****** HONORABLE MENTIONS**********
There is no one set answer regarding the issues of protecting one's personal information when making either an on-line or off-line purchase, but there are some basic important measures you can take to minimize the risks.
1. Only make on-line purchases at sites that use encryption. You'll see a lock icon in the lower right corner of the browser window if your're using IE Explorer.
2. Never transmit personal or credit card info via an unsecured on-line order form or via email.
3. Don't choose to have your credit card info stored on a merchant's site.
While all merchants who provide this convenience take great precautions, they cannot protect themselves completely. I trust myself more.
4. Use credit cards like that provided via Visa or Mastercard in conjunction with an on-line validated purchase procedure in which you log in via another window provided by Visa or MC to validate the purchase.
5. If possible, use complex passwords for logging into a site containig characters like ; # zz % or $. Store these passwords in a password protected document that only you can open.
6. Don't provide personal phone numbers, business addresses, personal email info, or anything else that is not absolutely required at an on-line purchase site.
7. Only shop at sites, if at all possible, that use security services such as Versign and the like.
8. NEVER provide your SS # or bank account numbers!!
9. Setup and use a free Internet email account for use when making purchases. You cannot possibly read all the small print in a site's terms and conditions and you will likely miss something important. Using the free email account protects your personal email account.
On-line purchasing is probably safer than making a purchase via ones telphone and it is certainly as safe when compared to making a purchase at a physical store. Many, many retail businesses transmit your credit card info for approval via the same type of connection you have, that is the Internet; albeit some via more secure lines than others.
Submitted by: Ronlad N.
While shopping online is a great convenience, it does not come without risk. Here are some useful tips to minimize the risk of identity theft when making purchases online.
1) Know the company you are dealing with. Check to ensure that the company is legitimate.They should have a posted phone number and physical address.
3) Look for independent third party organizations "stamps-of-approval" that the web site uses good online business practices. These can include digital certificates (Verisign), privacy seals (TRUSTe) and reliability seals (BBBOnLine).
4) Check to see if their web transactions are secure using either SSL (Secure Socket Layer) or SET (Secure Electronic Transaction) to encrypt the personal information that you are sending to them. Generally you can tell if the transaction is secure by checking for the existence of an unbroken key, a lock or a padlock at the bottom of the browser window. Also, some sites use "https" instead of "http" at the beginning of the web address to indicate that the site is secure.
5) Always pay with some kind of a credit card. Federal law (the Fair Credit Billing Act) makes it much easier to resolve a conflict in which you do not get what you ordered, you never receive your merchandise, etc.
6) Keep a record of all of your online purchases. Check for confirming email messages from the online merchant. Match your printed invoices with your monthly billing statement when you receive it in the mail (or online).
7) Never respond to web links imbedded in email messages to you that promise fantastic deals. Many of these deals are scams and link back to phony web sites. Their sole purpose is to get you to enter personal information that they will use to steal your identity. Remember, if a deal looks to good to be true, it probably is!
Here are some additional tips for using credit cards - both online and in person. Consider using a single credit card with a low credit limit for all online transactions. Or, use a service like PayPal instead. Put a password on your credit card. Put your photograph on your credit card. Sign your credit carad. Finally, avoid using a debit card online. It is usually directly tied to a savings or checking account and the funds are withdrawn almost immediately after a transaction is complete. Once someone has gotten your funds, it can be difficult to get them back.
There are also a number of great web sites that give much more information on identity theft. They are worth checking out.
Federal Trade Commission - www.ftc.gov
Identity Theft Resource Center - www.idtheftcenter.org
Privacy Rights Clearinghouse - www.privacyrights.org
Submitted by: Jerry B. of Manchester CT, US
Gloria S. asked "Is there anything I can do prevent identity theft?"
My answer YES, but...
If by "preventing identity theft" you mean preventing somebody from getting in your name a driving license, a mortgage, a car loan, or transferring all your money from your bank account to his/her bank account abroad, that requires much more than caution during your online experience, but I understand your concern is basically limited to shopping online.
In my opinion, you can pretty safely do shopping online (I do it both for my own needs and for my company) if you (1) do your homework, (2) exercise caution, and (3) abide by a self-imposed discipline.
1. - I would recommend you to read (and apply!) the basic rules, like those offered by the following:
2. - Don't invite theft; when visiting New York (I see you live in New Jersey) you wouldn't leave your purse on the back seat of your car, even with the doors locked -- or would you?
Same thing with your personal data: purge your hard drive -- remove (or edit) any file containing your Social Security Number, driver licence number, date and place of birth, credit card numbers, etc. If you frequently need such files, better save them on removable storage medium (diskette, CD, etc.). Keep in mind also that your SSN is not intended for serving as an identity card, and it's not everybody's business.
3. - If (like most Americans) you have several credit cards, use only one of them for online shopping -- ideally, use it only for online shopping. This way you have better control on your charges, and in case of theft, you limit your exposure to $50.
- Never use a bank card linked to your bank account (those credit/debit/ATM cards).
- If your bank is serious about protecting your identity, it could probably offer you for free a special service -- Virtual Account Number.
- Stay away from offers coming through unsolicited e-mail -- the more appealing they are, the more suspicious and risky. Keep in mind that nobody offers something for nothing. Preferably, it's you who should initiate the search and select the vendor.
I could go on and on, but I'm sure you understand that security is not only a matter of technical means, it's of good judgement too, and I wish you a pleasant online shopping experience.
Submitted by: Stefan
You're wise to be concerned about identity theft! There are many different ways your information can be compromised, but there are some steps you can take, both online and offline.
1) If you shop online, only reputable sites and companies. There are several ways you can verify this:
a) http://www.Bizrate.com allows you to search for various online stores and see how other shoppers have rated them on timely delivery, customer service, products meeting expectations, and whether they would shop there again. Click on 'Store Ratings' at the top of the screen, and you can either search by category or search all stores. You can sort the results by store name or by customer satisfaction.
b) Look at the website (often at the bottom of the page) for a yellow circle that indicates the site is a VeriSign secure site. Click on the circle, and you should get a pop-up with a URL that begins with http://digitalid.verisign.com. Verify the information on this page matches the website you are visiting. This designation indicates that the site belongs to a legitimate company and that your information will be encrypted to prevent other parties from intercepting and using it.
c) Visit http://www.bbbonline.org/consumer/index.aspx to search for sites registered with the online Better Business Bureau. I've found it easiest to browse the list alphabetically because some businesses may not be listed as I type them.
d) Keep in mind that a business may still be legit, even if it is not registered on any of these websites.
2) Check the URL. If it starts with https:// instead of the normal http:// this means encryption is used to keep your information more secure.
3) If you use Internet Explorer, you should see a picture of a closed padlock along the bottom edge of the screen, close to the right corner. This means the information you send is secure.
While it is still possible for your information to be misused, following these steps makes shopping online relatively secure.
So much has been written about protecting information, so I'll just go over some of the basics here.
1) Never give out more information than required. Be especially careful with your Social Security number. If you think the company is trying to learn more than they need to, do not be afraid to ask for an explanation. Do not be afraid to take your business elsewhere if you feel uncomfortable.
2) Keep your official and personal documents hidden in a safe place when you do not intend to use them. Don't carry your Social Security card and extra credit cards unless you know you will be using them, and put them away when you're done.
3) Photocopy both sides of your credit cards, and keep this copy in a safe place. This will make it easy to find your account numbers and contact phone numbers if the cards are stolen. Call customer service and the police IMMEDIATELY if this happens.
4) If your information is stolen, contact the three major credit reporting agencies (Equifax, TransUnion, and Experian) right away so a fraud alert can be placed on your account. This requires that you be contacted if anyone applies for credit with your information, and it can stop identity thieves with minimal damage to you and your credit. Here are the numbers:
Equifax: Customer Assistance 800-759-5979 http://www.equifax.com
Fraud Division 888-766-0008
TransUnion: Customer Assistance 800-916-8800 http://www.TransUnion.com
Fraud Victim Assistance 800-680-7289
Experian: 888-397-3742 http://www.experian.com
I could go on with more information, but these basic steps should protect you. However, if you would like to learn more, the websites for the credit reporting agencies listed above are excellent resources. You may also obtain more information from http://www.bbbonline.org/idtheft/protect.asp.
Submitted by: Kim B. in Louisville, KY
I would be more concerned with prevention and the vendors records than doing a transaction online. Going to the physical store, using your credit card and taking your merchandise is a pretty comfortable process these days. Most people are not aware that bank records have been compromised and this is where credit cards come from. Then we have merchants like BJ's Whole Warehouse. They had a 1/2 million records plus stolen from their data center from unsuspecting customers. When we heard this, we cancelled and requested all new credit cards since we shop there. Here is a few things you can do to reduce risk and make things safer :
On your computer:
Make sure your host record on your computer is not filled with IP addresses pointing to fake web sites like a pretend "Ebay". Your computer looks there first for an address before anywhere else.
Run anti adware and spyware on your computer on a regular basis to remove spying eyes.
Do not let your browser save your password or user name on websites as this can be compromised.
Never answer an email with a link to a web site in it. It might be fake. Always go to your browser and type the address in.
Verify your vendor before doing business with them. If its too good to be true, it most likely is.
Print off any pages and records so you can trace things back with the vendor if needed. When all done with them take the next few steps below:
In your home or office "The key word is SHRED!"
Receipts and invoices- shred if there is no need to save
Shred any credit card offers rather than throw them in the trash. People can steal your identity
Bank statements and credit card statements and used checks - Either keep them filed away or shred before throwing out
Beware of hand operated credit card machines and always get the carbons.
Without doing the things above, you are opening your front door for thieves. Bottom line, there is far more risk not taking preventive measures than doing a transaction online.
Submitted by: Bob A.
I can understand your trepidation. However, incorporating some simple practices into your shopping routine, you'll find that shopping online can be just as secure, if not more so, than any other form of shopping.
I would suggest first of all, if you are using Internet Explorer, switch to an alternative browser, such as Mozilla's Firefox or Opera. And do it now. IE is world famous for it's security vulnerabilities.
Your computer's security from hackers who might steal your personal information starts with making sure you have up-to-date virus protection and a solid firewall. I use Sygate Personal Firewall. (It's free for personal use). However, there are plenty of good ones out there. A helpful place to check the security performance of your firewall is Steve Gibson's website, http://grc.com/default.htm. This is an excellent place to test most of the avenues of intrusion into your computer.
Next, check that email...make sure you never respond to one of those bogus emails from "your" bank, that is really a phishing attempt. (I'm sure as a CNET reader you know this already, but others may not).
Fourth, buy from REPUTABLE online retailers who utilize the highest security and privacy practices. You want to read those privacy notices...how do they handle your information once they obtain it? Look
for the various seals...BBB online, Veri-Sign, eTrust, etc. You can
click on those seals to verify the company's good standing with each of those issuing organizations. Read the feedback from other customers (if offered). Although not always a safeguard, and not necessarily an indicator of web security, it is an extra comfort shopping with a company for whom you have a "brick-and-mortar" address.
Many online retailers will offer a profile service for you to make shopping easier the next time. I recommend developing a strong password (letters AND numbers...no dictionary words) if you intend to use this service.
Lastly, when making that purchase, check your browser for indication of Secure-Socket Layer (SSL) encryption. Check the little lock at the bottom of your browser...is it closed or open? If it's closed, then some measure of encryption is offered. You can also check the address bar of your browser. Does the address start with http:// or https://?
The https:// ("s" for secure) is the only one safe to enter your personal information in. If you use Mozilla, you can also check the security status of the site. Click on the lock at the bottom of the browser for information about the company's security certificate, when it was issued, when it expires, and the level of encryption employed.
128-bit encryption is the industry standard for personal information traveling the web. If a retailer wants your business, they will make the necessary investments to secure your personal information.
One other thing...most credit card companies and banks offer you online access to your account information. I recommend utilizing this service to keep a check on your daily account activity. In this way, you will be immediately aware of any inconsistencies associated with your account. The above-mentioned security principles apply to this online activity as well.
Combine these efforts with vigilance in protecting your personal information outside the Internet world and you'll have a better measure of peace about shopping online.
I hope you'll benefit from my advice...although, once you've experienced online shopping in all it's glory, you run the risk of becoming addicted to it! (Like me!)
Submitted by: Monica E. of Middle-of-nowhere Ohio
Identity theft can never be truly prevented, whether it is online or off-line. While online shopping is generally a safe experience that is likely no more or less dangerous that not shredding important documents before you discard them or persons coming into contact with your credit card (e.g. waiters, salespersons, etc) writing somehow recording the details, there are a few solutions, technical and non-technical, that you can take.
Actions that Involve Technology:
1. Single-use credit card. Discover Card (and I believe Mastercard and Visa) have developed "single use credit cards numbers" which are generated and available for use only one time. That way, if the money can still come from your account, but if someone were to get a hold of your credit card, the number doesn't exist in your credit records or other places.
2. Only shop at "Secure HTTP" sites. These sites, beginning with "https:" mean that a secure link has been established between your browser and the website. If the website is asking for payment or personal information from a non-https website, I personally would not provide it.
3. Install a browser with 128-bit encryption. Internet browsers such as microsoft explorer probably already have this encryption level installed (called Cipher Strength in Internet Explorer. You can check this for yourself by going to Help > About Internet Explorer)
Actions that You Can Take:
1. Browse on-line, pay by phone/fax/etc - most companies - especially the reputable ones, usually allow you to place an order on online, but contact them with the payment. Most online retailers will explain the different ways you can pay.
2. Only shop at stores that we well-established, use a certification authority such as TRUSTe, or have a certification by the Better Business Bureau.
3. Limit your online shopping to one credit card. Many people use this option. By using one credit card to shop online, you have the receipts in hand and will know more quickly if there are irregular charges.
4. Buy a credit monitoring service. Companies like Equifax offer such services that show you your credit scores as well as alert you to any new accounts or credit reviews, often on a monthly basis.
Basically, by taking the same care in the off-line shopping world as you would in the on-line shopping work, it should be a relatively safe experience. Good luck!
Submitted by: Rodney C.
Preventing identity theft when online-
FIRST- make sure that your computer is clean! Viruses, Trojans, keyloggers (especially), spyware, and other malware will compromise your security! ALL of this garbage must go, and be prevented from returning.
SECOND- Implement and use a strong layered security approach on your computer! At a minimum, you need a mechanism to keep your OS patched and updated, an antivirus solution- which also must be kept updated, a strong firewall (Win XP?s firewall is NOT adequate! I recommend Zone Alarm, as it not only blocks outgoing traffic from suspect applications, it also ?fingerprints? all apps on the computer with CRC checksums to prevent malware from spoofing the firewall), and a good anti-adware program.
The more security layers you have, the better- NAT routers and hardware firewalls are inexpensive, and well worth the investment.
THIRD- Now that your local machine is secure, you can be confident that it?s not leaking your private data. But what about the web site you wish to do business with? There are a few general rules here that insure your safety. First and foremost, you must be sure that the web site you see on the screen does indeed belong to the merchant you think it does! NEVER follow a link from an email! It is too easy to spoof URL?s with HTML, and you can easily wind up on a counterfeit website that looks exactly like the merchant you think it is, but is really owned by a criminal out to rob you! Manually type the URL of the merchant?s web site into your browser- this eliminates that threat. (There is one consideration here, and it is why you MUST have a good anti-spyware solution installed: it is possible to modify the HOSTS file in Windows to redirect your browser to anywhere on the Internet. You type in one URL, and due to a malicious entry in the HOSTS file, this URL is redirected to wherever the bad guys choose. Good anti-spyware applications lock down the HOSTS file, preventing this exploit.)
Once you are where you want to shop, and have made your selections and are ready to pay, then you must double check the security BEFORE entering any personal info. Make sure that the URL begins with ?https:// ,? indicating that you are using an encrypted link through SSL. This way, no one in the middle can read the data as it goes by. Secondly, ALWAYS check the security certificate! Don?t trust your browser here, do it yourself. In IE, on the right-hand side of the status bar, you will see a padlock icon- it should be locked when you are using a secure link. Double click the padlock icon to open the security window, and check the following: The web address that the certificate is issued to MUST match the address you see in the address bar of your browser, the certificate must not be expired or not yet valid (check the dates), and lastly, insure that the certification path traces to a reliable certification authority. Some of the more popular CA?s are Verisign, RSA, and Thawte, but there are others. An additional step, which is overkill, in my opinion, is to manually validate the certificate at the CA?s web site. However, if the certificate was bogus, your browser would detect this immediately. It is more important to insure that the addresses on the web page and certificate match, the certificate dates are valid, and that the certificate is traceable to a trustworthy authority.
If all this checks out OK, you may be confident that you are indeed dealing with who you think you are, and that your data will be encrypted as it travels over the Internet. You are safe from prying eyes, and only the merchant you are dealing with can read your data.
If, however, there is any question, just don?t do it! Better safe than sorry.
And, of course, always deal with reputable merchants!
Submitted by: Mike B.
If you really are concerned about identity theft (paranoid might be more the word), then your only choice is to destroy all your credit cards, close all your bank accounts, stop using the internet, and get rid of your telephone. Maybe quitting work and moving to a desert island would help, but you'd have to purchase an airplane ticket to do that.
Then there are some things which can protect you while shopping online.
Choose a credit card which is designed for online use. Some cards limit any online liability for stolen cards to $50 or even $0. Some cards have an available feature where you are given a onetime-use only card number from their website to use to purchase online. Thus your actual card number is never given out. American Express offers this, among others.
Cards with a Smart chip embedded like Blue from Amex can make this process easier. In addition, even if used conventionally, when the card information is sent from a card reader, a keystroke logger can't pick up the number. You do have to give a billing address which matches your credit card's billing address when ordering online (to protect against card fraud). But using your home address for billing means you are sending your home address around the internet. A Post Office box for billing address can get around that, but it also means you have to be able to receive your packages somewhere other than at home, like at work. There are other payment methods like PayPal which can insulate your bank or credit card accounts by another layer of anonymity as well.
When shopping offline, you need to be careful as well. Traditional mail order allows for much easier theft of credit card numbers than online since your card number is actually being recorded on a piece of paper.
As of January 1, 2005, it is illegal to give customers a receipt on which more than the last 4 digits of a credit card number are printed, but until then, you need to be careful where such receipts end up. Never give your credit card to someone who takes it out of your sight to process the charge. This would mean not using the card at most restaurants. Never give anyone else your PIN number for ATM cards, and be careful nobody else can see you when entering it on a keypad.
Identity theft does exist, perhaps not to the degree sometimes made out on TV, but enough that if it really happens to you it can be a real problem. The more common problem is not identity theft, but just credit card theft. There are things you can do to protect yourself from that such as never leaving your credit card in gloveboxes, unattended purses, coat pockets, etc. Likewise, while online, don't leave your card number littered around unnecessarily. As I said above, use your head, and just be careful.
Submitted by: Steve S. of Osage Beach, MO
In answer to your question about how to prevent identity theft, here are just a few suggestions I've learned while working for an Internet Web Hosting company:
1) Buy a paper shredder. Many times people think that identity theft only occurs on the internet, but fail to realize that by throwing away old receipts, credit card statements, etc., they also leave the door open for identity theft. Shredders are available at economical prices today, so there really isn't a reason not to have one. You can shred those old receipts, billing statements, etc. and keep a copy of them in a safe, or a safety deposit box. Most financial documents are now being kept electronically, such as in .pdf files, and you can also keep those documents in disk media such as CD ROM, floppy disk, zip disks, etc. with relative ease if you have a computer at home.
2) Firewall, firewall, firewall!!! With spyware on the rise, you'll need to get a trusty firewall software for your computer while surfing the internet. With broadband internet access, many people fail to realize that although they may not be actually surfing the internet, if there computer is on...they are connected to the internet! This means that a hacker can get access to their computer via the internet and, if there is any information, such as financial information in the form of account statements, etc., they can be retrieved and ultimately be used in identity theft. A trusty firewall, and not just a firewall that may come with your operating system, such as Zone Alarm or Nortons Personal Firewall from Symantec (to name a few), can deter this type of activity.
3) Secure sites only please! When ordering online, make sure that the site on which you're entering your credit card information is a secure site. You'll notice that the site you're on is secure when your browser shows a "https://.." as part of the URL in the address bar and a little "lock" in the lower right hand corner. What this means is that the site you're surfing on is on a server with a Secure Certificate installed, or SSL certificate, which ensures that the information you're entering is encrypted and not viewable by others for which it isn't intended. If the site requesting said information doesn't have this, DON'T TRUST IT, since said information won't be encrypted and can easily fall in the wrong hands.
Many credit cards today are working towards detecting identity theft since this type of criminal activity becomes very costly for them. Keeping a clear track of your expenses with credit card statements, receipts, etc., will allow you to detect any fraudulent activity early and stop any future damage to your credit. Also, you can run a credit report to verify your credit history periodically to ensure that it is accurate.
Submitted by: Nelson F.
About ID theft during online purchases:
This is a very serious concern by all PC users. There is no single way to "make it safe" but a combination of solutions are needed since there are several ways to obtain personal data from a PC. A holistic approach is really best. First make sure that your version of Windows is up-to-date by running Windows Update. Do so by using the Update icon on your computer. Don't use any received emails claiming to be from Microsoft to "patch" your system, etc, due to the fact that these are usually not from Microsoft but from sources of viruses. Or you can go directly to Microsoft's site and get to Update from there. Downloading the latest security patches and version of Internet Explorer will enable your browser to be the most secure version with encryption. This makes a big step to your online purchase security. But it's not complete yet.
Various spyware can contain keyboard loggers that send packets of information back to it's source while you're online. Information such as passwords, user names, credit card numbers and other personal information will be gotten by others through these. So you should keep the popular anti-spyware programs on your system and scan your system with them before you make purchases online. The two most popular ones are Adaware SE and Spybot Search and Destroy. I recommend supporting their developers.
A firewall is important as well to block intruders from getting into your system. A hardware firewall is best but software based ones are available too. Zone Alarm has a free one as well as a Pro version that you can purchase. XP has a built in one. Using both will make your system more secure. Using one is not near as secure. A firewall can detect things coming as well as going, actions that you don't know that's happening in the background. Several are also recommending Microsoft's Service Pack 2 for system security. This can be found in your Windows Update process as well.
Even though not directly related to ID theft, you should always keep your antivirus software up-to-date and manually scan your system at least once a week after updating. I even recommend using an online scanner such as House Call or Panda antivirus from time to time. Some viruses can actually disable your antivirus software and you can't tell until it's too late. An online scanner will confirm a clean system. Viruses, trojans & variants can be designed to do a variety of things to your system, so such things should not be left out when discussing security of your system.
This seems like a lot to do to keep your system safe, but once in place, it's not as bad as you might think. The spyware scans don't take long on most systems, firewall works in the background as well as antivirus. I do my manual scans for viruses at night when I go to sleep, but the average system can usually be scanned while you go to lunch.
To check your system's security you can go to a site called Shieldsup and it can detect the level of security and any openings your system might have.
Be cautious of ad sites received in your email. It's possible that they are not genuine. If the ad looks appealing and appears to be from a well known company. Don't use the links in the ad. Go to the site's address directly using your browser manually. If the offer is legit, then the offer will be on their site for you to find. There is a recent method called "Phishing" where ID thieves try to get users to click on links of their fake emails that appear as the "real deal" of well known banks, credit card companies, etc. They've designed such pages to look like the real thing but link you to them instead and trick you into varifying your personal information thus giving it to them on a silver platter. If you find such a thing, you might want to call your bank, etc to report or confirm the posting.
Submitted by: Stuart G.
I think a lot of this fear stems from what we hear on TV and read on the web. I'm not saying it doesn't happen, but what is the usual outcome? How many people end up like Sandra Bullok in the thriller "The Net"?
I would suggest you contact your credit card company or bank and find out what they will do for you if you are a victim. How long will it take to get your money back? Check with the BBB on-line and see if the company you plan to buy from has a good rating. Finally, be sensible about who you share information with. I've gotten hundreds of e-mails from someone posing as Citibank asking for my credit card number and PIN. I would be a real moron if I fell for that one. Pay attention and listen to your gut before you make a purchase on the web and you should be fine.
If you are really worried about your information, you can pay a number of sites to monitor your credit file for you. For a fee, they will send you alerts and updates when anything changes. I don't subscribe to any of these services as my credit card company and bank do the same thing for free. I do order my 3-in-1 credit report about every 4-5 months just to make sure everything is as it should be. It sets me at ease to see it with my own eyes. I have yet to be surprised by anything I find.
Submitted by: Todd S.
don't think any precautions are 100% foolproof. But this doesn't stop me shopping online, as there are many dangers when you shop in person too (if you use anything other than cash).
Here are the rules I follow:
1. Only shop online where there is also a bricks and mortar address and telephone number.
2. Try to verify that the site has existed for a year or more.
3. Do a google search to see if there are any complaints about the shop.
4. Never, never, never provide my details unless the page uses a secure protocol (ie https:// in the address bar) and a locked lock in the status bar.
5. Clear all temporary (cache) files from my browser after every transaction.
I also use Spybot Search and Destroy and Ad-aware, to keep my machine free of spyware (keyloggers are of particular concern), and a good firewall (currently Norton Internet Security 2005) to make sure my computer doesn't send out any information where I don't want it to go - the firewall in XP SP2 will still only stop baddies from getting in, but it won't check what your computer sends out.
Of course, I also use anti-virus software, regularly updated.
Although Internet Security has a facility to type in your personal details so it can advise you if any attempt is made to send them over the internet, I don't use this facility because I think it's best never to store such information (particularly credit card information) anywhere on your PC.
These rules have served me well so far - hope they help you too.
Submitted by: Francine M. of Canberra, Australian Capital Territory. Australia
Well, I understand why Gloria is not comfortable with e-commerce and e-information of her personal information. Among the reasons are: ID Theft, Credit and Banking Information, and how to contact the person (physical or mail address, e-mail, telephone, and so on).
Unfortunately, she is right. Give any personal information over the Net is not 100% secure and invulnerable. Anyway, I will give her and anyone interested on this the following advice:
1 ? If you decide to make shopping online, verify the following items on the site you are going to give information:
- The address of the website you are going to use begins with HTTPS:// (not HTTP://).
- A padlock ?locked? anywhere on the screen.
- Sometimes, it either also shows ?SSL-Secured Page? or ?SSL-128 Encrypted?.
If you see one or more of the items above on a website, it means you are on a Secured Website. The HTTPS:// on the address; the padlock; and the ?SSL? phrase tell you are Secured to make transactions using credit/debit cards.
2 ? Make purchases on recognized and trusted companies (Recognized stores, banks and credit card companies)
3 ? Make transactions on a seldom basis. Actually the credit card companies have a ?temporary credit card? for certain number of transactions. After the transactions allowed are completed, the card expires.
4 ? If a field is required, and you do not want to give that information, fill it with N/A. If the N/A doesn?t work in numeric fields, fill with zeros (i.e. telephone # 000-000-0000). If this doesn?t work either, cancel the transaction closing the browser.
5 ? Be careful with e-mails that you receive. For example, last year I received and e-mail from Best Buy telling me that I have ordered two DVD players for $800. As I continued to read it, it told me to contact the company with a NYC address and a telephone from? Seattle, WA!! (I recognized that immediately because I knew NYC area codes and the area code they gave me was 206).
6 ? As you advance from page to page clicking the ?Continue? button, make sure that the padlock is visible on screen.
1 ? Do not give your SS for any reason
2 ? If you do not see one of the items listed for Secured Transactions, don?t make any transaction
I hope this will help you to understand and decide to make some online transactions.
If after this advice you are unsure or still uncomfortable to make transactions, simply do not use it.
Submitted by: Luis A.
Thank you Gary and everyone who participated in this past week's Q&A!
Gloria, I hope this week's members' advice and recommendations give you some direction to your concern about online shopping and identity theft/fraud.
Members, if you have more questions, or additional advice on this topic, by all means feel free share them with us in this discussion thread below.
Thanks again everyone!
I am not comfortable submitting personal information online
when making a purchase. I know more and more people who are
victims of identity theft, and with the shopping season fast
approaching, I want to protect myself. Is there anything I
can do prevent identity theft?
Submitted by: Gloria S. of Vineland, New Jersey
First of all, the term identity theft is often confused with identity fraud, and while you should protect yourself against both activities, I think your concern about using the Internet to make online purchases is mostly regarding identity fraud; that is, you are concerned that someone else will use your credit card or login information to make purchases on your credit card or to gain access to your financial accounts. This article titled Identity Theft and Fraud Debates Slow Financial Service Industry Response at was recently brought to my attention by www.merchant911.org, and it explains the differences between the two types of fraud.
There is a lot of advice on the Internet on how to protect your personal information. Here are three articles from reputable sources.
- U.S. Federal Trade Commission
- The U.S. Department of Justice
- Consumer Reports
They all pretty much say the same thing, that there are many ways thieves can steal your personal data; from your mailbox,from your employer?s records, from fraudulently obtained credit reports, or even by dumpster diving. While your computer can be a goldmine of personal information, there are many ways for a competent thief to steal that information, only one of which is to tap into your on-line transactions. For example, a hacker can steal personal information from your computer using a virus that lets him take control over your computer, or to send your personal information to him while you use your computer. This is why you should keep your antivirus software up to date and install a personal firewall like ZoneAlarm (www.zonealarm.com) to counteract these viruses. A new technique that puts you at risk when you use a public computer is a keystroke logger that can monitor everything that you type into the computer, including your login and passwords. Every now and then the hacker will replace the logger, an unobtrusive device between the keyboard and the computer, and use the information to log into your account. Yet another way you are at risk is if you don?t destroy (not just erase) information on your old computer before you dispose of it, which lets a hacker browse your private information at their leisure. Likewise, if someone steals your laptop the information that is stolen may be worth way more that the laptop itself. I am not saying you shouldn?t be diligent when shopping on line ? you should take the proper precautions. I just want to put into perspective that on-line shopping is just one way that you can become a victim of identity fraud.
It is easy to understand how a thief, for example a waiter in a restaurant, can copy your credit card by "skimming" the information on the card with a handheld magnetic reader that is easily obtained on the Internet. This is why more and more people are making a habit of walking to the pay station so they can observe their credit card being handled. It is also easy to understand how a thief can glean your PIN number by watching you use a bank machine through binoculars, or more simply, by looking over your shoulder. This is why you should cover your hand when entering any pin numbers. However, the general population has less understanding about how transactions flow from one computer to another, or the technical details about how financial information stored on computers can be protected. This, combined with the many sensational stories about the many computer-related viruses and other attacks, has given the risk of identity fraud resulting from on-line purchases a higher profile than it deserves.
That being said, here are some tips for protecting yourself when making on-line purchases:
? If you store financial information on your computer, use a program to encrypt and protect the information. A good program will force you to use a password to access your information on a recurring basis, say at least once a day.
? I don?t recommend using conveniences like Microsoft Wallet or Google?s AutoFill to enter credit card information for you. Because of their prevalence they represent an attractive target for hackers.
? Make sure that when entering sensitive information like your credit card that the information will be encrypted as you send it over the Internet. Don?t rely on assurances by the store that the transaction is secure. Your only guarantee is the little lock icon on the bottom of your browser that indicates a secure link. However, be aware that this is still no guarantee that the complete round trip for your transaction will be encrypted ? it only guarantees that the first step between you and the store will be encrypted. You are still relying on the integrity and technical skill of the store owner that they have secured the next step of the transaction between their store and the credit card processor, and that the credit card processor has secured the transaction between them and the credit card issuer.
? If you double click on the lock icon, it may be able to help you identify who the real website owner is by looking at the security certificate that is displayed. However, be aware that for about $100 anyone can purchase a security certificate with any information they want. You can only rely on a certificate if it is issued from a trusted source that is prepared to vouch that the owner of the certificate has proven their identity, and will back this up with a bond.
? Don?t put sensitive information into e-mails or into fields at a store other than the credit card field. E-mails are inherently insecure, and even a reputable store owner will not be trying to protect information entered into fields not intended for sensitive information.
? Don?t provide more information than seems reasonable for the type of transaction you are performing. For example, be wary if you are asked to supply your Social Security Number or any passwords or PIN numbers that are not related to the store you are dealing with.
? Be wary of sites that store your credit card information for future visits. The risk that this stored information can be stolen is much greater than the risk that a thief can decrypt your transaction. Only store your credit card information with companies that you trust have the resources to protect your information properly.
? More important than the technological safeguards is the integrity of the company you are dealing with. All the technology in the world won?t protect you from a corrupt employee who steals your information from their employer?s database. Nor will it protect you from an otherwise honest company that doesn?t have the technical expertise to protect your information, say from an unscrupulous employee at the company that hosts their on-line store. If you are dealing with a less known company, search the Internet with Google to see if anyone has posted a complaint. On the other hand, don?t overreact to isolated complaints ? there are always some customers who will complain even though you have bent over backwards to satisfy them. Also look for dated postings to help you identify if the company has been around for a while ? a good sign since unscrupulous companies do get shut down when enough people complain to the authorities.
? A technique known as phishing involves the creation of fake stores or imitations of legitimate companies to fool you into entering your financial information into a thief?s database. Be careful about using links in unsolicited e-mails to start your shopping or banking session, or you may be unwittingly supplying your financial information to a fraudster. Ensure your browser is up to date, since there was a bug that permitted a phisher to create a URL in an e-mail that would open a page on their illegitimate site, while displaying the URL of a legitimate site in the Address field. Some tip-offs that you are not on the legitimate site are that the little lock indicating a secure link is missing, links on the displayed page (other than the login link) don?t work, or pictures are missing ? however the phishers are getting better and better at duplicating the real thing. If you don?t know how to verify the validity of the web links in your e-mail (a good subject for another question), your best precaution is to open the website by typing he URL into the Address field of your browser, or by using a shortcut in your favorites.
Submitted by: Gary B.