Computer Crime Research Center


Online shoppers getting security savvy

Date: July 18, 2008

With rising levels of online fraud, internet shoppers are becoming increasingly savvy about checking for some kind of security before paying for their goods.

According to a survey published today by, 98 per cent of shoppers check for some kind of security before paying. Just three per cent say they would trust a small online business. Ease-of-use lulls consumers into false sense of security 79 per cent trust sites that have clear and easy payment instructions.

A whopping 98 per cent of us do at least one security check on websites, and over 90 per cent look at three or more security features, before clicking pay. However, the survey also indicates that almost four fifths of people would trust a site that was easy to use regardless of its security features.

With internet fraud reaching over £290 million in 2007 (source: APACS), consumers have become increasingly vigilant over website security. According to the survey, the most popular checks are: Padlock icon in the web browser (88 per cent) Presence of UK contact address and phone number (85 per cent) Clear refund and returns policy (85 per cent) Logos of reputable payment providers, e.g. Verified by Visa (82 per cent) Customer testimonials (54 per cent) IMRGs Internet Shopping Is Safe logo (50 per cent).

As the popularity of online shopping grows, so does the risk of online fraud. To help keep your personal and financial details safe, leading online payment provider, shares the following 10 indispensible questions, which every sensible cardholder should ask before shopping on the internet.

1. Am I in control of the computer Im using? If its your own machine, ensure that is has up-to-date virus protection, a firewall and the very latest version of your chosen internet browser. Anything less may have security vulnerabilities. If its a public computer - for example in a library or internet café - be absolutely certain that the administrator performs these same security updates routinely and verify with them that other users are not permitted to install software on the machine, or your activity may be more closely tracked than your realise!

2. How much do I really know about my retailer? Taking time to find out a bit more about your retailer is sensible, even if their website inspires confidence; and particularly when it doesnt! Search their site for full contact and address details and place greater trust in UK addresses and phone numbers. Think twice about a retailer who can only be contacted via their website; is that going to be enough if things go wrong in future? Check out web communities and review sites such as to get an honest opinion.

3. Where will all my personal details actually go? Publishing the logos of the various card schemes such as Visa and MasterCard should be a basic indication that your selected retailer has been approved to accept these cards. But when it comes to taking payment, ask who is actually processing all your personal details? Will your card data fall into the wrong hands? Check for logos or references to a payments provider - such as - and if necessary find out more about them. If you are re-directed to a separate company for payment, apply all the same common sense checks as you have done for the retailer.

4. Will my card number be processed safely and securely? Whether you remain on your retailer website or are directed to a payments site, without fail ensure that before entering any personal or financial details you can see that the URL of the page in the browser location bar begins https:// - an indication that you are connected to a secure page and any information you submit will be encrypted. You should also see a yellow padlock icon or similar in the bottom right of your web browser to indicate that the security of the site has been independently checked and certifies that the retailer is who they say they are!

5. How much information should I have to provide? Being asked for verification information like your address or the security code from the reverse of your card should never be treated as an inconvenience. Businesses that do little to verify cardholder details are magnets for payment fraud as they allow stolen card details to be used with relative ease. What might have been quick and simple for you will also be easy for fraudsters if your card number falls into the wrong hands!

6. Do my retailer and card issuer support 3D Secure? 3D Secure is a free service which is reducing card fraud on the internet - in just the same way Chip &Pin has on the high street. For Visa cardholders it is known as Verified By Visa. MasterCard and Maestro cardholders use MasterCard SecureCode. If your card issuer has not registered you for this service, contact them and ask why! If your chosen retailer doesnt support these services or display the associated logos, consider making your purchase elsewhere. Supporting businesses that adopt these practices can help eliminate those where card fraud occurs.

7. Where is my order acknowledgement? Do I need it? Most internet retailers will send you an email receipt containing details of your transaction and instructions in the event of any problems. If you dont receive a confirmation, check your junk mail or spam folder first, and then contact the retailer themselves. An acknowledgement is a vitally important personal record of your payment and often contains guidance on what to do should things go wrong. If there are significant problems, dont rely on simply being able to revisit the retailer website, keeping a local copy of transaction and contact details is essential.

8. Should I have used a credit card or debit card? If you have a credit card then the simple answer is to use it for your online purchases. EU law protects you from fraudulent use of your credit card and all issuers should cover you in the event of unauthorised transactions - a significant difference in personal cost if your card details are compromised. Whatever card you use, if you have access to online reporting: use this too. Be vigilant and check your card statements regularly to identify unusual activity; you have 90 days in which to report a suspect transaction.

9. What can I do if I have a problem? Although fraud is on the increase, many retailers are every bit as sensitive to these problems as it incurs costs and damages confidence. Therefore, if a problem does occur, contact the retailer first and allow them a reasonable length of time to respond. There will often be a simple explanation. The retailer could also be an unwitting victim of fraud. However, if you are unable to resolve your concerns or obtain a refund, contact your card issuer. You can also contact your local Trading Standards Office or even the payments provider - for example

10. I received a request for my payment details? What do I do? Even if the request has originated from a retailer or business with whom you previously made payment, never under any circumstances simply provide your card or personal details on request, and certainly never via email. Any trustworthy retailer or payment company will never take payment details for online transactions via anything other than a secure site and will never process any follow up transactions from your card unless you have specifically authorised the payment via their website. If in doubt contact the retailer directly before taking any further steps.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo