6 safer ways to shop onlineBy Lynn Greiner
Ah, holiday shopping. Like many techies, I detest crowded malls. The mobs of bag-toting shoppers in rabid hunter-gathering mode, their broods of shrieking kids in tow, are totally enervating. Online shopping is much easier on the nervous system.
But it’s not without its risks. This time of year, the scammers are out in force. This week alone I’ve had a text, allegedly from a bank, asking me to go to a shortened link (how convenient that I can’t easily see what the link leads to) to “validate my credentials” and an emailed fake order confirmation from “Amazon.”
Whether you’re shopping yourself, or designing a site for others to shop on, security has to be top-of-mind. That means not doing silly things, and helping users avoid doing those selfsame silly things.
Here are six things to think about to help keep this festive season safe as well as happy.
1. Don’t even think about buying on a site without SSL, or as a developer, don’t consider building an unsecured ecommerce site. In fact, any site that asks for personal information should be encrypted, as should any site that’s used for financial transactions. Yes, it costs to get an SSL certificate, but it costs even more if your site is hacked.
2. Keep your browser and operating system patched and updated, and make sure your security software is current. And, by the way, Internet pop-ups telling you your computer is infected, and offering you security software, are probably dispensing malware if you acknowledge them. Don’t fall for the scam.
3. Use strong passwords, and require users on sites you design to use strong passwords.
4. Only shop with known sellers. There are plenty of bogus sites that come and go, stealing credit card and personal information and not delivering goods supposedly purchased.
5. Minimize the information you give to sellers. Yes, vendors will attempt to extract as much information as possible, and may sell it or use it to market to you later. That’s no reason for you to answer everything you’re asked if it’s not relevant to the transaction. Social Security numbers are never relevant, and are very useful in identity theft, as are birth dates. The more people know about you, the less secure your identity is. To protect your users, develop your sites using the principles of Privacy By Design.
6. View all correspondence from vendors with suspicion until you verify that it really came from them. Those Amazon order confirmations I mentioned did not, on closer examination, come from Amazon, nor did the links in them point to legitimate Amazon sites. If you get a fraudulent email or text, report it to the company that’s being spoofed. Most don’t like having their reputations sullied by crooks. And make it easy for customers on sites you design to verify that they’re getting legitimate correspondence (no shortened links in emails, for example).
About the Author
Lynn Greiner is a freelance journalist specializing in information technology and business topics. She is also an IT professional, giving her real-world experience that allows her to cut through the hype and address topics that are relevant in the business world. Her articles have been published in both print and online publications, including itWorld Canada, Computer Dealer News, CIO.com, DevSource, Canadian Security, ACM netWorker, Security Matters, GlobeTechnology.com, Canadian Technology and Business, InformIT, Computing Canada, and many others. Find her @LynnGr.
Author's Website: http://itwriter.com/