Internet Safety
Protecting Your Financial Transactions
Introduction
The Internet has made banking, shopping, and conducting other financial transactions online quite convenient. But when it comes to our money, we definitely want to make sure our transactions are safe.
In this lesson, we will review strategies you should employ when dealing with money and the Internet. You will learn how to make sure a website is secure, including checking the SSL certificate. In addition, we will show you the steps you need to take to make shopping online a safe and enjoyable experience.
When is a website secure for financial transactions?
Before sending any sensitive or financial information online, you want to know that you are communicating with a secure site. Secure sites make sure all information you send is encrypted, or protected, as it travels across the Internet. The https address heading and your browser's security symbol are two signs indicating you are on a secure site.
Https
Web addresses either begin with http or https. If the address is https, the information you send to it is encrypted and will look like gibberish if intercepted by cybercriminals.
Security symbol
Your browser will use a security symbol or a lock to indicate that the browser verifies the website is a secure site. As seen in the examples below, the look of each browser's symbol can be slightly different, and it is usually located in the address bar.
Security alerts and the SSL certificate
SSL certificate
Secure sites have an SSL certificate. An SSL certificate does two things. First, it acts like a virtual passport or driver's license. It means, "I am who I say I am". Second, it enables encryption. If a site does not have an SSL certificate, the address will begin with http instead of https, and your browser will not show a lock symbol. If it does have an SSL certificate, you can access it by clicking your browser's lock.
What should I look for on an SSL certificate?
The following is an example of an SSL certificate accessed by Firefox. Your browser's SSL certificate may look different from Firefox's, but you should have access to the same information.
- Issued To: Check here to make sure the website you are doing business with matches the website on the certificate.
- Issued By: Make sure the certificate authority that issued the SSL certificate to the website is trustworthy. There are many different certificate authorities, and like all companies some are more trustworthy than others. Verifiable SSL certificate authority companies that you are likely to see include VeriSign, RSA Data Security, Thawte, Geotrust, GoDaddy, and Comodo.
- Validity: Make sure the SSL certificate is not expired. If it is expired, your information is not guaranteed to be encrypted.
What about phishing?
Secure sites can protect your information from being intercepted by cybercriminals, but you also need to be aware that cybercriminals can contact you directly through phishing scams. Many phishing scams are made to look like official notices from your bank, credit card company, or other financial institutions. Cybercriminals can send official-looking emails and create official-looking websites pretending to be an organization you trust in order to trick you into giving up credit card numbers and other account information.
In the Email Tips for Scams and Spam lesson, we talked about some of the ways to identify a phishing email. Below is the interactive we introduced in that lesson, if you would like to review it.
Action Required!
Scammers often try to make us think that not taking urgent action will result in something unwanted, such as a freeze on our bank account.
Trust your instincts. If an email from your bank is out of the ordinary, give them a call.
Misleading Link Names
Whenever you see a link, it might be helpful to think of it as a mask or a costume. What's underneath--the web address--is what counts.
Just because this link says www.bankofamerica.com, does not mean that is where it has to take us. The link could be set to take us to any page on the internet--and that's why you never want to click on links from untrusted or suspicious sources.
When in doubt, type the web address into your browser yourself. That way, you know exactly where you are going.
Logo Fraud
If this looks identical to Bank of America's official logo to you, that's because it is simply a copy or screenshot of their logo taken from their webpage.
Keep in mind that it is easy to make an unauthorized copy of any logo.
Concerned Subject Line
Fraudulent emails often have Subject lines that look important and appear to show concern for your safety. And who wouldn't be concerned about an alert on their bank account!
Here are just a few examples of Subject lines that have been used on fraudulent emails.
• Message Alert - You Have 1 Important Message
• Important Online Banking Settings Have Been Changed
• New Privacy Program (May 2010)
• Unauthorized Login Access Denied
• Bank of America Security Update
• Your Bank of America Account has been compromised
• Email Verification Required
Deceptive Addresses
Scammers often create websites and email addresses that are slight variations of familiar, authentic material.
Look closely at this address, and notice that it is bankofamercan.com, with an added "n".
A scammer can place any address they want in the from field, so sometimes the email will appear to be totally authentic (this is known as email spoofing). That means you cannot always rely on the from field to tell whether the email is from a legitimate source.
Never respond to emails, pop-ups, text messages, or phone calls from your financial institutions asking for personal information. Always call them to verify if there is a problem.
Safe online shopping
Online shopping is a convenient way to shop, giving you access to products that may not be available to you locally. However, as with any online financial transaction there is the potential for fraud. When using a shopping site, you should practice the normal safety precautions that include making sure a site is secure, carefully reading the terms of use, and utilizing your security programs.
Click the buttons in the interactive below to learn some safety tips for shopping online.
Research the Company or Seller
Anyone can set up a shop online, so it is important to research a company or seller before buying from them.
Make sure the business has a legitimate physical address and phone number you can contact if there is a problem.
Also, check for reviews and online reputation from Google or other sites.
Understand the Terms and Costs
If you are unfamiliar with a product, you may want to compare prices with another site or seller.
Remember to add shipping and handling to the total cost of your order. You should find out the delivery method and time frame. The Federal Trade Commission (FTC) requires sellers to ship items as promised or within 30 days.
Also, check the refund policy and find out who pays for shipping costs or restocking fees, if you need to return an item.
Pay with a Credit Card
Always use a credit card to pay for items online and never use your debit card. If you use a credit card, you are protected by the Fair Credit Billing Act, and can dispute charges and withhold payment during a creditor investigation.
It would also be wise to find out how your credit card provider helps protect your account.
A safe alternative to paying with a credit card is a service called PayPal. Several reputable sites allow this as a form of payment (for example, eBay, Etsy, and more). PayPal is acceptable because it offers many of the same protections as your credit card. To learn more, visit PayPal.com.
Closely Examine the Product
Items are not always as they appear online. It is important to read descriptions and closely examine a product, especially for size.
Items may not be in good condition if they are listed with words like "close-out," "refurbished" or "vintage."
Also, be suspicious if a price sounds too good to be true, as the product could be a fake or in faulty condition.
Enjoy Your Purchase!
As soon as you receive your item, check to make sure you are satisfied with it. If so, enjoy your purchase.
If you are not satisfied, then you will want to take quick action to return the item.
If the product does not arrive, contact the seller or follow up with your credit card company to stop payment.
Save and Print a Record of the Transaction
Always save and print records of your online transactions, which should include the receipt, order number, product description and price.
You will also want to save any email you send or receive from a seller, especially if there is a problem.
In addition, it would be wise to carefully read your credit card statements to make sure there are no unauthorized charges.
Additional tips for conducting online financial transactions
Leave no trace
Consider always conducting financial transactions in a private browsing session so your browsing history, passwords, and other private data will not be saved or accessible to anyone who uses the computer after you.
Make sure to log off the website and close all browser windows when you are finished. If possible, do not conduct any financial transactions from a public or shared computer or over a public wireless Internet connection.
Be careful with the back button
If you are making a purchase from an online store, the site has to gather and process information about your purchase. If you press the back button after you have entered information, it may cause the information to be sent again. Depending on the site, this could result in your credit card being charged twice. A similar thing could happen on a banking site if you press the back button while transferring funds.
If you accidentally press the back button, your browser will often ask you if you want to "send the form again", and you can click cancel to prevent it from resending.