Safe Online Shopping
1 of
Learning Purpose
As people can enjoy the convenience of shopping at online store, there are associated security threats and risks to aware. This course introduces security risks of online shopping and provides consumers with suggested precautions and good practices, so that they can enjoy a reasonably safe online shopping experience.
What are the security risks of online shopping?
- Fail to receive ordered goods after shopping via bogus website and fake email.
- Make payment over unsecured web pages resulting in sensitive information leakage.
- Receive goods that do not match the product description and fail to recover the money paid.
How to know that a shopping website isn't trustworthy?
- The website looks poorly designed, unprofessional and contains broken links.
- Sales, returns and privacy policies are hard to find or unclear.
- Ask for credit card information anytime other than the purchasing process.
How to know that a shopping website isn't trustworthy?(Continued)
- Cannot go back and re-entry information during the purchasing process.
- Registration information of the website domain name is anonymous or cannot match the company background.
- No business address or phone number is given.
- The offered discounts look too good to be true.
How to protect yourself when shopping online?
Before making the purchase
- Always be vigilant and assess whether the online store is trustworthy.
- Conduct research to ensure that the online store is reputable (e.g. using search engine to search for the shop name with keywords "review", "complaint", etc.)
- Read the sales, returns, complaint handling and privacy policy to understand customer's rights and how personal information will be used.
- Compare the price listed by other shops.
How to protect yourself when shopping online?(Continued)
When submitting personal information and making payment
- Stay alert to the security of online store in particular web pages for log in and payment, for example checking whether an image of padlock is shown in browser and the web address is started with "https".
- Print and keep a copy of the transaction record.
- Check credit card and bank statements regularly to identify unauthorised transactions.
How to protect yourself when shopping online?(Continued)
- Avoid money transfers, direct debit and sending bank or credit card details by email.
- Consider using secure online payment gateway, for example PayPal service can avoid disclosing credit card information to different online stores and its payment process can support strong authentication mechanism, such as two factor authentication.
Good practices for protecting sensitive
information and online activities
- Use a trusted and secured computer/ mobile device and keep software up-to-date, particularly your web browser, anti-malware software and firewall.
- Avoid using unknown or insecure network connections.
- Protect online user account with a strong and frequently changed password.
- Select service provider which can provide strong authentication mechanism, such as two-factor authentication.
Good practices for protecting sensitive
information and online activities(Continued)
- Always log out website or system after use and clear browser cache.
- Encrypt sensitive information during data transmission.
- Don't respond to any suspicious email or pop-up message which asks for financial or other sensitive information.
Summary
- Use trusted and secured web browser and device for online shopping.
- Conduct research before online shopping and assess whether the online store is reputable.
- Check whether an image of padlock is shown in browser and the web address is started with "https", in particular during submitting personal information and the payment process.
Extended readings and resources
- CSIP Safety Centre – Secure my personal computers
- CSIP Safety Centre – Secure my mobile devices
-
US-CERT -
Understanding Website Certificates
- Hong Kong Monetary Authority - Internet Banking