Whether it’s banking or shopping online, your credit card can be a gateway to greater convenience or bigger fraud risks. While using a credit card online is a fast, easy and convenient option, it also attracts credit card thieves in droves, with online attacks making up the majority of Card-Not-Present (CNP) fraud cases in Australia.
This resource page is designed to offer tips and insights into why they are relevant so that you have access to a more comprehensive guide to card security online.
On This Page
Security concerns start the moment you turn on any device used for internet shopping, banking or other payments.
The government’s Stay Smart Online website says public computers are more likely to have “a keystroke logger installed which can capture your password, credit card number and bank details”, while unsecured internet connections give anyone a chance to hack into your account and find personal details.
“They could use up your download allowance (possibly resulting in excess usage fees), intercept and read your email or, more seriously, use your account to access illegal content or undertake criminal activities.”
So whether it’s a PC, laptop, tablet or smartphone, it is important to make sure the device is secured against hacking and other threats by considering the following:
Asking these three questions before you use your credit card online will help you stay protected against most fraud threats associated with the device and connection you use.
Antivirus software is recommended to protect computers and mobile devices from malicious software and other attacks that can happen when you go online.
Some of the viruses and malware out there can copy and transmit your data to criminals, who are then able to use it for credit card fraud or even more sinister identity fraud. And, as mentioned above, there are also hackers that can get into your device through the internet connection – even if it is secured with a password.
Antivirus software protects against these types of attacks by verifying the websites you access, scanning your devices for threats, alerting you to suspicious downloads and blocking attacks with a firewall.
As a CHOICE report on antivirus software explains, devices running Windows and Android operating systems are the most vulnerable to attacks, although the internet connections on Apple devices could also become compromised.
“Threats come from multiple fronts, including websites, email, instant messaging, and social media,” CHOICE says. “A full security suite brings together tools to tackle all these threats.”
There are both free and paid antivirus programs available for computers and mobile devices, with features varying depending on the brand. It’s a good idea to compare different options before choosing antivirus software, and if you are unsure about what needs to be considered, guides from organisations like CHOICE or websites like Gizmodo help narrow down the options.
Passwords are the first line of defence against account breaches and fraud on stolen devices, but they are also underestimated or take for granted by many people.
Analysis of passwords from major data breaches over the past few years has revealed around 1 in every 50 people use a password that is easy to hack. Some of the worst and most common passwords used in 2013 include 123456, password, 12345678, qwerty and abc123.
Password management and security company SplashData says people “continue to put themselves at risk by using weak, easily guessable passwords”, despite more websites setting stricter password requirements such as a combination of letters and numbers or at least one capital letter.
The company says the simplest way to protect your passwords is “by using stronger passwords and using different passwords for different websites.”
Passwords of eight characters or more with mixed types of characters offer much stronger security than the options above, and SplashData says to avoid using the same password between sites.
“Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites.”
The media has extensively covered account and even identity breaches that result from using the same passwords or providing similar personal details across accounts, and even tech experts have become victim to subsequent fraud, highlighting the importance of elements as basic as a password.
As far as remembering all these passwords goes, SplashData says: “One way to create more secure passwords that are easy to recall is to use passphrases — short words with spaces or other characters separating them.”
“It’s best to use random words rather than common phrases,” the company advises, giving examples such as “cakes years birthday” or “smiles_light_skip?” And of course there is also the option of using a password management application.
Emails are a staple of modern, connected life, with both individuals and organisations using them to communicate – including banks.
But scams are almost as common as legitimate emails, and some of them are so clever and detailed that they look like the real deal.
“Phishing”, or emails that trick you into sharing personal and banking information, is one of the biggest risks.
“Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do,” the SCAMwatch website says.
“It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.”
Some of these emails have links to websites, which then request more personal information from you. Emails claiming to be from your bank requesting account information or login through a “secured” linke, for example, are common phishing scams Australian banks have had to deal with in the past.
Other phishing scams could request that you call a phone number for more information or problem resolution. Both ANZ and NAB faced scams like this in 2013, with fake emails sent out to customers requesting that they call a specific phone number. A fraudster would then take the call and ask for account information.
Both ANZ and NAB responded with alerts for customers, reminding them that they would never request personal details through email and advised people who received suspicious communication to contact the banks’ Fraud or Customer Service lines, or visit a branch.
SCAMwatch recommends the following measures to help stay protected from email scams:
It’s also important to find out about what email communication you can expect to receive from your credit card issuer and other organisations. Banks, for example, have guidelines on their websites about what they will send to you via email, as do most other organisations and companies.
If in doubt, call the customer service number to confirm emails or check what information is sent electronically so that you know you are not giving your information away to criminals.
Not all websites are safe and secure. Whether it’s a link from an email, an ad or one you find through a search engine, it is important to make sure any site you visit is safe.
Websites developed for online scams, potential viruses or spyware and unsecured login or payment portals are the three biggest risks that come from accessing unfamiliar websites.
Fake shopping sites, in particular, are a growing concern, with the government reporting a spate of fake shopping websites that looked very legitimate around Christmas 2013.
“The scam sites employ a number of techniques to try and appear more legitimate—such as listing an ABN (Australian Business Number)—however these are often taken from other legitimate companies,” Stay Smart Online explained at the time.
“The scam websites can be difficult to identify, and may seem professionally developed. Unfortunately, after ordering and paying for your purchase, the item will not be delivered.”
What’s more is that, with shipping times for online shopping sites varying from a few days to several weeks, it could be months before you realise you are a victim of a fake website. Stay Smart Online says you can check a business’s registration details on the ASIC website if it is a local business.
Similar authorities can be checked if the website is based overseas: US companies should have a Federal Employer Identification number listed (similar to an ABN), while the British Assessment Bureau has resources for dealing with UK companies.
It’s also important to look for signs of secured login and payment pages. Legitimate websites will use what’s known as a Secure Socket Layer (SSL) on pages where personal information is requested or where financial transactions occur.
SSL protection is identified by an “https” prefix for the web address and a small padlock icon in the status bar of your web browser. Depending on the browser that you use, clicking on the padlock will also give you details about the page you’re visiting.
By checking these details before you start shopping or making transactions, you should be able to make sure you are on legitimate websites that will help keep your credit card and personal details safe.
There will always be an unpredictable element to online fraud attacks, which is why it’s important to regularly check your credit card statements and account balances to make sure there are no unauthorised charges.
“You should always carefully check your statement each month to determine if there are charges for purchases you did not make,” Westpac advises – a recommendation expressed by financial institutions around the world.
If you do a lot of shopping online, you may need to set aside time each week to go over each transaction, while if it is once or twice a month (or less), it could be easy to verify the charges on your account.
Keep in mind that some websites and legitimate businesses may be registered under unfamiliar names, and come up on your statement as such. To avoid confusion, keep a log of what and when you buy things and how much you spend so that you can check charges based on name, price and date.
Another way to help keep your accounts safe is to use a dedicated card for online shopping. That way all of the transactions made online will be listed in one place, without the added confusion of charges from other, everyday transactions. Setting a card aside for online shopping also means that the rest of your money should be safe is fraud does occur.
There are all kinds of online security risks that can compromise your credit card account, and it is important to have a basic understanding of as many as possible.
The sections above highlight a wide range of these threats, what you can do to increase your protection and why different steps are recommended.
But it’s ultimately up to you whether you use one or all of the above tips to increase your security. In some cases, you might already be happy with what you’re doing, while in others it might be just one thing you change. Whatever the case may be, you can refer back to this resource page whenever you want to help keep your credit card and personal details safe whenever you go online.
Pauline is a personal finance expert at CreditCard.com.au, with 8 years in money, budgeting and property reporting under her belt. Pauline is passionate about seeing Aussies win by making their money – and their credit cards – work smarter, harder and bigger.
Something you need to know about this card? Ask our credit card expert a question.Ask a question