12 tips that IT security experts use to shop safely online

This article is brought to you by Retail Technology Review: 12 tips that IT security experts use to shop safely online.

Despite the carnage that the credit crunch has wreaked on the High Street, online retail demand remains strong and is projected to grow into 2009 as economic conditions remain tight and competition between web retailers for our online spend heats up. An early indication of this counter-cyclical trend was the significant growth of Christmas Day online trade in response to early January sales and the deep discounts available online from traditional High Street vendors.

The credit crunch, however, has also had the effect of bringing more scammers onto the internet than ever before. As scammers become more sophisticated and people become more desperate to find ways to make money during the recession, consumers shopping online need to become more vigilant and wary as to pitfalls out there.  As an IT security expert who shops frequently online, I have outlined some of the few basic internet security measures and must dos that we in the IT security industry adhere to to make sure that we shop safely online to avoid falling foul to the many scammers, exploiters and opportunists who are all to ready to pounce!

The twelve golden rules to safely shopping online:

Rule One: Most Malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files (this usually happens automatically in the background with most commercial anti-virus products) and operating system updates from Microsoft. This reduces the likelihood of malicious code or key-logging software running on your PC without your knowledge, transmitting your details to fraudsters across the internet.

Rule Two: Never go online without ensuring you have your personal Firewall enabled. This personal Firewall adds a layer of protection to the PC by stopping unknown connections to the PC. The personal firewall included within Windows XP and Vista is generally considered to be insufficient. They can control data coming in at the PC an inbound filter however they can not properly control outbound connections. If your PC is infected by Malware, you could be sending out Spam or other data on to the Internet without your knowledge. By adding a personal firewall you can control and stop unwanted outbound connections. There are a number of personal firewalls on the market both free and paid for. Some anti-virus vendors include personal firewalling as part of their products.

Rule Three: Dont ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some malware is designed and written to go and search your PC for these passwords. In addition to this, if you use a laptop that is lost or stolen, the passwords go with it.

Rule Four: Ensure that your credit cards are registered with your card providers online security services such as Verified by Visa and MasterCard SecureCode.

Rule Five: Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.

Rule Six: Be sure to use a Credit Card and not a Debit Card. The bank provides you security guarantees with a credit card that are not given with a debit card.  So dont be tempted to take your shiny new platinum card on an online shopping spree.

Rule Seven: Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.

Rule Eight: Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details. Recently Verisign have added the green display bar to show a website with an Extended Validation certificate this means the encryption key has been made strong, and the site has external validation.

Rule Nine: Make a habit of checking the sites privacy policy for details of how your personal information will be used and only provide the minimum of personal information, especially in on-line forms.

Rule Ten: Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (SPAM).

Rule Eleven: It is important to remember that you could be doing everything right, but that the Vendor may do something wrong. A vendor may well be storing all your credit card data on a single server. This creates a single big target for a hacker to go after. If the Vendors web site is breached, your details may well be compromised. The Payment Card Industry has recently introduced their own Data Security Standards to try and protect this data at rest. However the standards are not yet fully enforced and this risk is for all credit card transactions, not just those over the Internet.

Rule Twelve: Finally, dont rely on previous customers testimonials they are part of the organisations marketing and not necessarily factual. The Golden Rule of commerce is still the same as it ever was. if the offer looks too good to be true, it probably is!

These are the rules I follow as do many of my colleagues.  Internet shopping is only going to get more popular, with scams being more sophisticated, so make sure youre not caught out by being lured into unsafe territory.  By following these rules you can log on and access those internet bargainssafely! Good luck and enjoy.

By Andy Dalrymple Managing Consultant - Information Risk Management, Global Secure Systems (GSS).