Can Online Transactions Be Safe?

Security3 minutes readDec 10th, 2010

Yes! If service providers – and customers – follow some basic rules…

There’s no doubt that online banking and shopping is convenient – especially with Christmas just around the corner.  However, research shows that German people – especially senior citizens who have the most to gain – are put off by security concerns.

The latest Unisys Security Index found that nearly two thirds (65%) of Germans are ‘seriously concerned’ about the risk of other people obtaining and using credit or debit card details. As a result more than half (52%) of Germans say they are ‘seriously concerned’ about the security of shopping or banking online. Furthermore 15% of those polled say they have already switched online banks or retailers because of concerns about how their data was being protected.

In my experience – as an internet security expert of 20 years or more – online attacks are almost entirely due to the steps taken by the end-user – or lack of!

Inevitably, end-user data in accessed by one of two ways:

  1. Viruses or trojans are planted into the unprotected computer of the user. These programmes log the entered combination of PIN and transaction number (TAN) when the user accesses their online banking site.  This data is then sent to the attacker. Once the attacker has possession of the stolen PIN/TAN combination it is easy for them to perform another transaction from the users account.
  2. So called “phishing attacks” (combination of the terms “phreaking” and “fishing”) in which attackers obtain PIN data using forged websites that look similar to the bank or retailers official site. The access to the phishing site normally occurs via fake emails asking users to verify their security data.

As hard as it may sound: the weakest link in online banking and shopping security methods is the person sitting in front of the computer!

It’s up to the bank and retailers to provide the intelligence needed to feel safe – from cyber attacks.

A snapshot of this customer best advice is provided here:

  • Ensure your PC anti-virus software up-to-date.
  • Check that your bank and preferred retailer(s) have the latest security measures in place – to protect their operating system, browser, anti-virus software and firewall.
  • Only shop or bank online via computers you trust.
  • Avoid making online transactions from mobile devices like smartphones or iPhones, due to these being lost or stolen.
  • Never open emails or attachments from unknown senders. They may contain viruses or trojans.
  • Never open email links that ‘apparently’ take you to your chosen bank or retailer website.
  • Always enter your bank/retailer URL yourself and double-check the address is correct.
  • Note your Mobile Transaction Number (mTAN) system – this system is used in Germany, Russia, Spain, the Netherlands and South Africa among others.  When the user starts a transaction, a TAN is generated by the bank and sent to the user’s mobile phone via text message. The text message may also include transaction data, allowing the end-user to verify that the transaction has not been modified in transmission to the bank.
  • Ask if your bank gives its customers the option to purchase additional online security software such as StarMoney.
  • Check if your service provider supports the Homebanking Computer Interface (HBCI) method with smartcards. It’s expensive but provides “at the moment security”.

Given the benefits online shopping/banking represent it makes sense for service providers to inform and educate clients about how they can help protect access codes and personal details.

Tags-   Credit card information Cyber crime CyberSecurity Online Online banking Online shopping Retailers Security Unisys Security Index