud by disabling the feature altogether.

But as the global marketplace continues to grow and local merchants increase the payment options, users need to be more aware of the measures that can be taken to protect their cash.

Even as cybercrime becomes more sophisticated, the study by Kasperky Lab indicates that fraud is also due to ignorance on the user’s part. This means that you, as the owner of your credit and debit card, can increase the protection for using it online.

According to Kaspersky, you should only open safe pages. Safe browsing keeps phishers at bay. Look for those with https:// at the beginning of the link or a padlock to ensure your details are being keyed into an encrypted and secure site. You can also use a security keyboard provided by anti-virus companies to increase user protection when entering sensitive data.

Also ensure that auto-fill and ‘remember password’ are switched off. The data may be stored on the machine when these settings are on, meaning that the data may be available to any other user with access to the machine.

The feature can be disabled under advanced or privacy settings on the browser. Refrain from keying in sensitive data in public places as criminals may also be spying, memorising or writing down all the details as you key them in.

Though the number of cyber cafes has reduced, there is still the risk when you use free wi-fi at a coffee shop, hotel lobby or even in public transportation.

Most online transactions will require you to key in a card verification value (CVV) or card security code (CSV) which is a three digit number at the back of the card to ensure that you are physically in possession of the card. But even with that, you can add an extra layer of protection. “You can have a PIN different from the CVV to authorise the transaction,” explains Ms Makau.

Having the PIN ensures that even when the card details are stolen, no transactions can be carried out on the card. In addition to this, some banks also send customers codes that need to be keyed in to complete the transaction either to their email addresses or mobile phones or both as registered with the bank.

If you are a regular user of online card payments, keep all invoices and receipts to compare with your statements. Request a monthly statement to be emailed to you by the bank to make it easier to spot any irregularities on the transaction.

Many local banks today have online banking and mobile banking services that notify you immediately of any transactions carried out on your card.

Pre-paid cards

The best alternative, however, would be to have a pre-paid card that is for the sole purpose of e-payments. Unlike debit cards which are linked to all the funds in your account, pre-paid cards can only be used for the amount loaded in them.

Some banks also have a pocket system where you can have caps on how much can be spent in one type of transaction at any given point.

Even with multiple cards, have strong passwords that are not generic and differ from retailer to retailer. Do not use the same email for the online site, your email address and even worse your PIN.

Taking the necessary security steps makes you less prone to card fraud and keeps your finances that much safer, especially as the holidays approach and Christmas shopping becomes a priority.

[email protected]