They want to avoid public embarrassment and lawsuits associated with the loss or unauthorized release of customer information. It is also a good way to ensure that their reputation is intact and that users can trust them with their money and their financial details.
The potential for financial fraud is higher for online transactions than in-store dealings. However, with the right processes and tools, it is possible to mitigate the risk of an attack and keep customer data safe to protect the business. This also helps avoid chargebacks, penalties, and unnecessary fees and fines.
Type, don’t Click
Type the URL in the address bar instead of clicking a link to go to your chosen retailer’s website. It may take a little more effort, but this simple action can help avoid visiting fake and malicious websites. Ensure that the link starts with ‘https’. The ‘s’ symbolises a secure site. Make sure there is a padlock symbol in the browser window frame whenever you visit a payment site.
• Use a hard-to-guess password that contains upper and lower case letters, numbers and symbols.
• Do not use the same user name and password for all online accounts.
• Change passwords as often as possible, but at least every three months.
• Do not share your passwords or user identification information. A recent scam involves email that appears to be from a user’s Internet provider, requesting this information. Internet providers, banks, credit cards, and reputable Internet businesses never contact customers to request their password or user name.
• Never click on any links in an email asking for identification information. Contact the institution by phone immediately to report the concern.
Taking the time to choose a hard-to-guess password is very important. Even if hackers try to use brute force to guess users’ passwords, it will take them time to succeed at it. Most password-cracking software will first try combinations of a user’s name, address, birthday, city of residence, and other personal information, as well as words in the dictionary and popular number sequences.
Online shopping tips
• Always log out of bank, credit card, and merchant sites after you have completed your transaction.
• Do not allow your computer to store user names and passwords for merchant or banking websites.
• When setting up security questions for sites online, use false information unrelated to your personal information, and keep track of your answers.
Where not to shop
• Do not shop, pay bills, or access your bank or credit card websites using public Wi-Fi. Shop from home and only over a secured Internet connection.
• Do not use “easy pay” payment options or “one-click ordering.” It takes a few extra seconds to enter a user name and password on a merchant site but often takes months to recover from online credit card fraud.
• Use the most up-to-date version of your Internet browser. They will use the most recent technology to scramble and protect data sent via the Web.
How to shop safely
• Pay attention when visiting financial and sales websites. Authentic websites will post logos such as that for VeriSign. Users can click on the logo to verify the site identity before they begin shopping or completing banking transactions.
• Use only one credit card for online purchases in order to limit exposure to fraud and theft on all your cards. If possible, use a pre-paid debit card in place of a credit card.
• If an email, instant message, chat request or Internet site appears suspicious, close your browser and email programs and shut down your computer for a time. When you restart the computer, run a full virus and spyware scan before logging back on to the Internet.
SSL CERTIFICATE IS NOT ENOUGH.
Some people might think that they are secure online just by implementing SSL certificates, but this is not true. In fact, if you currently have a software running on SSL 3.0 or lower, then you would need to upgrade to something that uses Transport Layer Security (TLS).
PERFORM VULNERABILITY SCANS ON A REGULAR BASIS.
Because hackers and cybercriminals can be creative and flexible, and new vulnerabilities are discovered almost on a daily basis, you should complete a vulnerability scan every 90 days, or at least once every quarter. If you are aiming for compliance, you need to have a passing scan.
REQUIRE A CVV OR CARD VERIFICATION VALUE.
Another way to fight fraud online is to require a CVV. CVV is a security feature that helps the system determine that the user has his or her credit card on hand. The CVV is a three- or four-digit number printed on the credit card itself.
Both the CVV and the address verification system will help thwart fraudsters who only have a credit card number.