10. Online shopping? Let common
sense be your guide
By Mark Alberstat
WITH LOCKS on your doors and latches on your windows, you may feel safe at
home. However, in today's wired world you can travel the globe and be
exposed and vulnerable.
One of the most often-asked computer-related security questions is about
online shopping and how secure it is, or isn't.
Online transactions can be risky but some common-sense computing practices
can minimize danger.
Always protect your password. When creating it for a Web site, whether
financial or not, try to be original.
Use a combination of number and letters and do not use your home phone
number, date of birth, children's names or anything that could help a
thief identify you.
These types of passwords may be easier to remember but are also easier for
a potential thief to figure.
It is also good practice to change your password occasionally. Some
security experts say once a month but few people would change passwords
that often.
When you are doing online financial transactions, make sure the encryption
is 128-bit. This is the current standard in online encryption. A site
using anything lower than this should not be trusted.
The 128-bit encryption scrambles the information before it is sent across
the Internet. Once scrambled, the information is sent and only the
recipient has the key to unscramble it.
The key that scrambles the information changes after each request. If you
are on a banking site and request an account balance, receive the
information and then make another request, the second request uses a
completely different key than the first.
When you're giving your card details over the Web, look for a small closed
padlock or key symbol, usually at the bottom of the screen. If you see
this, it means your details are being encoded and travelling safely down
the wire. If you don't see it, don't give your card details.
The lock or key symbol means the Web site is using SSL (Secure Sockets
Layer), a coding method, developed by Netscape, that is extremely hard to
crack; not impossible, but certainly difficult. If you are not sure what
level of security your browser is at, the information is usually stored
under the Help Menu or in the Preferences.
Most online banking sites will not allow you to log on without 128-bit
security, so if you are continually denied at a site, your encryption
level could be the problem.
Most sites doing online transactions will also generate a number or
receipt, record or print this receipt each time for your own security.
If anything happens, that number will help the authorities trace what may
have gone wrong and where.
Auction fraud is another online security trap that many people fall victim
to. The largest online auction house is, of course, eBay.
Today, many of the purchases on eBay are done through third-party
companies such as PayPal (which is owned by eBay).
For these transactions to work, the buyer and seller must have a PayPal
(or similar company) account. The person who has won the auction logs into
PayPal and pays the person who had the item up for auction.
The person who posted the auction never sees the other party's financial
information. The only person in the loop with this information is PayPal,
which prides itself on its security and diligence.
Like any type of shopping, online transactions have, at their core, the
old adage of caveat emptor (let the buyer beware). With good
password protection and creation routines, and 128-bit encryption, you can
lessen your chance of being a victim online.
The Mousepad runs every second week. It is a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, e-mail us at mousepad@chebucto.ns.ca.
Originally published 8 June 2003
