Be it shopping online, booking tickets or availing a service, online transactions have the intrinsic advantage of being convenient and time-saving. Add to this the fact that online shopping is a great way to compare prices and pick up bargains, and you know why e-commerce is becoming increasingly popular in the country.
However, most Indians are unaware or underestimate the cyber threats involved in online financial transactions.
While there’s no way for one to lose a credit card or wallet in online transactions, one could still run into trouble. The presence of shady third party websites, cookies and fraudsters actively stealing user information online means that there are so many more chances you could accidentally hand over data to the wrong guy.
Recently, in what is being described as one of the biggest ever breaches of financial data in India, approximately 32 lakh debit cards in India are believed to have been compromised in a massive cyber attack. The data breach appears to have affected large banks like State Bank of India, Axis Bank, Yes Bank, ICICI Bank and Axis Bank, as well as international card issuers such as MasterCard, Visa, and India’s RuPay.
Rising smartphone sales have resulted in a surge in the number of individuals accessing the internet to carry out a host of activities that include net banking and online shopping. This makes it extremely important to know how to protect oneself from online fraudsters and phishing attacks (where cyber thieves attempt to swindle users out of their sign-in credentials and debit card info by pretending to be a real website, or even an online bank).
Sticking to a few sensible rules, looking out for warning signs and taking some small but significant steps can minimize the risk of fraudulent transactions. If you are one of those who prefers browsing the web for the best deals, here are 10 tips to to ensure that your online financial transactions remain safe and secure.
1. Use Trusted Websites
Search engines’ results can be rigged, so shop at a trusted site rather than shopping with a search engine (especially when you drift past the first few pages of links). Beware of sites with wrong spellings or different domain names (eg. xyz.net instead of xyz.com, for example)— these are the oldest tricks in the book.
2. Look for the Lock
Always check for the green (red is a security alert), locked padlock icon in the address field of your browser, which shows that a website meets strict cyber security standards. Verify the site’s security certificate by clicking on the padlock – clicking on the lock will allow you to see the VeriSign Certificate authenticating the site (Verisign is a leading Internet Certification Authority).
Also, never buy anything online using your debit or credit card from a site that doesn’t have SSL (secure sockets layer) encryption installed. For instance, the address in your address bar should begin https:// rather than http:// (the ‘s’ stands for secure). You can also use malware and fraud protection browser add ons that will automatically warn you if a site is known for distributing malware or for being malicious. Examples for this is Extension Defender for Chrome and Firefox.
3. Protect your Passwords
Quite often, people use common passwords for a number of transactions (including net banking). Though this might make them convenient to remember, it also puts the user at high risk for cyber theft; if hackers somehow manage to get access to one password, they virtually have access to all accounts. So, its much safer to use different and unique passwords for each account.
Here are some other password protection tips.
- Choose a strong password filled with numbers, symbols, and lowercase/uppercase letters.
- Change your passwords every 3 to 6 months. The more often, the better.
- Don’t allow your system to store the passwords for shopping and banking sites.
- Remember to log out every time after accessing your shopping or banking accounts.
- Check your password recovery options often and keep the information up to date.
- Also, never hand out your personal details to those who send emails asking for them.
4. Install latest security software
The saying “Prevention is better than cure” holds true for online transactions too. The best way to protect your device from the plethora of malware, spam and spyware on the internet is to use good antivirus software. For a stronger cyber security shield, upgrade to a version that guards against phishing and Trojans (a malicious computer program that gives backdoor access to your system) too. Remember to get it for your smartphone and tablet too – a crucial element many people miss!
5. Keep your software updated
Keep your operating system and browser up-to-date with the latest protective patches installed only from trusted websites. Most operating systems regularly release updates that fix security vulnerabilities, and not updating them may leave security holes and glitches that can be exploited in a hacking attempt.
Also, did you know that it’s not just operating systems that need security updates? All the applications you have on your systems such as Adobe Reader, Java, Flash etc as well as web browsers like Chrome and Firefox can create vulnerabilities if they’re not updated. It’s best to keep the auto update option enabled for all your software if you find it difficult to manually check and update your software.
6. Restrict what you reveal
Never share sensitive information like passwords or your personal information with online stores. The more you reveal, the easier it is to steal your identity. Whenever possible, try giving up the least amount of information. Also, double-check the terms and conditions of the site to know what policies they follow when it comes to data privacy.
When accessing your bank accounts online, stay alert. Don’t be taken in by phishing mails seeking your banking information by offering lucrative lottery winnings or in the name of organizations like RBI, LIC or the Income Tax department. If you find a suspicious mail or website, inform your bank. Skepticism in most cases can go a long way towards saving you from cyber theft.
7. Keep it private
On the internet, base your actions on the assumption that everything is hackable. Always use personal systems (computers, smart phones or tablets) for sensitive transactions over the internet. Never ever use public computers for online financial transactions; it gives cyber snoopers an easy opportunity and plenty of time to see the goods. If you ever have to use one in an emergency, just remember to log out every single time, even if you were just checking email.
Also, if you are using Wi Fi, make sure it’s secure, private and password protected (using public Wi Fi connection for financial transactions, even if it has a password, is highly risky and not recommended). The best way to keep your personal data protected is using VPN (Virtual Private Network) services that create a private, encrypted connection between your computer and the site you visit.
8. Smartphone Specific Safety
Like computers, smartphone software too needs to be updated to avoid exploitation of security loopholes. Here are some other tips:
- Use a pin, password or pattern to lock your phone and download apps only from trusted stores.
- Download your bank’s verified application on the mobile device instead of using the browser. If your bank’s app is not available and you have to use a browser, remember to clear your cache after visiting your net banking account to make sure that no one else views the confidential information.
- Banking applications should ask for a login password each time you log in. If you find any unusual behaviour, report it to your bank immediately.
- Avoid storing sensitive and confidential information on your phone. If you do, ensure that your mobile device has remote wipe installed or enabled. This is so that if you lose your phone, you can delete all information you had stored on your phone.
- Turn off Wi-Fi and Bluetooth when not in use – smart thieves can use them to connect to your device and access files.
- If you get requests via email or text for account information from any bank or business, contact them directly to confirm the request.
9. Dealing with promotional offers
Promotional mails and coupons sent by e-commerce websites have become quite common. However, it’s safer to use them by going directly to the main site than entering details in the coupon link, which is usually sent by third parties. Also, look our for warning signals in unsolicited promotional mails, such as online forms seeking passwords and unsecured websites.
10. Change pins and check statements regularly
While using ATMs monitored by banks may seem like a safe transaction, its not always the case. About 70 per cent of ATMs in India are running on outdated Operating Systems (OS), making them vulnerable to malware and fraud. So, signing up for SMS alerts of ATM transactions is very helpful as it lets you know about every transaction immediately.
It’s also important to change all your pins once in six months or at least once a year and use different pins for different cards (so that if one gets compromised, at least the others are safe). Remember to check your debit card statements regularly to keep a track of your transactions and discrepancies; small transactions at odd hours may indicate misuse.
Also, if you think your card has been used fraudulently, let your bank know straight away so they can stop any further use of it. As long as you haven’t acted fraudulently or negligently, you should get your money back if your card details have been used online by a swindler.
These are small steps, but they can go a long way in saving you the time and agony involved in retrieving lost money or repairing the damage done by wrongful usage of your personal financial data online. It’s way easier to spend a little time today for a more secure tomorrow.