Electronic banking, on-line tax returns, Internet shopping; we’re all doing it – probably badly. There are major worries about on-line fraud, theft, malware and identity theft, yet most of us carry on in the hope that none of these things will happen to us.
Don’t trust to luck, be pro-active and take care of your own on-line security as far as you can.
Among the ways to protect yourself and your account details from on-line fraudsters, you can actively checking if the site you’re on is authentic or not.
Check the site certificate
When you log in to a secure merchant web-site – and by secure we mean at minimum, running the Secure Sockets Layer, denoted by the pad-lock in your browser’s status bar – you can easily verify if the browser session is encrypted for security by checking the site certificate.
Make sure the merchant owns the secure session. Double-click on the padlock in your browser window to open the session properties window. It should show that website owner is the same as the certificate owner, for example, Barclaycard’s certificate comes up as Barclaycard On-Line, bcol.barclaycard.co.uk.
Check that the security certificate is valid. Select the option to ‘View certificate’ or go to the Tab labelled ‘Security’, depending on your browser. That will state the certificate expiry date. Depending on your browser, you may see further verification; ‘This certificate is OK’.
Make sure your web browser is secure.
There is a web-browser arms race going on involving Microsoft’s IE, Google Chrome, Mozilla Firefox, Apple Safari and Opera. All of them updating their browser applications to improve performance and security with greater frequency. When you’re notified that updates are available for your web browser or plug-ins, don’t delay, take them.
Install a firewall and anti-virus software
Keep the hackers and viruses out of your machine when you’re on-line. A firewall keeps out unwanted traffic and the anti-virus program will scan for and detect any covert software that does make it through the ‘legitimate’ traffic you allow. Some e-mail, attachments and other downloads that you do want can be infiltrated en route or at source. This doesn’t make you stupid, because you use these tools to notify you of attacks to keep your computer secure. Install updates to firewalls and A-V software as soon as they’re released.
Keep your personal details secure
Just as you should avoid writing down your password and pass-phrases, don’t store them in unencrypted documents on your computer either. Most malware infiltrating your machine will scan it for files containing passwords and bank details.
Generally for your protection, the responsible merchants and banks will log failed attempts to access your account and invoke second-layer verification or disable access. Protocols to recover passwords and reactivate locked accounts may seem like a pain, but you will welcome them come the day they’re needed.
Be Alert for Scam Emails
Most responsible merchants and banks state their policy on suspicious emails:
“If you receive an email that asks for your banking or log in details, it’s best to treat it with suspicion, as we’d never ask for your account information in an email. Such emails may use an urgent or threatening tone to cajole you into supplying the information they’re asking for.
Scam emails may look authentic, as though they were sent by us or another reputable financial organisation. Often they’ll have a link which directs you to a spoof website where you’ll be asked to enter your details. Even just clicking the link could activate a virus, so the best action to take is to delete the email without opening it.”
If you think you’ve received a scam email, forward it to the security team, or failing that, customer services at the merchant or bank. They take security very seriously. The scam may already be known, but your report will add weight and urgency to countering the threat. Not everyone is as switched on to the dangers as you.
Keep a close eye on your account
Check your on-line accounts on a regular basis. You need to be proactive and spot any unusual activity as soon as you can, don’t wait for the merchant or bank. If you notice transactions you don’t recall making, contact the merchant or bank with the details. Their counter-fraud teams usually swing into action very fast and a quick report by you is usually enough to absolve you of financial liability. A quick cancellation and re-issue of cards or accounts, with an appropriate charge-back or write-off is preferable to you picking up the bill.
If in doubt, call the help desk at your merchant or bank. There are telephone numbers given for Customer Service, security and counter-fraud calls on all responsible operators’ web-sites.
Always log out
Once you finish using any secure site, make sure you log out fully before closing the tab or browser window, particularly if you use an Internet cafe or a shared computer. Don’t leave the next user of the computer with access your account.
Don’t leave your computer while you’re logged in. It’s always safer to finish what you’re doing and log off. Locking the screen isn’t sufficient. Log back in with a new session when you return to the machine.
Most merchants and banks will automatically log you out of your session if you are inactive for a time, anything from five minutes and up, depending on their view of risk.
Clear your browser cache
Your browser stores the address of every page you visit so you can access it quickly when you next return. It’s safer if your list of pages visited is cleared, not stored for someone else to find.
Many merchants and banks now automatically instruct web-browsers not to store personal information in memory or cache. You can make certain my clearing your browser cache manually. Check the Help pages for your browser for instructions on how to do this. You can selectively flush sensitive page addresses if you don’t want to clear the lot.
This is a high-level fly-by of security measures for the concerned on-line citizen. You may want to do a little digging in respect of your own on-line habits to cover any potential breaches. A few precautions like these will go a long way toward ensuring your peace of mind in the information age. AJS
Image: Combinatoria By rpongsaj (Flickr) [CC-BY-2.0 (www.creativecommons.org/licenses/by/2.0)], via Wikimedia Commons