How to stay safe shopping online

Some practical advice from experts about how to stay safe when shopping online.

walking presents

For almost all of us, shopping online has become second nature and with the Christmas season coming up, we will be browsing e-retailers looking for presents to give to our loved ones.

Online Christmas 2009 is also now boosted by the fact that Royal Mail has decided to cancel the strikes it was planning, which could have potentially done a lot of damage to sales.

Advertisement - Article continues below

A recent survey by eDigital Research and IMRG, the membership community for the e-retail industry, found that consumer confidence in online shopping had grown.

Statistics said that 93 per cent of people were planning to shop online for Christmas gifts, and more than a quarter planned to do more online shopping than last year.

Furthermore, 71 per cent of people planned to do half or more of their shopping online this Christmas.

Doing more with less

IT PRO spoke to James Roper, chief executive of IMRG. He said that the economic downturn had actually been good for e-commerce in that retailers focused on price and efficiency and were doing more for less'.

"No time is more important than Christmas for that," he said. "You've got a lot of things to organise, buy and communicate and the weather's awful."

Advertisement - Article continues below

"Christmas could have been invented for internet shopping," he added. "It's always where we see the biggest growth and trade of the year, as you would expect."

Advertisement - Article continues below

Roper said that there was more faith in the security of online shopping, and that there were virtually no problematic cowboy' companies, which had been driven away from the marketplace.

But he admitted that there was still a problem with criminals targeting shoppers with tactics like phishing emails: "If you answer daft emails that go round asking you for trillions of dollars, you're kind of asking for trouble," he said.

Security company Webroot also recently said that there was an issue with cyber criminals using fake emails and Facebook spam in the hopes of parting shoppers from their personal information.

Also, figures last May from the Office of Fair Trading revealed that many people didn't shop online due to 'trust issues'.

With that in mind, IT PRO spoke with experts who offered their own tips to keep safe while surfing online.

Andrew McClelland, director of business development at IMRG

Advertisement - Article continues below

McClelland is responsible for an accreditation programme called ISIS (Internet Shopping is Safe), which now accounts for approximately two thirds of UK online shopping retailers.

With an ISIS logo, IMRG says it certifies that a retailer has registered with them and is confident that they are trading fairly. They also has have their websites and services monitored, and their business, VAT and data protection all checked.

McClelland said: "We run an audit on a candidate's website, looking at their terms and conditions and making sure that they are legally compliant.

"There is best practice, like whether a telephone number is available whether the e-retailer gives satisfactory response for any email requests."

McClelland advised shoppers to go for a brand that they trusted either by size or experience, or a website that was showing a trust mark like the one from ISIS.

Advertisement - Article continues below

As well at the ISIS logo, McClelland said that users can check if the retail website has an Extended Validation SSL Certificate, which gives web browsers information to identify an organisation's identity with a green bar.

Advertisement - Article continues below

This shows that that the retailer has gone through background checks on its server security and confirmed the identity behind the website, and whether it does provide a safe end-to-end shopping experience.

McClelland said that a problem that any IT-related industry had was that consumers become very task-focused at the point when they should be looking for security messages.

"For example, we always say look for the padlock or HTTPS. But when they appear most people are at the payment stage and are fumbling around with their credit cards to make sure they are putting the details right," he said.

"They are not looking at the periphery of the website. We would suggest that when you get to the payment stage, take a moment to double check those things."

Verified by Visa and Mastercard SecureCode are security initiatives put in place that offer another level of security if a fraudster does have your card and tries to use it for an online purchase.

Advertisement - Article continues below

This is technology put in place by card companies. If given a choice, McClelland recommended that users sign up to the scheme, which does make things make more difficult for criminals.

There are processes that you can go through if the worst happens. Contacting your bank may help you get your money back if something has gone wrong with your account.

McClelland said: "It's not the end of the world if it has happened, but before that make sure you understand where you are putting in your card details, and double check them."

He also said that it was better to use a credit card for purchases than debit cards, as they offered a higher level of protection.

Advertisement - Article continues below

Graham Cluley, senior security consultant, Sophos

Cluley warned online shoppers that in the past couple of years, it had become more common for legitimate websites to become infected with malware.

He said that shoppers needed to use up-to-date antivirus software and firewalls on any computer that they used, because even if they were going to a well-known name there was always a chance they could have become infected.

Advertisement - Article continues below

Cluley also urged computer users to keep their software patched, whether they're using browsers or plugins like Adobe Flash, which has become a big target for hackers in the past year.

"Many online stores will be using Flash technology to make their goods look sparkly and wonderful," Cluley said. We have seen a rise in the number of poisoned adverts on websites."

"This is where you see websites offering third party websites sometimes using Flash or Javascript, which then themselves infects your computer."

Phishing attacks continue, and the sheer amount of spam mail means that many of less online-savvy shoppers will fall for an email trying to push a Christmas offer, directing you to their site, which will often be malicious.

"Every time you click on those links, you are encouraging people to spam you more and more," warned Cluley.

Often during the Christmas period, computer users will be tempted to use unsecured Wi-Fi connections to browse for presents, especially with the new wave of smartphones that can do this easily.

Advertisement - Article continues below

This might be a problem, as security researchers recently revealed how they took email usernames and passwords from four of the most popular smartphones on the market using an insecure Wi-Fi connection and a laptop.

"There might be a risk of poisoned hotspots, where your data can be read if you are connecting to someone else's Wi-Fi," Cluley said.

Rik Ferguson, security solutions architect, Trend Micro

It is not a good idea to use the same password on every site that you visit, especially if it involves online banking, according to Ferguson.

Ferguson has three passwords that he used regularly. However, if he is browsing a site which he knows he isn't going to use again, he makes up a password, as it isn't important to remember it.

He said: "For example if I was buying pots and pans, which I never buy perhaps I'm buying them for someone else I'll just make up the password."

Advertisement - Article continues below

Ferguson also said that in a consumer or household environment, he believed that it was fine to write down your passwords somewhere safe.

"To be honest, if somebody's in your home rifling through your belongings looking for your passwords, you've got bigger problems," he said.

He warned though that this should never be done in an enterprise environment.

If a shopper was particularly worried, Ferguson revealed that there were banks and financial institutions that offered a one-time credit card that gave you a number that when used, was gone.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020