How do I know if a website is secure?

August 24, 2012 20:10 by Consumer Ed

Dear Consumer Ed:  

When I started shopping online and banking online, I was told that if I saw a closed padlock symbol on the screen that the site was safe for me to use because it is encrypted. Is that still true with all the stories I read about online hacking?

Consumer Ed says: 

Because online fraud cases have increased substantially from year to year, anytime a web page asks you for sensitive information, you do need to be able to identify whether the page is secure.  The padlock symbol is one of several ways of knowing if a page is secure. 

Here are a few tips to help you determine whether a page is safe. First, while all web page addresses (URLs) begin with the letters “http”, the address displayed over a secure connection should begin with “https”—note the “s” at the end.  This indicates that the data you enter is encrypted for security, meaning it is scrambled before being sent to the remote site and then decrypted so it can be used.  The same process occurs when the remote site has to send information back to you.  That way, if an unauthorized person intercepts the data, it is unreadable. 

The home page of a site will probably just have a regular “http” URL, such as http://www.Amazon.com.  But if you go to a page within the site that asks you to enter your email address, account number, password, credit card information or other sensitive information, the URL should change to one that has “https” at the beginning.  If it doesn’t, do not enter your information.

Second, when you are on a secure site, your web browser will usually show a “padlock” icon somewhere on the edge of the browser window (but NOT in the web page display area).  For example, Microsoft Internet Explorer displays the lock icon near the right end of the address bar.  The lock icon is not just a picture:  you can click on it to see details of a site’s security.  This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser.  Before you can know that the lock icon is genuine, you should test its functionality by clicking on it to see whether it actually takes you to the company’s security policies. 

Third, if you arrive at a website from a link in an email message, verify that the website is legitimate before you provide any information to the site – even if you received the email from someone you trust.  Phishing websites can sometimes send email messages that mimic, or spoof, legitimate email addresses.  Phishing is an email scam in which the sender tricks the recipient into revealing personal or confidential information, which the scammer then uses for illicit purposes, such as to commit identity theft or to make unauthorized financial charges.

A good example of this type of scam is a phony Bank of America email that has been circulating recently.  The subject of the email says: “Bank of America Alert: Your Online Statement Is Ready”.  The message appears to be legitimate (especially if you actually are a Bank of America customer), however it is actually a bogus email intended to get you to divulge your banking credentials.  If you ever receive any email messages from an institution with which you have an account, it is always safest to go directly to their main website in order to access your account. 

If you are suspicious about an email, you can determine whether a website link is legitimate by first placing your mouse pointer over the link WITHOUT ACTUALLY CLICKING ON IT. This allows you to notice what web address is displayed in the little window that comes up.  If it displays anything other than the legitimate web address of the financial institution, then it is probably bogus. In the Bank of America email mentioned, there is a link that says “View your statement online today.”  However, when you place you pointer over that link the address that is revealed is very clearly NOT a Bank of America address.

If you are visiting a retail website, check the site for a phone number or street address.  If the site only provides an email address, send a message to the address to request additional contact information. Do not provide personal information to a website that has no contact information.

All this aside, if you are still reluctant to put your financial information out there, you can almost always contact the company via telephone to place your order.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


Refund policies for online merchants

April 11, 2012 18:54 by Consumer Ed

Dear Consumer Ed:

I purchased some merchandise online.  The company shipped the order, which I later returned.  The merchant never posted a credit, so I notified my credit card company and requested a chargeback.  The merchant is now saying, "All refunds are for merchandise only.”  Can they do this?  I'm pretty sure the website did not have this language before, but I can't be sure.

Consumer Ed says: 

It sounds as if the merchant is saying that when an item is returned, they will only give store credit or exchanges rather than a full refund.  In Georgia, merchants are not required to give a refund or credit unless the merchandise is defective, or if the buyer was persuaded to purchase the item based on deceptive or misleading advertising.

Most sellers offer some sort of refund or credit because they want customers to return, not out of any legal obligation.

However, sellers are required to clearly state their return/cancellation policies. If you were sure that the website did not say "all refunds are for merchandise only" at the time of your purchase, then you might be able to claim that it was deceptive of them to misrepresent your refund or cancellation rights. But if the seller did disclose this policy previously, then you are probably out of luck.

If you believe the product you bought was defective, that the advertising was misleading or deceptive, or that the website did not disclose the return policies before you made the purchase, you can submit a complaint to the Better Business Bureau at www.bbb.org; to the Federal Trade Commission at www.ftc.gov; or to the Governor's Office of Consumer Protection at  www.consumer.ga.gov or by calling 404-651-8600 or 1-800-869-1123.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


Online merchant insisting on additional ID

February 4, 2012 00:42 by Consumer Ed

Dear Consumer Ed:

We recently ordered $800 worth of merchandise from an online store that we have purchased from in the past. A few days after placing the order, the company sent me an email stating that in order to complete the transaction, we had to email them photocopies of both front and back of the credit card used and a government-issued ID, and if we didn't they would cancel our order.  I called VISA, and they told me that the only companies allowed to request that additional information are hotels, airlines, car rental companies and cruise lines.  I did not send the company the information they requested, so they refused to send me my order. Can they do that?

Consumer Ed says: 

Many states have laws that dictate what kind of information merchants can and cannot ask for when a consumer pays with a credit card.  However, all merchants are subject to the rules and regulations outlined in their contract with the credit card company.  For example, your card company, VISA, has International Operating Regulations that state merchants cannot require a cardholder to provide any supplementary information as a condition for honoring a VISA Card, subject to some exceptions.  Supplementary cardholder information can include social security numbers, fingerprints, home or business addresses or telephone numbers, driver’s license numbers, photocopies of driver’s licenses, photocopies of the VISA Card, and other credit cards. As you stated, hotels, airlines, car rental companies, and cruise lines do fall within the exception to the rule. 

So, while a merchant may ask a consumer for identification, he generally may not deny a VISA credit card transaction because the consumer refuses to show identification.  Generally, a signed credit card is all you should need to present in order to avoid showing identification.  Be aware that identification may be required for other purposes, such as purchasing alcohol, tobacco products, or certain medications. 

Paying online or by phone can sometimes create an exception for the merchant, and they may ask for some identifying information, such as a zip code.  This varies a bit by credit card company:  MasterCard’s rule for merchants regarding supplemental identification is similar to VISA’s; American Express doesn't ban merchants from requiring customer identification, though it discourages the practice; Discover’s policy allows merchants to request identification if desired.  You should always contact your credit card company and ask about its policy regarding supplemental identification. Often, you will find that many merchants ignore or are unaware of this identification rule.  If you’re shopping in a store rather than online, and you don’t want to show identification, simply sign your card and refuse to provide ID if asked.  If you feel strongly about not showing identification, you may wish to print out a copy of the relevant merchant rule and ask to speak to a store manager. 

In your particular case, you can email the merchant a copy of Visa’s International Operation Regulations.  If the merchant still demands to see your identification, and then refuses you service if you fail to comply, you should contact your credit card company to open an incident report.  This will initiate an investigation, which can result in a warning or even a fine to the business for violating their merchant contract.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Rate This


Credit/Debt
nav_cap