How to stay safe shopping online

walking presents

For almost all of us, shopping online has become second nature and with the Christmas season coming up, we will be browsing e-retailers looking for presents to give to our loved ones.

Online Christmas 2009 is also now boosted by the fact that Royal Mail has decided to cancel the strikes it was planning, which could have potentially done a lot of damage to sales.

A recent survey by eDigital Research and IMRG, the membership community for the e-retail industry, found that consumer confidence in online shopping had grown.

Statistics said that 93 per cent of people were planning to shop online for Christmas gifts, and more than a quarter planned to do more online shopping than last year.

Furthermore, 71 per cent of people planned to do half or more of their shopping online this Christmas.

Doing more with less

IT PRO spoke to James Roper, chief executive of IMRG. He said that the economic downturn had actually been good for e-commerce in that retailers focused on price and efficiency and were doing more for less'.

"No time is more important than Christmas for that," he said. "You've got a lot of things to organise, buy and communicate and the weather's awful."

"Christmas could have been invented for internet shopping," he added. "It's always where we see the biggest growth and trade of the year, as you would expect."

Roper said that there was more faith in the security of online shopping, and that there were virtually no problematic cowboy' companies, which had been driven away from the marketplace.

But he admitted that there was still a problem with criminals targeting shoppers with tactics like phishing emails: "If you answer daft emails that go round asking you for trillions of dollars, you're kind of asking for trouble," he said.

Security company Webroot also recently said that there was an issue with cyber criminals using fake emails and Facebook spam in the hopes of parting shoppers from their personal information.

Also, figures last May from the Office of Fair Trading revealed that many people didn't shop online due to 'trust issues'.

With that in mind, IT PRO spoke with experts who offered their own tips to keep safe while surfing online.

Andrew McClelland, director of business development at IMRG

McClelland is responsible for an accreditation programme called ISIS (Internet Shopping is Safe), which now accounts for approximately two thirds of UK online shopping retailers.

With an ISIS logo, IMRG says it certifies that a retailer has registered with them and is confident that they are trading fairly. They also has have their websites and services monitored, and their business, VAT and data protection all checked.

McClelland said: "We run an audit on a candidate's website, looking at their terms and conditions and making sure that they are legally compliant.

"There is best practice, like whether a telephone number is available whether the e-retailer gives satisfactory response for any email requests."

McClelland advised shoppers to go for a brand that they trusted either by size or experience, or a website that was showing a trust mark like the one from ISIS.

As well at the ISIS logo, McClelland said that users can check if the retail website has an Extended Validation SSL Certificate, which gives web browsers information to identify an organisation's identity with a green bar.

This shows that that the retailer has gone through background checks on its server security and confirmed the identity behind the website, and whether it does provide a safe end-to-end shopping experience.

McClelland said that a problem that any IT-related industry had was that consumers become very task-focused at the point when they should be looking for security messages.

"For example, we always say look for the padlock or HTTPS. But when they appear most people are at the payment stage and are fumbling around with their credit cards to make sure they are putting the details right," he said.

"They are not looking at the periphery of the website. We would suggest that when you get to the payment stage, take a moment to double check those things."

Verified by Visa and Mastercard SecureCode are security initiatives put in place that offer another level of security if a fraudster does have your card and tries to use it for an online purchase.

This is technology put in place by card companies. If given a choice, McClelland recommended that users sign up to the scheme, which does make things make more difficult for criminals.

There are processes that you can go through if the worst happens. Contacting your bank may help you get your money back if something has gone wrong with your account.

McClelland said: "It's not the end of the world if it has happened, but before that make sure you understand where you are putting in your card details, and double check them."

He also said that it was better to use a credit card for purchases than debit cards, as they offered a higher level of protection.

Graham Cluley, senior security consultant, Sophos

Cluley warned online shoppers that in the past couple of years, it had become more common for legitimate websites to become infected with malware.

He said that shoppers needed to use up-to-date antivirus software and firewalls on any computer that they used, because even if they were going to a well-known name there was always a chance they could have become infected.

Cluley also urged computer users to keep their software patched, whether they're using browsers or plugins like Adobe Flash, which has become a big target for hackers in the past year.

"Many online stores will be using Flash technology to make their goods look sparkly and wonderful," Cluley said. We have seen a rise in the number of poisoned adverts on websites."

"This is where you see websites offering third party websites sometimes using Flash or Javascript, which then themselves infects your computer."

Phishing attacks continue, and the sheer amount of spam mail means that many of less online-savvy shoppers will fall for an email trying to push a Christmas offer, directing you to their site, which will often be malicious.

"Every time you click on those links, you are encouraging people to spam you more and more," warned Cluley.

Often during the Christmas period, computer users will be tempted to use unsecured Wi-Fi connections to browse for presents, especially with the new wave of smartphones that can do this easily.

This might be a problem, as security researchers recently revealed how they took email usernames and passwords from four of the most popular smartphones on the market using an insecure Wi-Fi connection and a laptop.

"There might be a risk of poisoned hotspots, where your data can be read if you are connecting to someone else's Wi-Fi," Cluley said.

Rik Ferguson, security solutions architect, Trend Micro

It is not a good idea to use the same password on every site that you visit, especially if it involves online banking, according to Ferguson.

Ferguson has three passwords that he used regularly. However, if he is browsing a site which he knows he isn't going to use again, he makes up a password, as it isn't important to remember it.

He said: "For example if I was buying pots and pans, which I never buy perhaps I'm buying them for someone else I'll just make up the password."

Ferguson also said that in a consumer or household environment, he believed that it was fine to write down your passwords somewhere safe.

"To be honest, if somebody's in your home rifling through your belongings looking for your passwords, you've got bigger problems," he said.

He warned though that this should never be done in an enterprise environment.

If a shopper was particularly worried, Ferguson revealed that there were banks and financial institutions that offered a one-time credit card that gave you a number that when used, was gone.