December 05, 2006 08:00 ET

Media Advisory: Not Just for the "Wise Men"...Tips for Safe Holiday Online Shopping

Courtesy of Deloitte's Security & Privacy Services Group

TORONTO, ONTARIO--(CCNMatthews - Dec. 5, 2006) - The fast approaching holiday season is one of the busiest times of the year not only for brick-and-mortar stores but also for online retailers. $7.9 billion! That's the value of goods and services purchased by Canadians online last year, with three-quarters of online shoppers using the Internet as a platform for paying for these products (Statistics Canada, E-Commerce: Shopping on the Internet, November 2006). Unfortunately, the holiday season is also one of the busiest times of the year for unscrupulous individuals who try to take advantage of the online shopping spree and lure innocent shoppers to disclose sensitive information such as passwords and credit or bank account numbers. No wonder four out of every five Canadians surveyed expressed a concern about paying for goods over the Internet (Statistics Canada).

To ensure customers' online shopping experience remains joyful and secure, Deloitte's security and privacy professionals offer the following tips for safe online shopping:

- Make sure the firewall, anti-virus and anti-spyware software on your computer are updated and running. Scan the computer to detect any malicious programs (Trojan horses, spyware) that may have been planted by hackers to disclose sensitive information or to misdirect you to a fraudulent web site. If your operating system offers free software upgrades to close security holes, make sure to install them before you embark on your online shopping spree.

- Avoid using Internet Kiosks and Internet Cafes to conduct online transactions. Kiosks may contain malicious code such as key stroke loggers to capture your username and password, and other personal information.

- Verify that your browser has been updated with the latest security upgrades (also known as patches) and that it supports 128-bit encryption. The browsers encryption level can be found in the "Tools" menu, under the "About" option. A high encryption level ensures that sensitive data, sent via the web while shopping, cannot be identified and used by unauthorized people. Consider upgrading the web-browser to the latest version as it provides a better security level and tools.

- When using a wireless network, either at home or in a public venue, make sure the wireless access point you are using has strong wireless security and controls built in such as Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA). These controls, identified by a yellow lock icon next to the network's name, will ensure that your passwords and other sensitive data are protected on the wireless network you are surfing. These controls will also protect your data from being intercepted by "war-driving" hackers trolling to gain unauthorized access to your computer or data.

- Never respond to emails requesting that you log in to a shopping/financial website claiming that your login credentials need updating or your account is in arrears. Also, avoid entering websites that have sent you their link via email. Unscrupulous individuals, who attempt to steal your personal data, often use this technique, also known as Phishing, to lure customers to bogus, look-alike websites to collect sensitive information. Never click on website addresses sent via email.

- Never send your financial information via email as it is not a secure method of transmitting information such as credit card, chequing account or social insurance numbers. If you initiate a transaction and want to provide your financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins https: (the "s" stands for secure). Be careful because unfortunately, no indicator is foolproof. There have been cases where some fraudulent sites have forged security icons.

- Avoid clicking on links in pop-up ads. Some pop-up ads are used as traps, allowing hackers to install harmful files on your computer that log and record keyboard strokes, collect sensitive information from the computer's hard-drive and allow hackers to take over your computer remotely.

- Look for "Seal of Approval" icons provided by different authorities such as Verisign, WebTrust, etc. These seals verify that the web site has been reviewed for adherence to their stated privacy and/or security policies.

- Avoid opting for the "Remember Password and Username" option. Although some websites and browsers offer this option as a convenience, anyone who uses your computer will then have the ability to gain access to your account and personal information.

- Print and save records of your online transactions, including the product description and price, the online receipt, and copies of correspondence with the seller. Read your credit card statements as you receive them and be on the lookout for unauthorized charges.

Contact Information