Are you ready for Black Friday and Cyber Monday? Tips for a secure online holiday shopping for consumers and online merchants
As the holiday season approaches and with black Friday and Cyber Monday coming up at the end of the week, we urge businesses and also shoppers to be aware of the risks of online fraud, which increases dramatically during this season.
Online criminals will use this busy time to prey even more upon those businesses who are unsuspecting and unprepared.
Because of that, we prepared a list of tips for both merchant and customer to have a more secure shopping experience:
For the consumer:
- Software and Antivirus update: No matter what device you shop from, the operating system updates and antivirus definitions should be installed as soon as they are available to help protect yourself online.
- Account Passwords: Passwords to online shopping sites and other accounts should be changed regularly, and the same password should not be the same on multiple accounts.
- Payment Cards: Credit cards should be used instead of debit cards. Credit cards have better protection for the consumer if fraud occurs. Debit cards have no limit to the amount of loss the consumer can suffer. Verify online transactions by checking your credit card and banking statements often.
- The use of Public Wi-Fi: Online Shopping or banking should NOT be conducted over publicly available Wi-Fi networks. While the Wi-Fi in a restaurant, coffee shop or store may require a password, there is no guarantee as to how secure the network is or who may be monitoring and intercepting your online transactions.
- Beware of Phishing emails and Social Engineering: This is the time of the year when our inboxes are flooded with offers of all sorts which increases the possibility of encountering fraudulent websites and emails. Avoid opening attachments and clicking on links within emails from senders you do not recognize. Often, these attachments or links can contain malicious content that can infect your device or computer (i.e. Ransomware) and steal your information. Type the hyperlink manually into your browser (hover over to reveal the URL) to see what happens and avoid the possible unsuspecting download. Also, be wary of emails or calls requesting that you verify your account by providing information such as your login, password, account number, etc. A legitimate business will never call you or email you directly for this information. Utilize the customer service number on your credit/debit cards/ bank statements or the merchant's website to verify any information requests. Lastly, remember that if the offer sounds too good to be true, then it probably is.
- Who you conduct Business with Online: Extra consideration should be given to merchants and businesses you provide your personal and payment card information online. Reputable and established online companies utilize encryption, such as Secure Socket Layer (SSL), to protect your information as it is transmitted to and from your computer or device. Also, to lessen the risk of visiting fraudulent or "spoofed" websites, consider how you get there. Certificate "errors" can be a warning sign that something is not right with the website. Verify the hyperlink website address from hyperlinks within emails or access the site from an internet search. When shopping from your phone, only consider vetted apps from trusted business and download only from your device's designated app store.
the Online Merchant:
- Software and Antivirus Updates: Operating system and network software patches, firmware updates and antivirus definitions should be installed as soon as they are available. Discontinue the use of outdated, unsupported operating systems such as Windows XP.
- Account Passwords: Network or system passwords should be changed regularly, and the same password should not be used on multiple systems or accounts. Offer and utilize multi-factor authentication for an added layer of security for you and your customers. Passwords on all equipment should be immediately changed from the default password they are configured with from the factory.
- Network Segmentation: Segregate your payment system processing from other network applications such as email and non-payment system-related processes. Proper network segmentation and segregation would lessen the network exposure if a cybercriminal were to gain access to your system.
- Firewalls, Intrusion Prevention and Detection Systems- The use of a firewall and properly configured and monitored intrusion prevention and/ or detection system are recommended for the added defence of your network.
- Remote Access Considerations: Remote access into your network should be limited, secured and monitored for unusual activity to reduce the amount of risk. Have a baseline of remote access activity for reference.
- Back up your system: A back up of your system may help limit unnecessary downtime and losses if needed.
- Online Payments: Utilize Payment Card Industry Data Security Standards (PCI DSS) protocols for your online transactions. This included encrypting (SSL encryption) your customer's payment card data whether it is being stored, processed or transmitted. Also, verification of the cardholder's address and requiring the Card Verification Value 2(CVV2) code (3- or 4-digit number on the front back of the card) can help authenticate the transaction and validate the cardholder and account.
If you haven't prepared enough for the holidays, there is still time to implement a security approach on your e-commerce business, get in touch we can help. Don't let cybercriminals take your website out of business in the busiest period of the year.