There are many bargains and benefits to be had shopping online. Andy Dalrymple, managing consultant information risk management at Global Secure Systems (GSS) has some advice on staying safe whilst you shop.

Despite the carnage that the credit crunch has wreaked on the High Street, online retail demand remains strong and is projected to grow into 2009 as economic conditions remain tight and competition between web retailers for our online spend heats up.

An early indication of this counter-cyclical trend was the significant growth of Christmas Day online trade in response to early January sales and the deep discounts available online from traditional High Street vendors.

The credit crunch, however, has also had the effect of bringing more scammers onto the internet than ever before.

As scammers become more sophisticated and people become more desperate to find ways to make money during the recession, consumers shopping online need to become more vigilant and wary as to pitfalls out there.

As an IT security expert who shops frequently online, I have outlined some of the few basic internet security measures and must do's that we in the IT security industry adhere to, to make sure that we shop safely online to avoid falling foul to the many scammers, exploiters and opportunists who are all to ready to pounce!

The twelve golden rules to safely shopping online:

  1. Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files (this usually happens automatically in the background with most commercial anti-virus products) and operating system updates from Microsoft. This reduces the likelihood of malicious code or key-logging software running on your PC without your knowledge, transmitting your details to fraudsters across the internet.
  2. Never go online without ensuring you have your personal firewall enabled. This personal firewall adds a layer of protection to the PC by stopping unknown connections to the PC. The personal firewall included within Windows XP and Vista is generally considered to be insufficient. They can control data coming in at the PC, an inbound filter, however, they can not properly control outbound connections. If your PC is infected by malware, you could be sending out spam or other data on to the internet without your knowledge. By adding a personal firewall you can control and stop unwanted outbound connections. There are a number of personal firewalls on the market, both free and paid for. Some anti-virus vendors include personal firewalling as part of their products.
  3. Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some malware is designed and written to go and search your PC for these passwords. In addition to this, if you use a laptop that is lost or stolen, the passwords go with it.
  4. Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
  5. Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
  6. Be sure to use a credit card and not a debit card. The bank provides you security guarantees with a credit card that are not given with a debit card. So don't be tempted to take your shiny new platinum card on an online shopping spree.
  7. Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
  8. Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details. Recently Verisign have added the green display bar to show a website with an extended validation certificate. This means the encryption key has been made strong, and the site has external validation.
  9. Make a habit of checking the site's privacy policy for details of how your personal information will be used and only provide the minimum of personal information, especially in online forms.
  10. Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam).
  11. It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server. This creates a single big target for a hacker to go after. If the vendor's web site is breached, your details may well be compromised. The payment card industry has recently introduced their own data security standards to try and protect this data at rest. However, the standards are not yet fully enforced and this risk is for all credit card transactions, not just those over the internet.
  12. Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!

These are the rules I follow as do many of my colleagues. Internet shopping is only going to get more popular, with scams being more sophisticated, so make sure you're not caught out by being lured into unsafe territory. By following these rules you can log on and access those internet bargains - safely! Good luck and enjoy.