How do I know if a website is secure?

August 24, 2012 20:10 by Consumer Ed

Dear Consumer Ed:  

When I started shopping online and banking online, I was told that if I saw a closed padlock symbol on the screen that the site was safe for me to use because it is encrypted. Is that still true with all the stories I read about online hacking?

Consumer Ed says: 

Because online fraud cases have increased substantially from year to year, anytime a web page asks you for sensitive information, you do need to be able to identify whether the page is secure.  The padlock symbol is one of several ways of knowing if a page is secure. 

Here are a few tips to help you determine whether a page is safe. First, while all web page addresses (URLs) begin with the letters “http”, the address displayed over a secure connection should begin with “https”—note the “s” at the end.  This indicates that the data you enter is encrypted for security, meaning it is scrambled before being sent to the remote site and then decrypted so it can be used.  The same process occurs when the remote site has to send information back to you.  That way, if an unauthorized person intercepts the data, it is unreadable. 

The home page of a site will probably just have a regular “http” URL, such as http://www.Amazon.com.  But if you go to a page within the site that asks you to enter your email address, account number, password, credit card information or other sensitive information, the URL should change to one that has “https” at the beginning.  If it doesn’t, do not enter your information.

Second, when you are on a secure site, your web browser will usually show a “padlock” icon somewhere on the edge of the browser window (but NOT in the web page display area).  For example, Microsoft Internet Explorer displays the lock icon near the right end of the address bar.  The lock icon is not just a picture:  you can click on it to see details of a site’s security.  This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser.  Before you can know that the lock icon is genuine, you should test its functionality by clicking on it to see whether it actually takes you to the company’s security policies. 

Third, if you arrive at a website from a link in an email message, verify that the website is legitimate before you provide any information to the site – even if you received the email from someone you trust.  Phishing websites can sometimes send email messages that mimic, or spoof, legitimate email addresses.  Phishing is an email scam in which the sender tricks the recipient into revealing personal or confidential information, which the scammer then uses for illicit purposes, such as to commit identity theft or to make unauthorized financial charges.

A good example of this type of scam is a phony Bank of America email that has been circulating recently.  The subject of the email says: “Bank of America Alert: Your Online Statement Is Ready”.  The message appears to be legitimate (especially if you actually are a Bank of America customer), however it is actually a bogus email intended to get you to divulge your banking credentials.  If you ever receive any email messages from an institution with which you have an account, it is always safest to go directly to their main website in order to access your account. 

If you are suspicious about an email, you can determine whether a website link is legitimate by first placing your mouse pointer over the link WITHOUT ACTUALLY CLICKING ON IT. This allows you to notice what web address is displayed in the little window that comes up.  If it displays anything other than the legitimate web address of the financial institution, then it is probably bogus. In the Bank of America email mentioned, there is a link that says “View your statement online today.”  However, when you place you pointer over that link the address that is revealed is very clearly NOT a Bank of America address.

If you are visiting a retail website, check the site for a phone number or street address.  If the site only provides an email address, send a message to the address to request additional contact information. Do not provide personal information to a website that has no contact information.

All this aside, if you are still reluctant to put your financial information out there, you can almost always contact the company via telephone to place your order.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


How can I protect myself from a data breach?

October 24, 2011 20:25 by Consumer Ed

Dear Consumer Ed: 

I have tried to do everything I can to protect myself from identity theft.  But what can I do about data breaches?

Consumer Ed says: 

A data breach occurs when sensitive or confidential data (e.g. bank or credit card account numbers, Social Security Numbers, medical records, driver’s license numbers) is stolen, copied, viewed or used by an unauthorized person.  The perpetrator could be an employee, a partner or an external person, such as a computer hacker.  The threat of a data breach is quite serious, but fortunately, there are a few steps you can take to detect and prevent misuse of your information in the event that a data breach does occur.

First and most importantly, take the time to review your credit card and bank statements each month to make sure there aren’t any fraudulent charges on your account.  If there is a suspicious charge or one you do not recognize, contact the financial institution immediately and report it.  Ask them to close any accounts that you know or suspect were compromised and ask for replacement cards with new account numbers and PINs. Find out if there have been any unusual requests such as change-of-address or requests for additional or replacement credit cards. Instruct the card issuer not to honor any requests regarding your card without your written authorization. 

Under the Georgia Personal Identity Protection Act, companies are required to notify all Georgia residents who may be affected by a data breach. However, there may be a delay in notification while law enforcement investigates the data breach, while the scope of the breach is determined, or while the system’s security is restored.

If you discover that you have been the victim of identity theft, contact each of the three credit reporting agencies – Equifax, TransUnion and Experian – and place a security freeze on your account. With a freeze in place, the information in your credit report will not be released to anyone, thereby making it almost impossible for an identity thief to open a new credit account in your name. Note that you will need to temporarily lift the freeze (by providing a password) if you yourself wish to apply for a new loan or credit card. 

You should also report the identity theft to the police, as you may need to provide a copy of the police report to your bank, creditors and credit reporting agencies.

To ensure that an identity thief has not opened up a new account in your name, you should review your credit report. To obtain a free copy of your credit report, go to annualcreditreport.com or call 877-322-8228. If there are any accounts on your credit report that you did not open, contact the credit bureau to report the fraud and dispute the charges.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


Credit card company wants copy of Social Security card

February 17, 2011 22:42 by Consumer Ed

Dear Consumer Ed:

I recently applied for a credit card for the first time. Although I entered my social security number on the application, I received a request from the credit card company for a copy of my actual social security card. Is this normal? Is this safe?

Consumer Ed says:

This is a troubling question.  In these times of rampant identity theft, it is very valid for a credit issuer to try to determine that you are, in fact, the person you say you are.  However, we discussed this scenario with the Georgia Department of Banking of Finance and several Georgia banks. All of them said they could see no valid reason that you should be asked to provide your actual social security card.  So, while the request may well be legitimate, it seems outside of normal practices.

Before completing this credit card application, make sure you are dealing with a reputable company.  For example, is it a major bank? If so, you might want to go into one of their branches to apply for a card, so you can show them your identification in person.  If that is not possible, you could call and speak to a manager of the company. Explain that you are not comfortable with sending a copy of your social security card and ask if they can process your application without it.  If you have never heard of the financial institution in question, you might want to think twice before providing them with personal identifying information.

 

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


Credit/Debt
nav_cap