Online shopping has only grown in popularity due to the endless catalogue of purchasable items, the convenience of making purchases at your fingertips, fast delivery and great deals. It has also created lucrative opportunities for criminals scammers to trick you into paying for goods you won’t receive or obtain your personal information for their own financial gain. Unbeknown to you, you could be creating the opportunity for them by being enticed by a really good deal online via a mailer or Facebook advert. After you have paid for your purchase in full, you don’t receive the goods and when you try to make contact with the online retailer, there is no response. They have simply disappeared and your money is gone.
- Be aware that the ‘s’ in the ‘https’ no longer guarantees that a website is secure.
- When registering on an e-commerce website, always choose a strong password or even better, a passphrase and never save these on any computer or mobile device.
- When registering on a secure site, choose a strong password and do not save your login details on any computer or mobile device.
- Never re-use the same password on multiple domains.
- Avoid sharing your personal information, online merchants don’t need your ID number or date of birth to process your order, but cyber criminals can use this to steal your identity.
- Check your bank balance after making any shopping payment, and report any fraudulent transactions to your bank immediately.
- For added online shopping verification, register your bank card with 3D secure.
- Ensure your antivirus software is installed, activated and updated regularly. Cybersecurity habits can reduce your risk of becoming a victim.
TIPS FOR MERCHANTS
- Be aware that online fraud is on the increase and that organised crime syndicates are behind it. These criminals want your banking details as well as the banking details of your customers.
- When it comes to high cost orders, including from established customers, always check with the card operator. In addition, check the fulfilment address as a sudden unexplained change of address could be a sign of fraud.
- Note that both credit and debit cards are equally likely to be used for fraud.
- High value purchases can be used to launder money using stolen credit cards. If you are selling high value goods, always take note of large orders and double-check all details.
- Your customers data i.e. names, addresses, telephone numbers, email addresses, bank card or bank account numbers etc. are your responsibility. Criminals want these details and may try to hack into your data repository to steal this data. Ensure that your data repository is secure.
- Because your customer data repository is your most valuable asset, you must take every precaution to secure it by investing in robust anti-hacking software. Ensure that you keep this updated by installing all updates and security patches. This also applies to websites using a Customer Management System (CMS) such as WordPress or Drupal.
- In addition to updating security patches, ensure that you regularly updated all other systems to their latest versions.
- Should your data repository be hacked, inform your bank and card schemes. SABRIC can assist you to inform your bank. Should there be a risk to your customers as advised by your bank, please notify your customers immediately.
- Implement a breach plan as soon as possible so if this occurs, you can notify the correct parties immediately to reduce the impact of potential fraud and other cybercrime activities. The longer you wait once you find your data repository has been compromised, the greater the damage to your customers trust in your business and to your business's reputation.
- Never open attachments from unknown sources as the attachment can carry malware allowing criminals to access your data repository which could enable them to steal your customer data.
- Frequently check all the links on your website with a special focus on your payment links. Links can be compromised to divert your customers to other bogus/dummy websites designed to steal payments.
- Conduct a monthly search on your domain name. Criminals can create bogus/dummy sites using a URL almost identical to yours to divert your customers and steal their payments.
- Merchants must look to both POPIA and possibly GDPR as well to ensure PCI compliance. By following the conditions set out by POPIA and the guidelines issued by the Information Regulator means that you are taking your customer's data and privacy rights seriously thereby reducing the risk of personal information breaches. With regards to PCI DSS, meeting the security controls set out by the Payment Card Council and using PCI DSS level 1 certified service providers means you are protecting yourself as far as possible. Ensure that you always keep 3DSecure on as well.
- Merchants should add an “Online Shopping Safety Suggestions” section to their website to guide customers about things like 3DSecure, and OTP’s (One Time PINS) and other updates about new fraud trends used by criminals.
Click HERE to watch the video.