As we all know, online shopping is nothing new but as its popularity continues to grow so does the malicious threats that can occur during your shopping experience. That is why we want to provide you with some reminders and tips on how to make you’re online shopping a safer experience. We also encourage you to share these tips with your family who may make online purchases too.
There are a few simple precautions you can take to further secure yourself before you make your online purchases. First make sure you have a web filter in place that will warn you of suspicious websites. Keep your web browsers up to date too. Often times the site you are shopping on is legitimate but if your computer is infected with keyloggers and other malicious viruses you can run the risk of your credit card data being stolen.
It is always best to shop at familiar websites but if you are looking at products or services from an unfamiliar sight do a little research before you begin; find out what other consumers have to say about the store or seller. Epinions.com and BizRate.com give customer evaluations that may help you determine the legitimacy of the company. It is also a good idea to review the website for the BBB and or TRUSTe approval icons. Be sure to click those icons to ensure that they take you to those accredited sites and that you can find the companies name within their listings. Often times harmful sights will display the graphic with no link so be aware.
Remember, before entering your personal data and credit card information check the connection of the website out to make sure it is encrypted. The URL will start with (http“s”) and also look for the padlock icon in the address bar or right corner of the window. Be aware of any warnings that your computer gives you regarding the security certificate of the site, when in doubt find somewhere else to shop.
Keep in mind when choosing a payment method it is always best to use PayPal if it is an option, that way your credit card and bank account information will not be shared with the merchants and sellers. PayPal will also protect you against fraudulent charges and if there are problems with your purchases. Once your purchases are made it’s always a good idea to check your bank accounts and credit card statements to ensure the proper amount was charged; if the charges are wrong contact the website where your purchases were made immediately along with calling your Credit Card Company to inquire about a “charge back”.
We hope that by keeping these tips in mind that you will continue to enjoy shopping online and are more secure in doing so.
While reading through the blog post that discusses how Sony’s Playstation network was breached, was I the only one that noticed that playstation network usernames AND passwords were stolen. Perhaps they left out the specifics but, why were the passwords stored using encryption thereby increasing the amount of time and effort required to decrypt the passwords?
Nevertheless, this breach is rather interesting in that the blog post states “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.” One point of doing proper log management and risk assessments is to be able to see how far the rabbit hole goes when a breach occurs. The ability to know that only a portion of records were affected during a breach can save thousands of even hundreds of thousands of dollars.
If you’re unhappy with the current Payment Card Industry Data Security Standard (PCI DSS) then now is your chance to complain. The PCI SSC Council has announced a feedback period where you can have the opportunity to “provide detailed and actionable feedback in an effort to revise future editions of the Council’s standards to improve payment data security.”
You may air your grievances during the phase two of the lifecycle process, between July 1 and November 1. The SSC Council is looking to hear from merchants, processors, financial institutions, and other key stakeholders – and I’m sure they are in for an earful. (Like how the only thing you need to be a QSA in North America is 30k, a Highschool education, and 4 days of training)
Many are unsatisfied with the “checklist” format of PCI compliance. They commonly point out how this switches the goal from overall security and risk management to simply compliance. Some of these standards don’t seem to help security at all, such as configuration management. PCI compliance should not be the goal, but it ought to serve as a jumping off point towards promoting better security practices. But too many organizations either have a purely audit-based mentality while others regard the compliance as a frustrating burden.
Does the recent data breach of Heartland Payment Systems prove PCI is useless? Maybe not, but it isn’t 100% effective either. Of course we know nothing can be in security. But does it even provide reasonable security and assurance?
There are some who call PCI DSS “security theatre.” (Like me!) It makes organizations put on a show of security that makes them feel safe, but doesn’t actually do anything. Many organizations even perform their own self-assessments and there is no incentive for them to report anything less than fully compliant.
If you’ve got a bone to pick with the PCI SSC Council over these issues, then you can use their online feedback tool to “proactively propose and discuss revisions to the next iteration of the Council’s standards.” But if you want to complain in person, you can attend their “Community Meetings” in Las Vegas or Prague.