I recently had the honor of seeing my dear friend Michael Kaiser. He and I used to tour together for eBay University, and he also wrote the very first eBay-sanctioned book, "The Official eBay Guide," with input from none other than Pierre Omidyar, eBay's founder and chairman!
These days, Kaiser's executive director of the National Cyber Security Alliance (NCSA) in Washington, D.C. (SC Magazine has just named him one of 2009's information security luminaries). I caught up with him while he was in town for some big, head honcho meet-up. Nice that he doesn't forget about us little people—lol.
Kaiser has been working hard his first year with NCSA, developing communication channels to help everyone understand the true security threat that we're all under (even if you don't use a computer, your online security is at possible risk, since your bank, doctor, university, government and others use this powerful infrastructure now). But Kaiser and the NCSA believe this serious information can still be taught in a tongue-in-cheek way. Check out the organization's Don't Be a Billy video.
Although online protection is talked about quite a bit during the holiday shopping season, the bad guys aren't just out to steal your money and identity in December. In fact, consistently throughout the past year, phishing and spoofing attacks increased each month. Plus, I think when your main selling venue is eBay, it's natural to turn over responsibility to eBay for maintaining the buyer's level of online security and confidence.
In a recent poll conducted by the NCSA and Symantec, more than 63 percent of participants didn't finish purchasing an item because of security concerns. I'm not sure if I want to leave 63 percent of my potential business up to eBay. You can read the results of this online security survey and learn what specific buyer concerns you can address.
A bargain is only a good deal if it saves you money
After learning about the risks of being online, and continually learning more about protecting myself, I do feel safer shopping online than in the "real world," where it can be much easier to grab my financial and identity information. However, the NCSA's Top 10 Holiday Online Shopping Tips are always good reminders for all of us.
Don't trade security for a bargain
As cost-conscious shoppers focus on the lowest prices this economically difficult holiday season, the NCSA warns consumers to always be mindful of their online security.
"A bargain is only a good deal if it saves you money," Kaiser says. "If a 5-percent discount costs you your identity, your cash or hours of phone calls with your credit card company, then you've been fleeced."
Kaiser recommends knowing who you're doing business with online. Type the business name and the word "review" into your search engine. If unfavorable or no reviews pop up, that's a reason to beware.
The NCSA's security tips include:
Be on the defensive
Before you start your holiday shopping online, make sure you have good firewall, anti-virus and anti-spyware software installed. Make sure that software is up to date so that attackers can't take advantage of vulnerabilities. Many operating systems and browsers offer automatic updates, so be sure to enable this feature.
It's also a good idea to take a few minutes to check your browser and e-mail security settings. These should be set to at least medium to ensure you're informed of risks but still able to surf freely. Also, take advantage of security features, such as passwords and others that can add layers of protection if used appropriately.
Look for signs the site is secure, such as a closed padlock on the browser's status bar
Know thy seller
It makes sense to do some research on a seller you've never done business with. Sometimes, legitimate-looking Web sites are actually malicious sites set up to steal your information. One way to verify the seller is legit is to locate their phone number and physical address in case there's a problem with your transaction or your bill.
But before you enter any personal or financial information, look for signs the site is secure, such as a closed padlock on the browser's status bar. Another clue is that the beginning of the Web site's URL should be "shttp" or "https," indicating the page is encrypted or secured. However, even if the site is secure, don't enter sensitive information if you're on a wireless network.
Beware of TMI
When buying online, be wary about providing personal information that's not necessary to complete the transaction. Before you enter any personal or financial information, read the site's privacy policy and understand how your information will be used and stored.
Never enter sensitive information on a site that you clicked to from an e-mail. Phishing and spoofing scams are very common and increasingly sophisticated. Legitimate businesses will not ask you for personal or financial information through e-mail.
According to the NCSA, credit cards are generally the safest online-payment option
Pay safely
According to the NCSA, credit cards are generally the safest online-payment option because they allow buyers to get reimbursed if the product isn't delivered or isn't what was ordered. Also, unlike debit cards, credit cards may have a limit on how much you'll be responsible for covering if your information is stolen and used by someone else. Avoid sending cash through the mail or a money-wiring service because you'll have no way to prove your loss if something goes wrong.
It's also smart to keep a paper trail. Print and save records of your online transactions, and keep copies of any e-mail exchange with the seller. Look over your credit card statements as soon as you get them to make sure there aren't any unauthorized charges. If there is a discrepancy, report it immediately.
Use the 'off' switch
When you're done shopping for the day, turn off your computer. Computers left running and connected to the Internet are an open invitation for scammers to inject malware into your system, and control it remotely to commit cyber crimes like spamming and phishing.
To learn more about safe online shopping, and cyber security in general, visit www.staysafeonline.org, www.uscert.gov and www.onguardonline.gov.
Stay safe. Protect your family, your computer and your valuable information—at the holidays and year-round.