With online shopping on the rise, growing more and more each year, it’s become extremely easy to make payments with a single click, and make a purchase, without bothering any further about it. To add to the ease of use, many websites and stores offer the option to directly store your card details online, to save you the hassle of typing in the information each time. However, although we easily trust in the security provided by these sites and key in the details without giving it a second thought, how safe is it, really, to save your card details online?
Hackers have nowadays found ways to exploit the very systems designed to safeguard and protect Online shopping enthusiasts from fraud! Payment Services like “Verified by Visa” or “MasterCard Secure Code System” are extensively used by cardholders all over the world, and several major banks actually even require their customers to use them. However, hackers have nowadays been building a perfect duplicate of these pages, and many a time, hacking ECommerce websites to integrate these pages into them. The unwitting shopper has no clue that when he’s entering his details into the relevant fields on these pages, it actually redirects information, and even the account balance, to the hacker! It’s not the effectiveness of these systems which is in question, but the impersonation of these secure gateways and pages is an extremely dangerous security threat.
Remember that shady looking video link on Facebook that you clicked on, out of curiosity? It actually redirected you to a weird, non-responsive page that looked completely weird, right? Well, guess what, it just downloaded a malware to your system, known as a keylogger. These can monitor and record every keystroke made on your computer, and send that data back to the hacker, who can use it for whatever he wants! Bank account details, passwords, social security information, sensitive data, all of it can now be exploited by the hacker, as he pleases! Although almost every modern antivirus system has extensive dedicated built-in features to detect and block such malwares, they are being advanced and upgraded more and more to bypass the security features!
Nowadays we use our smartphones for everything, and it has almost become an extension of us, rather than a separate object. From Banking apps and Work related information to Card details, our phones have the features to access all of them, at our fingertips! And usually, everyone who uses them has their login details saved and these accounts permanently signed in and synced to avoid the hassle of doing it each time they use the app. This becomes extremely dangerous in the event of your phone being stolen, as the person who finds it can freely access all the sensitive data, as well as your account and transfer the entire balance to his account, as well as use it for his own purposes!
Free WiFi is everywhere nowadays! From coffee shops to bookstores to bus stands, users can simply connect to the WiFi and browse the internet to their heart’s desire. All that’s well and good, except that most of these free connections aren’t secure ones, and accessing anything sensitive or confidential over these unsecured connections is extremely risky. Especially for any services like FTP (File Transfer Protocol), which aren’t encrypted, you should never use unsecured connections to access or input sensitive data. If you absolutely must, you should try to use the “https://” prefix instead of the “http://”, but keep in mind that not all websites support this.
Online shopping has gained huge momentum in the past decade, and each and every day you can find new ECommerce stores popping up on the internet, joining the competition, with newer products and better deals! However, with online ECommerce, there are specific sets of PCI (Payment Card Industry) rules and regulations that need to be complied with, and you’d be surprised to know that 6 out of 10 ECommerce stores are extremely unclear about how strictly they adhere to these guidelines, if at all. This is a huge issue, as customers remain unaware of their security features, and simply go by the products they offer, and unwittingly end up being victims of Cyber Fraud, because of the lack of proper safeguards and security features on these sites.
Whenever possible, you should type in the URL yourself, instead of clicking on a link that redirects you to that page. Hackers create web pages that look completely identical to the legitimate site, even so far as their logos, and unwillingly, instead of going to the website you wanted to, might end up on a page created by them to steal your details the moment you save your card on it. The best practice is typing in the actual URL of the website, which protects you from identity theft, as well as misappropriation of your sensitive information, as links in E-Mails, on Facebook, and even Bookmarked ones can be corrupted or redirect you to a fraudulent site.
In the extreme case that your card details do get stolen because you saved them online at a fraudulent website, it is always a good idea to get a proper knowhow of what security policies your bank has and what can be done in such a situation. Reputed companies can usually block usage of the card the moment you inform them, but sometimes the process takes a much longer time, and any money that gets misused due to usage within that period of time might be extremely difficult to be reimbursed for. Often they drag into lengthy legal cases, which cause even more monetary losses, without any favourable outcome.
Make sure that the pages in which you need to type in your card details or make transactions are secured. You can check this by either making sure it uses the “https://” prefix or it has a padlock or VeriSign insignia at the bottom of the page. Both of these are indicators of the website using encryption to protect your data, which is a must, wherever bank account details need to be entered and stored. You could also use a third party service yourself, like “HTTPS Everywhere”, which encrypts all the websites and web pages you visit, forcing them to use secure browsing.
While it is extremely easy-to-use and is probably faster than your home internet connection, buying or storing card details online over WiFi is never a good idea. Especially more so over public WiFi, as hundreds of people have access to it, with very little monitoring or safeguards in place. Doing the same using your smartphone is also a big no-no, and instead, you should consider using a device with secure routers, or even your landline phone connections, with a secure firewall set up, along with up-to-date anti-virus and anti-spyware softwares.
Most Payment Gateways ask for just 3 things: Your card number, the CVV code, and the expiry date, after which they either use the OTP (One Time Password) or in fewer cases, ask you to enter your pin. Not only should you double check each step of this process, you should be extremely wary if you’re asked for any additional information. Social Security Numbers and other details are never required for making transactions, and if you ever get a message, whether through E-mail or SMS, informing you of a glitch in the processing and asking for additional details, or to resend the account details through E-mail, you should immediately report it as spam, and delete it. Any glitch or technical problems during the transaction would be informed to you by the website or your Bank directly.
So, to sum up, the best thing you can do to prevent misuse of your card details stored online, is to simply never store it online! But, if you absolutely need to, you should keep all of the above points in mind, and take all the necessary steps and safeguards against the misuse of it, as you possibly can.