In the old days, there wasn’t much talk about security when new ideas were being envisioned. But now, with the advent of the digital age and an ever increasing demand for online transactions, security is most crucial. It is not only the duty of app developers to build secure applications but also the customer (that means you) who need to be vigilant when you’re working with money online.
There have been numerous breaches that have been reported in the last few years. Take the Equifax leaks for example, that was the result of the company not following proper security measures or the Uber leaks, that was the result of employee negligence. But these so-called ‘mega breaches” are only reported because the government has mandated them to disclose breaches over a certain amount. There is not going to be any major investigations on the government’s part if your credit card information is stolen.
Thus, it is even more necessary for regular users, especially in the world where websites like PayPal (and PayTM in India) have become such a household name for online transactions, to know about security. Here is a list of the things that you need to make sure when you are either shopping online or involved in the transaction of money online.
Look for a HTTPS sign on the website URL
HTTP stands for Hyper Text Transfer Protocol which is how your browser communicates with the server where this website is hosted. Notice the ‘s’ after http? That stands for secure. This means whenever the browser (Chrome/Firefox/Safari) tries to interact with the web server, which could be Google or Facebook, it will do so securely. It actually uses SSL encryption which encrypts communication between the browser and the server to which it is connecting during online transactions.
If you come across a website that has ‘http’ instead of ‘https’. Do not enter any kind of information on it. By information I mean you credit card number, user name, password, address, date of birth etc. These websites use unencrypted communication between the browser and the server and your credentials could be sent in plain text! For someone in your network who is capturing this communication between the two parties, will be able to see your password clearly.
Be alert when using Public Wifi
The coffee shop across the street from you has installed a new Wi-Fi service? You would think you can get a coffee, browse the Internet, check your bank account information and go about your day. Here is where you are wrong. Public WiFi systems are breeding grounds for attackers who can hack into the system if it does not have the right security encryption standard (more on that later) and easily bypass the firewall. If you are not careful with what you do on the Internet, these people can steal your information and even have the ability to make your system unavailable to use for you.
Keep Secure Passwords
Are you tired of Microsoft asking you to change your password every fortnight? It does so to keep you secure. Password hacking is an art and quite a lot of people have done years of research trying to find better ways to keep them hack proof. They have tried to encrypt it with salt or hash. We have come to a conclusion that no password is impossible to guess. The only hindrance to an attacker is the time it will take for him/her to guess it. This is called computational complexity of passwords.
Your password should be difficult enough for a computer to take long periods of time to guess. It will guess it eventually, but the time it took to guess is too long to misuse it. A general rule of thumb is 8-15 characters long, contains at least one number, contains both lowercase and uppercase characters and has a special symbol. You can also check how much time a computer will take to guess your current password using this amazing tool.
In an earlier post, I explained how password managers help in increasing complexity of passwords and removing the need to remember them. This helps in creating complex passwords and securing our online presence.
Securing your WiFi
There are a number of things that you can do in order to secure your WiFi. Firstly, always make sure your home Wifi or the WiFi you are connecting to are secured using WPA2-PSK encryption standard. You can do this by connecting to the wifi and selecting Properties and observing the Security label on your phone or your laptop. All other encryption standards (WEP,WAP) are known to have vulnerabilities and can be broken easily by malicious attackers.
Secondly, keep a secure password for your WiFi which does not contain your name, house number or street address. This makes it difficult for others to guess your password. Same goes for your Wifi name. It should not be anything related to you. Treat it like your password so others cannot guess it. It is understandable that this method is a little inconvenient but you have to give up some convenience if you want security. Remembering your complex password is a small price to pay when it comes to safeguarding your personal information.
Be wary of Phishing scams
Phishing is a technique used in online transactions by hackers in order to lure you into giving them your confidential information. In a previous post, I talked about what phishing is and how to know if you have received a phishing email or not. It involves sending you threatening emails saying your bank information is compromised and will direct you a web page that looks like your bank page but is in fact a fake webpage created by the hacker. They can even send you emails that say you have won a lottery and they require some amount of money to be transferred to ship the gift to you.
Conclusion
It is not just the duty of the developers make online transactions secure but also us, as consumers, need to be vigilant to make online decisions and keep ourselves secure and protected.
2 thoughts on “Don’t fall prey to fraud: Follow these steps if you deal with money online”