Cybersecurity tips for shopping safely this festive season

By Nisa Vithana

With Avurudu shopping season just around the corner, many of us are preparing to spend a sizable portion of our annual income on many discounted sales that retailers have on offer. While most people still like to do in-store shopping, more and more of us think that shopping online is a convenient way to avoid holiday crowds. 

There are many reasons to shop online. Every day we see a large amount of ecommerce sites promoting their products and services for online shopping. From household items to holiday travel and leisure all have last minute online deals which are too tempting to avoid.While it is convenient to shop online, it is also as important to protect your wallets on the internet as protecting it in-store. As retail domestic ecommerce sites grow significantly in the island, consumers have access to a wide variety of products and services online. Social media marketing has been also trending in recent years. 

When online sales grow, so do the online theft complaints. While you are shopping online for your favourite pair of shoes, online criminals are shopping for your data! Criminals specifically targeting to steal money and data from computers or network systems. Online shopping can make you more vulnerable to phishing attacks, identity theft, credit card fraud, cyber-attacks such as malware, or ransomware.

Although it’s somewhat alarming, this information should not keep you away from online shopping. To stay safe online, simply use your common sense and follow some practical advice. Below are few basic guidelines to help you shop online with confidence, as you tick off your Avurudu festival shopping list.

Use trusted sites

Use familiar websites when purchasing online. If you don’t know the site or whether it comes from a trusted source, chances are higher that it’s a fake site out to swindle you. Beware of top-level domains being switched, such as using .net at the end instead of .com or .com for .lk, and slight misspellings of the site name.

Look for the padlock

Do not ever, ever give your details or buy anything using your credit card from a site that does not use SSL (Secure Socket Layer) encryption. You can check if the site has SSL by checking the site URL on the address bar at the top of your browser. 

Sites with SSL encryption will start with HTTPS in the URL instead of HTTP and an icon of a padlock will appear to the left of the URL, the address bar or the status bar depending on your browser. Typically, it will display in green text as well. It has now become a standard security protocol that Google Chrome flags pages without HTTPS as ‘not secure’ to standout.

Use Credit Cards instead of Debit Cards 

Whether using a credit or debit card, if someone steals your data or money the loss is yours. However, when it comes to fraud, credit cards are less risky of the two. When you use a debit card for your purchases, money will be immediately taken from your account, whereas credit cards spend the bank’s money which has been granted to you with an agreed limit and a grace period to settle. 

This allows you more time to notice any discrepancies and reverse charges if you notify them early enough, that your details may have been compromised. Some credit cards also have insurance schemes which cover fraudulent activities.

Activate two-factor authentication

Certain banks in Sri Lanka encourage you to use two-factor authentication for debit cards when purchasing online. Visa cards have ‘Verified by’ visa and Mastercard have the ‘SecureCode’ program for two-factor authentication. Request your bank to activate this for your account/card. You can also sign-up for SMS verification for your savings and current accounts.

Don’t over share

Keep a close eye on the details you share. Online shops do not need your birthdate, passport number or your biometric data to do business with you. If a criminal gets access to that information and combines that with your credit or debit card number they can steel your identity and do a lot of damage to your credit rating. Avoid giving more personal data as much as you can when you do online business.

Use strong passwords

It is important to use strong unique passwords for each ecommerce retailer that are easy for you to remember but difficult for others to guess. The accounts that we maintain with online retail websites contain a lot of personal data such as our credit card information, names and address. 

When creating a password avoid using personal information like dates, names and addresses as criminals can guess your password by associating information relevant to you. If you suspect a password of yours has been compromised, change it as soon as possible. Creating a password for each website and remembering them can be tedious and difficult. Therefore, using a password manager such as KeePass can help you to maintain safe password management.

Check statements regularly

During festival season check your card statements and bank statements regularly. Sign-up for online banking and check your transaction records frequently, to avoid any fraudulent charges that you haven’t authorised. If you see something wrong, immediately notify your card centre or bank.

Protect your internet facing devices

Use antivirus software on your computer and do regular updates on your internet facing devices. Make sure your anti-malware tools are always up-to-date. If you have ecommerce apps installed on your mobile devices, check frequently for app updates. Some apps upgrade their security features from time to time and send you the latest version.

Limit activity on public Wi-Fi

Many people don’t realise the danger of connecting to public Wi-Fi networks. If you want to shop online, it is best to use your private Wi-Fi network at home or if you must use a public Wi-Fi network to make your purchase, then consider installing and using a Virtual Private Network (VPN) on all mobile devices and computers before connecting to public Wi-Fi network. 

A VPN will establish an encrypted connection between your devices and the VPN server allowing your data to be much safer from hacker interception. Avoid public terminals for online shopping completely.

Perform your 

due-diligence

If you see a great online promotion which you think is too good to be true, do not get carried away and enter your personal details and credit card information to make the purchase. Follow your instincts, read reviews by other customers, browse through a few pages to see any signs of fraudulent activity. Check the registered address on Google maps to see if it is legitimate, pick up the phone and dial the seller’s phone number to see if it is a working phone. 

Check if the site has a return policy and a security policy. The most common cybercrime or complaint for online shopping these days is non-delivery of the goods purchased online. Use your common sense to avoid financial and emotional mishaps.

Finally, complain loud and proud

If you don’t get satisfaction of what you receive by shopping online, make a complaint to the seller. Don’t be embarrassed if you’ve been taken for a ride by the online retailer, instead be vocal and make a complaint. Try buying in local sites rather than international online shops. In local sites if you get scammed, your local laws and regulations could help protect you.

You can use the above tips to shop online safer not just during the Festive Season but all year around. Avoid exceptions and careless mistakes when applying safety and security for your identity and finances. Ensure your details are kept safe when shopping online by following these easy steps given above.

(Nisa Vithana is the Regional Head of South East Asia and serves in the board of directors for Met Defence Labs a cybersecurity service provider in the UK and Sri Lanka. She also volunteers as the Program Director for SHe CISO Exec., global training platform for Cybersecurity | Leadership and Women Empowerment. She is a passionate individual with diverse experience and skills and keen on innovation and technology that matters and committed to protect data and privacy of all concerned. She is a lover of exploring and learning new skills.)