Web icons_SVG_ 8 oct

Online Shopping Scams

Online shopping has only grown in popularity due to the endless catalogue of purchasable items, the convenience of making purchases at your fingertips, fast delivery and great deals. It has also created lucrative opportunities for criminals scammers to trick you into paying for goods you won’t receive or obtain your personal information for their own financial gain. Unbeknown to you, you could be creating the opportunity for them by being enticed by a really good deal online via a mailer or Facebook advert. After you have paid for your purchase in full, you don’t receive the goods and when you try to make contact with the online retailer, there is no response. They have simply disappeared and your money is gone.


  • Only shop at reputable retailers and avoid unknown ones, even if the offers seem amazing;
  • Shopping for cheap online specials can be an expensive mistake. If a deal seems too good to be true, it probably is; use YIMA, a website vulnerability scanner, where you can do website security check for scams, known vulnerabilities and security headers.
  • Be aware that the ‘s’ in the ‘https’ no longer guarantees that a website is secure.
  • When registering on an e-commerce website, always choose a strong password or even better, a passphrase and never save these on any computer or mobile device.
  • When registering on a secure site, choose a strong password and do not save your login details on any computer or mobile device.
  • Identify subtle clues – such as spelling errors – that may indicate the email they seemingly received from a retailer is actually from an imposter;
  • Watch out for spoof e-commerce sites advertising specials. Criminals only need to change one digit of a web address to create a spoof website and steal your data; again, check the url using YIMA.
  • Be wary of unfamiliar e-commerce sites, especially if they do not redirect you to confirm your transaction via your banks 3D secure page or via your own banks mobile app before you pay;
  • Don’t save your card details on e-commerce sites;
  • Never re-use the same password on multiple domains.
  • Avoid sharing your personal information, online merchants don’t need your ID number or date of birth to process your order, but cyber criminals can use this to steal your identity.
  • Check your bank balance after making any shopping payment, and report any fraudulent transactions to your bank immediately.
  • Ensure your antivirus software is installed, activated and updated regularly. Cybersecurity habits can reduce your risk of becoming a victim.
  • Make sure that your mobile shopping apps are the latest available versions by updating these regularly;
  • Protect yourself against fraud by registering for additional security that sends a One Time Pin to your phone when making a payment;
  • For added online shopping verification, register your bank card with 3D secure.
  • Never supply your OTP to anyone while conducting an online transaction;
  • Change your Wi-Fi’s wireless router password as most people use the default router password provided by their ISP (Internet Service Provider). Changing the wireless router password makes the connection more secure;
  • Never click on unknown links in emails, or open email attachments from unknown sources;
  • Never forward emails that may contain malicious attachments or links.


  • Be aware that online fraud is on the increase and that organised crime syndicates are behind it. These criminals want your banking details as well as the banking details of your customers.
  • When it comes to high cost orders, including from established customers, always check with the card operator. In addition, check the fulfilment address as a sudden unexplained change of address could be a sign of fraud.
  • Note that both credit and debit cards are equally likely to be used for fraud.
  • High value purchases can be used to launder money using stolen credit cards. If you are selling high value goods, always take note of large orders and double-check all details.
  • Your customers data i.e. names, addresses, telephone numbers, email addresses, bank card or bank account numbers etc. are your responsibility. Criminals want these details and may try to hack into your data repository to steal this data. Ensure that your data repository is secure. 
  • Because your customer data repository is your most valuable asset, you must take every precaution to secure it by investing in robust anti-hacking software. Ensure that you keep this updated by installing all updates and security patches. This also applies to websites using a Customer Management System (CMS) such as WordPress or Drupal.
  • In addition to updating security patches, ensure that you regularly updated all other systems to their latest versions.
  • Should your data repository be hacked, inform your bank and card schemes. SABRIC can assist you to inform your bank. Should there be a risk to your customers as advised by your bank, please notify your customers immediately. 
  • Implement a breach plan as soon as possible so if this occurs, you can notify the correct parties immediately to reduce the impact of potential fraud and other cybercrime activities. The longer you wait once you find your data repository has been compromised, the greater the damage to your customers trust in your business and to your business's reputation.
  • Never open attachments from unknown sources as the attachment can carry malware allowing criminals to access your data repository which could enable them to steal your customer data.
  • Frequently check all the links on your website with a special focus on your payment links. Links can be compromised to divert your customers to other bogus/dummy websites designed to steal payments.
  • Conduct a monthly search on your domain name. Criminals can create bogus/dummy sites using a URL almost identical to yours to divert your customers and steal their payments.
  • Merchants must look to both POPIA and possibly GDPR as well to ensure PCI compliance. By following the conditions set out by POPIA and the guidelines issued by the Information Regulator means that you are taking your customer's data and privacy rights seriously thereby reducing the risk of personal information breaches. With regards to PCI DSS, meeting the security controls set out by the Payment Card Council and using PCI DSS level 1 certified service providers means you are protecting yourself as far as possible. Ensure that you always keep 3DSecure on as well.
  • Merchants should add an “Online Shopping Safety Suggestions” section to their website to guide customers about things like 3DSecure, and OTP’s (One Time PINS), YIMA and other updates about new fraud trends used by criminals