Reduce online shopping risks this holiday season with advice from BSI
17 December 2019
Observing safe online shopping practices during holiday season will not only protect data, strengthen resilience, but will also reduce the likelihood of a fraudulent transaction taking place. The BSI global centre of excellence for Cybersecurity and Information Resilience has outlined the following seven tips for secure online shopping during the biggest sales events of the year:
- Stick to trusted websites: Always check for security symbols e.g. closed padlock symbol at checkout page on the web browser address bar, which indicates that your data will be encrypted when transmitted.
- Keep software and passwords updated: Do regular checks for upgrades to your device operating system or software and install these. Make sure you have the latest updates for anti-spyware and anti-malware programs to ensure that nobody can track your internet use or infect your device. Likewise, it’s important to make sure that you regularly update your passwords to increase your safety online.
- Be cautious when responding to emails: If you are unsure of an email that is asking for your personal details, especially if it appears to come from a reputable retail website or your bank or service provider don’t respond to it. Get verification from the outlet first. Validate information shared via emails or newsletters by visiting the retailer’s website, manually typing the website’s address in the address bar. If an email deal seems too good to be true, then it probably is.
- Set up credit card alerts and keep records of purchases: When a purchase is made over a certain amount you will receive an alert, keeping you up to date on your account transactions and safety. You should also review all bank account transactions regularly and keep electronic receipts of any online purchases.
- Share only basic personal data when making a payment: Only share the information that is needed to complete the purchase and avoid giving your bank account details. Use your payment card but don’t let the website store these details. The fewer sites that have your credit card details, the better.
- Transparency obligations and tick boxes: If you have a concern about your personal data, read the website’s privacy notice first. Companies are obliged to provide you with a detailed notice at the point of data collection. Many companies will try to get your permission to send emails and newsletters or to pass on your details to third parties. If you don’t want this, make sure you tick or untick the box as relevant during the buying process.
- Beware of public computers and public Wi-Fi: When using public computers, always log out, clear history, and close the browser tabs individually when you are finished. When on free Wi-Fi, avoid giving personal or payment information and choose to browse using the ‘public browsing’ setting when available. When possible, use a VPN tunnel to a trusted network.
“Our advice is ultimately about making everyone cybersecurity-aware when shopping online and to be alert to the potential risks. Many shoppers will research retailers and whether their deals are legitimate, but there will be those that will simply click ‘purchase’ straight away to grab a great deal. Having immediate access to purchases on mobile devices and through social media has increased instant purchases and customers may end up purchasing from an illegitimate website or give too much of their data away unnecessarily,” says Stephen Scott, Senior Manager of Cybersecurity and Information Resilience Services at BSI.
“The holiday season presents many opportunities for consumers and retailers, however cyber criminals will be looking out for opportunities to take advantage, as people tend to share their payment details without doing appropriate due diligence. While payment security has increased this year with the introduction of PSD2, to further enhance this, a shopper should also take responsibility and look out for anything that may look suspicious to keep their personal and financial data secure.” concludes Stephen.
The BSI Cybersecurity and Information Resilience team provides a range of solutions to help organizations address their information challenges covering cybersecurity, information management and privacy, security awareness, and compliance and testing. For more information visit https://www.bsigroup.com/en-AU/Cyber-Security/
ENDS
About BSI
BSI is the business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century BSI has championed what good looks like and driven best practice in organizations around the world. Working with 84,000 clients across 193 countries, it is a truly international business with skills and experience across a number of sectors including aerospace, automotive, built environment, food, and healthcare. Through its expertise in Standards Development and Knowledge Solutions, Assurance, Regulatory Services and Professional Services, BSI improves business performance to help clients grow sustainably, manage risk and ultimately be more resilient.
About BSI Cybersecurity and Information Resilience centre of excellence
The BSI global centre of excellence for Cybersecurity and Information Resilience is based in Sandyford, Dublin, where it manages and secures corporate information for BSI’s global clients. The company provides expertise to clients on the identification, protection, compliance and management of their information assets through a combination of consultancy, technology, research and training. Its mission is to help clients achieve Information Resilience - an environment where infrastructure is protected and secure, regulatory and compliance obligations are met, people are safe, and reputation and trust is maintained. The companies highly qualified consultants’ experience and expertise cover the entire Information Governance landscape.
The companies’ credentials are enhanced by adherence to internationally recognized accreditations and certifications (CREST / Cyber Essentials / Payment Card Industry Data Security Standard Qualified Security Assessor). BSI is the originator of the ISO/IEC 27000 series of Information Security Standards and the global leader in providing training and certification to ISO/IEC 27001, the established best practice in Information Security Management Systems (ISMS).