Safe shopping tips for online buys

Browse at reputable portals, give personal details over secured sites and use credit--not debit--cards during this festive season, advise security experts.
Written by Kevin Kwang, Contributor on

Online shopping has become increasingly popular across the Asia-Pacific region, with more people turning to the Web to satisfy their shopping fix.

A study conducted by the Information Systems Audit and Control Association (ISACA) revealed that employees planned to spend nearly two working days trawling the Web for gifts during this year's festive season.

Also, the Asia Digital Marketing Association's 2009 yearbook described e-commerce in the region a "growing trend", with 44 percent of Net users said they have shopped online over the past three years and 63 percent indicated they currently shop online "at least occasionally".

According to MasterCard Worldwide Insights, China generated online shopping revenue worth US$297.8 billion in 2007, accounting for 44.9 percent--the largest market segment--of the Asia-Pacific region overall figure. The country's online shopping revenue is expected to climb to US$1.4 trillion in 2010. Japan, a distance-second, will see its online shopping revenue grow from US$168.9 billion in 2007 to US$185.3 billion in 2010.

However, the tremendous potential also provides an opportune time for cybercriminals to turn more aggressive in conducting online fraud. Symantec, for example, reported in a blog post last week that spammers have been hard at work sending Christmas-related spam, in an attempt to lure users to open the unsolicited e-mail messages that contain malware or that urge them to provide personal details.

Below, security vendors and an online payment service provider provide tips on how consumers can keep this holiday shopping season free from cyber attacks:

  • Keep computer in tip-top condition.
    Eric Chong, Asia-Pacific regional marketing manager for Trend Micro, advised users to ensure their PCs have the latest software updates and patches, and to enable automatic updates where possible.

    "Since cybercriminals typically take advantage of flaws in the software to plant malware on PCs, keeping your software current will minimize your exposure to vulnerabilities," noted Chong.

  • Do a background check on the online retailer.
    Just as you would with a brick-and-mortar shop, check out the retailer's reputation and credibility before making purchases on the site. Melanie Cole, McAfee's Asia-Pacific consumer marketing manager, recommended that online shoppers check if the e-tailer lists a physical address and phone number.

    "Call the company's phone number to see if there is a representative you can speak to," added Cole.

  • Shop at secure Web sites.
    Before providing sensitive financial details to make an online purchase, first make sure the site is secured. David Freer, Symantec's vice president of consumer for Asia-Pacific and Japan, said secure sites would contain "https://" in the URL address box, which indicates encryption is being used, as well as a padlock symbol on the bottom right-hand corner of the screen.

    According to Freer, some Web sites are "certified secure" and display the appropriate certification either on the homepage or at checkout. The certificate would be issued by a variety of organizations including VeriSign and Go Daddy, indicating that the site supports SSL (secure sockets layer). Others providing such security features might post the words "secure transaction" or "we offer SSL technology" on their site.

    "If your e-merchant doesn't offer SSL security, you should probably shop elsewhere," he said.

  • Check for critical purchase details.
    Online shoppers should be vigilant in checking out critical details, for example, the retailer's refund and privacy policy. It is particularly important to know that personal details provided for the purchase will be kept private and not shared with third-party sites.

    "If a policy is not posted, ask the merchant if there is a time limit to return an item and whether a full refund or merchandise credit is offered," said Mario Shiliashki, general manager at PayPal South East Asia and India. "If users are purchasing collectibles such as sports memorabilia, it would be wise to confirm the authenticity of such items."

  • Always credit, never debit.
    While most e-commerce sites accept both credit and debit cards, Symantec's Freer advised e-shoppers to always transact with credit cards because credit cards usually offer buyer protection against fraud, lost shipments, broken merchandise and other problems.

    Furthermore, he noted that a debit card is a direct line into users' bank accounts and this has significant consequence.

    "If a scammer gets your credit card number, they can cause chaos but the loss won't be catastrophic. [However,] if a scammer gets your debit card number and password, they can empty your bank account of cash," he noted.

  • Generate strong authentication passwords.
    Many Net users tend to generate derivatives from a core password for their various online accounts, and this makes it easy for hackers to crack the code once they find out the primary source.

    To prevent this, McAfee's Cole recommended users generate strong passwords that are difficult to guess and that are at least ten characters long, consisting of a combination of numbers, letters and symbols.

  • Back up evidence of online transactions.
    This precautionary action might appear somewhat excessive to some, but Gun Suk Ling, managing director of Kaspersky Lab for Southeast Asia, believes it is useful. "Take a screenshot of every step of the online transaction, or make printouts of all steps. In the case of a dispute, these can be used as evidence," she said.

  • Delete receipts and financial information.
    Gun also advised people not to save their receipts and other information that contain their credit card and personal details on their laptops or hard disk drives.

    She noted that even if shoppers have safely completed an online transaction, cybercriminals can still "use the stored details to make unauthorized purchases" if the laptop or hard drive is stolen.

  • Don't shop online using public PCs.
    While it is convenient to seek refuge in a cozy Internet café, away from the shopping hordes, to fulfill their festive shopping needs, McAfee's Cole thinks it would be unwise for users to do so.

    She said using a public computer may mean leaving some personal information on the browser's memory cache and strangers could access the online shopper's browsing history, including their login information.

    "To protect yourself, do all of your online shopping from your secured home computer," she advised.

  • Tighten up social networks.
    As more people increase their digital presence on social networking sites such as Facebook, LinkedIn and Twitter, they are also likely to leave more of their personal information unprotected on these platforms, knowingly or otherwise.

    Trend Micro's Chong advised users to relook, and where possible, enhance their security settings on these social networking sites to prevent strangers from viewing their profile information, which could "help [the cybercriminals] steal your identity".

Editorial standards