Secure Online Shopping
ONE issue that bothers consumers more than anything else when shopping online is the security of online transactions. When it comes to making payments, many consumers are still wary about sending their credit card and other personal information across the Net.
Identity theft, data security breaches and phishing continue to top the list of consumer concerns, says David Freer, vice president for consumer business, Asia-Pacific and Japan, Symantec Corp. The online business environment, according to him, is troubled by an increase in data theft, data leakage and the creation of malicious code targeting information that can be used for financial gains.
In Symantec’s Internet Security Threat Report (ISTR) XII, the company saw a shift in the methods and focus of attacks from the previous year where attackers are becoming increasingly commercial in focus and exploiting trusted Web sites.
“All of these threats undermine trust in digital commerce, which is why businesses have to take necessary steps to reduce customer concerns about shopping and banking online,” Freer highlights.
PROTECTION TOOLS. Freer says that businesses are becoming more aware and are taking steps to protect consumers against these threats.
Consumers, meanwhile, should exercise the necessary precautions when sharing credit card information to make online shopping a safe and enjoyable experience. Armed with the necessary protection tools, consumers can continue to communicate and transact business online with confidence.
“Shopping online is very secure as long as you’re careful,” states Freer.
He advises consumers to shop only with Web sites or e-merchants that offer secure transactions.
“Some Web sites are `certified secure’ and display a certificate on their homepage or at checkout. The certificate is issued by a variety of organisations, including Verisign, DigiCert, and Go Daddy. What it means is that the Web site offers SSL (Secure Sockets Layer) security,” he says.
Another way to increase safety is to make sure that the page where you enter your personal data (such as password or credit card number) uses encryption. The Web address on such a page starts with “https”. A padlock icon on your browser’s frame also indicates that the site uses encryption.
Also, it will be good to check the merchant’s privacy policy, which should be available on the site, and be sure that your data won’t be used in a way of which you don’t approve.
Freer further advises consumers to protect their interactions by using up-to-date Internet security software that combines fraud site protection and Web site authentication.
PAYMENT GATEWAY. At the electronic merchants end, one of the most important decisions to be made is choosing a payment gateway provider, says Freer. While the gateway transaction is seamless to the customer, to those concerned about security, it is anything but invisible.
Payment gateway enables online merchants to accept online payments via credit card and electronic cheques and is responsible for taking the submitted billing information from a customer’s computer, through the merchant’s server, and on to the merchant’s account at a processing bank.
“Merchants must choose a payment gateway provider that maintains its operations in state-of-the-art data centres and utilises the latest security methods. They should also be fully compliant with major credit card providers’ security initiatives, including the Visa Cardholder Information Security Program (CISP), MasterCard Site Data Protection (SDP), and Discover Information Security and Compliance (DISC),” he explains.
Just as merchants expect gateway providers to adhere to high security standards, the business itself should follow a stringent security guideline, states Freer.
THREAT CONTAINED. Victor Lo, principal consultant-technology, Trend Micro (M) Sdn Bhd, believes online banking and shopping is safe for this part of the world where threats are not as widespread as the rest of the world.
“It is important to note that all locally based online banking and shopping facilities practice high levels of protection and vetting to verify payment details and assure consumers that their details are kept private and confidential,” says Lo.
“Two years ago, the online phenomenon was not as popularly adopted as it is today. Therefore it is great that the increase in the number of users has encouraged service providers to upgrade their systems and implement more security software.”
He adds that these software and systems generally request for passwords. However, online payments often request for further verification, such as billing addresses and additional verification numbers that is only known to the cardholder.
Still, Lo cautions, there are identity thefts and security breaches. Users should protect their machines with security software.
TREADING CAREFULLY.
Consumers should keep in mind that before parting with their money, one should be sure of the site’s authenticity. Lo says each bank has different authenticity checks and eventually, all the online purchase payments are verified by the respective banks which issue the credit cards.
“The most threatening situation for users would be Web site hijack. This is when the perpetrator dupes an authentic Web site that is related to banking or shopping. An innocent user whose machine has already been planted with spyware would automatically direct him to the duplicate Web site where pop-ups would ask for usernames and passwords for updating or security purposes.”
Lo also states that merchants have to constantly update their technology and security software to combat the rising Web threat situation.
“Their IT personnel should keep abreast with the latest virus news and threat patterns, as these threats, once successfully carried out, are emulated by others around the world. Their security software providers must be innovative industry players who keep a 24/ 7 tab on the threat activity across the regions,” he says.
(c) 2008 New Straits Times. Provided by ProQuest Information and Learning. All rights Reserved.