Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Are we really shopping " securely " on the Internet?
Once Black Friday, Singles' Day (if you have Chinese roots or any kind of relationship to it) and Christmas are over, I'm sure the vast majority of us have a long list of anecdotes of exotic e-commerce portals, carriers in trouble, packages that never arrived and so many other stories. However, the real question we should all be asking ourselves is: Did I buy securely? Although we may all think we did, I hope this article makes you think for a moment and take a mental review of this list of best practices.
First level - Choosing the right portals
Most people make their online purchases on well-known portals where there should be no major problems to do business (if the following levels are taken into account). However, many others are looking for better prices (the "bargain" concept) or are looking for borderline legal options (imitations, second-hand of questionable reliability, private-to-private exchanges on little-known portals, etc.).
In these other cases, the problem is that users will basically approach two scenarios:
- Fraudulent websites: where under the guise of legitimate online commerce they will steal your credentials, payment method data, etc. Without giving anything in return or delivering useless merchandise.
- Legitimate imitation websites: In these cases, the portal functions normally, sometimes imitating the authentic portal of well-known brands (RayBan, Nike, Adidas, etc.) but the delivered product is a low-quality imitation or something similar directly. These cases border on legality, although they clearly infringe trademark and so on.
The rest of the "known" portals that we can use and that are in common use should not present a major problem when carrying out online transactions as long as we take into account the following two levels.
Be cautious and always check (forums, friends, etc.) how these other portals “are rated”.
Second level - Following some best practices (in the purchasing process)
At this level, there will come a time to check out and pay for the purchase. At this level, there are of course a few points to try to keep in mind:
- The famous "padlock" sign indicates that we are using the HTTPS protocol (HTTP Secure) and is the most basic condition for secure electronic transactions on the web. In addition to encrypting the data we send; it authenticates end-to-end the two environments (the portal and the user).
- Buying online without this approach is very dangerous. There are no minimum-security guarantees.
- If you are using the portal for the first time (watch out for level 3, below) give the basic data needed and nothing more than necessary (much of the data is for marketing and profiling purposes as we saw in another post)
- It may be a good practice to have a personal email address exclusively for e-commerce (person.online@gmail.com) and to manage this type of activity more carefully.
- The payment method is important. If we use third-party services such as PayPal, it is perfect as long as we condiv the validation options in a reasonable way (authentication, payment approval security, maximum amounts, etc.)
- If you use credit/debit cards, be cautious about leaving the data already saved, be sensitive to the facilities provided by the browser or the operating system to save the data of all the cards that you have active.
- The most dangerous piece of information is the card's security code (the CVV), which we should try not to leave stored and always keep in mind level 3 (below).
- We should be serious about accepting the transaction with our bank. Each time (if possible) we should be asked for specific authentication with a code generated on the spot (there are many variants depending on the bank) so that we can validate each transaction one-by-one.
- If you use credit/debit cards, be cautious about leaving the data already saved, be sensitive to the facilities provided by the browser or the operating system to save the data of all the cards that you have active.
- Taxes and currencies. Be aware of what exchange rate will be applied when using foreign currency and whether you will be charged taxes in the case of certain countries (e.g., UK now out of the EU due to Brexit).
- With the previous point, before accepting the transaction at the bank, keep in mind this issue (currency and taxes). If something does not fit, it is better not to accept and check everything. Avoid compulsive buying 😊
- Always keep the complete information (and if official, with digital signature) of the "receipt" of the purchase where the whole route of the purchase is completely identified (for possible claims or possible fraud).
Third level - Choosing the best scenario for buying online
It is obvious that sometimes we must make an emergency online purchase (a trip due to a family emergency) but we should try to avoid some basic high-risk scenarios:
- Use our own "secure" device and avoid computers in hotels, cyber-cafés, friends, etc.
- Use home or office connections, the 4G/5G network or trusted Wi-Fi networks and avoid networks in cafés, hotels, town halls, etc. Specially, if they are "open" or if we have never used them before.
- If a friend sends us an SMS, e-mail, Whatsapp, etc. with an address of a portal with outrageous prices (see level 1), avoid clicking on the link directly and look for it first on the internet or make sure it is a trustworthy portal.
It has always been said, and I believe it is still true, that the weakest link in the cyber security chain is the human being. When we shop online on a personal basis, we are making micro-decisions at all three levels above.
Before you go on to do anything else, please think for a moment to see if you are shopping (or not) in a “ secure” way.
