Three simple yet important, things you should do to protect your identity while shopping or browsing online. Skip one, and you will definitely be putting yourself at risk:
1. Protect Your PC or Laptop
Has your computer ever been infected by a virus, or have you ever had Ad's pop up that you cannot stop? I know I have. The other day I received an email for an iTunes certificate that I wrongly assumed was from my wife or son. Normally, I check all of my emails to see where they came from, and I drag my mouse over any links to make sure they go where they say (IE: iTunes.com not iTunes.badsite.com). This time, in my excitement, I clicked on the link without checking.
Almost instantly my computer started going nuts. Browser windows started to open, one after another. A sick feeling began to spread in my gut when I realized someone was trying to take over my computer right in front of my eyes. As soon as I realized what was going on I quickly disconnected my computer from the Internet. Then I opened Windows Task Manager by pressing control, alt, delete, clicked on the Process Tab and found a program that I didn't recognize running with a really high CPU usage, and ended the process. That's when my anti-virus software kicked in and found the Trojan, which took a lot longer than I would have liked. After the Trojan was locked down, I ran a full system scan on my computer. Half of the day was wasted; what a pain!!
Contrary to popular opinion, if you're online long enough, it will likely happen to you. The Internet is a risky place, luckily there are ways to protect yourself while shopping or doing anything online.
The first thing that you need to do is put a good anti-virus program on your computer. The average anti-virus program will cost you anywhere between $40 and $60 a year, though Microsoft's Security Essentials is free. A anti-virus software that is updated on a regular basis can protect your computer from all kinds of Viruses, Worms, Malware and Trojans. An anti-virus program will actually watch for these problem files as you surf the Web or open emails. Unfortunately, anti-virus software is not always enough. You may need a good Ad blocker / Anti-Spyware program if they're not included with your anti-virus software.
Here are some good anti-virus programs: Norton Anti-Virus by Symantec, McAfee Anti-Virus, and AVG Anti-Virus. If you need an ad blocker or anti-spyware program I recommend: Ad-Aware by Lavasoft, and Webroot Spy Sweeper.
Keep in mind that having a good anti-virus / anti-spyware program doesn't mean you'll never have any problems, but it does mean you'll have considerably less, and you will recover a lot faster if you suffer an attack. You'll be much more safe and secure, especially if you don't click on Trojan laden emails. :)
2. Protect Your Personal Information
In order to prevent disaster and protect yourself when shopping online, ask yourself: Does the site have an SSL certificate; does the page go secure before you enter your credit card or any personal information?
Most people know to look for the lock at the bottom of the page. Looking for the lock is a great start, but you also need to look at the address bar at the top of your browser and make sure the URL says: HTTPS (the "S" means "secure") or https and the name of the website. Here's an example of how it should look: https://www.website-name.com or https://website-name.com
The "https" and the lock let you know that that page has gone secure, and it's safe to enter your credit card or personal information.
In simple terms a SSL certificate scrambles your information so it can travel safely from your personal computer to the actual website where it is unscrambled for the website to use, like charging your credit card for the coat you just bought.
I like to picture an SSL certificate as a big armored truck; like the ones banks use to move money safely from one place to another. Well, imagine that big armored truck taking your precious personal data and traveling safely from your computer all the way through the Internet maze to the website you want to buy from. It's a comforting image, but what happens when the armored truck gets to the website? Is the website itself safe?
The fact is that an SSL certificate and lock are only the beginning.
3. Only Shop at Protected (Scanned) Websites
Secure and Safe are not the same things. Going back to my earlier example of the armored truck: Can you imagine backing that armored truck up to a bank (the website) that has an open vault, some of the outside doors and windows unlocked, or even open all night? And, if that's not bad enough, the Bank owner is there in his fancy office relaxing in his big soft chair thinking that everything is safe and secure. All because he believes the building owner (the hosting company) has checked and locked all the doors and windows for him.
Having a website that has not been scanned is just like that open, exposed bank. The fact is that over 73%* of all websites have vulnerabilities or security holes that hackers can use to modify or harvest data from the site. That's a scary number when you think about it.
What makes it even more scary is that most of the website owners we surveyed** believe their site is safe. Much like the banker in my story, they wrongly believe that their hosting company is protecting their website. Sadly, this applies to large and small websites, even those owned by multimillion dollar companies. (Remember when T.J. Maxx was hacked? It cost them millions and they almost lost their business.)
Website security in general is so bad that the big credit card companies like Visa, MasterCard, Discover and American Express have gotten together and formed the Payment Card Industry Council also known as the PCI Council to help protect websites and you their customers who use credit cards, from identity theft and credit card fraud, while shopping online.
- The good news is that the PCI Council is requiring PCI scans on all new websites that accept and process credit cards. This PCI scan or Website Security scan looks for thousands of vulnerabilities or access points (open doors and windows). Once the website is scanned, a report is produced and given to the website owner so that they can correct the vulnerabilities or close the security holes, protecting the website and you from outside attacks by Hackers, Trojans and Worms.
- The bad news is, this is not currently being enforced and most website owners have no idea their site is not safe, and needs to be scanned.
Wouldn't you like to know which sites are scanned every day?
3a. Scanned Sites are Safer, but What do I Look For?
The two most popular companies or sites that do approved PCI compliant scanning are Trust Guard and McAfee Secure (formally known as Hacker Safe). You've probably seen their security seals, as you've visited different websites across the Internet. Website owners who understand the need for PCI Security Scans, and understand the benefits, always manage to seek out these companies.
Trust Guard and McAfee Secure, scan website on a daily basis. When the site passes the PCI vulnerability scans and has no security holes. They receive a Security Scanned Seal that shows visitors that their site has been scanned and is safe.
|Trust Guard daily scan
seals look like this >
|| or this >
Seeing one of these seals is not the final step, but it takes you closer to knowing that the bank vault and all the doors, and windows have been closed and locked, and the website is safe and secure.
3b. Make Sure the Seals are Real, then Shop with Confidence!
Okay, so you know what the trust seal's or should I say security scanned seals look like, how do you know they are real? This last step is really important.
Believe it or not, there are some unscrupulous website owners that will copy a trust seal and stick it on their website, just because they know it will help increase buyer confidence and sales.
Unfortunately, the McAfee Secure seal is highly susceptible to this because they are quite simple to copy and lack security features. Occasionally, this can also happen to Trust Guard seals even with their security features in place.
So, how do you tell if the seals are real and the website has really been scanned?
For Trust Guard seals:
- First, you'll notice that Trust Guard's seals are quite detailed, and they always include a form of the website or companies name inside the seal, this makes it harder to copy. It will also say; Passed with today's date, or Valid Thru a future date. (In Blue below.)
- Drag your mouse over the seal and hold it there. Now look at the bottom of your browser window. You'll see it shows a URL that starts with https://secure.trust-guard.com. (In Green below.)
- When you click on the seal its self, it should open up a new window that has a URL that starts with https://secure.trust-guard.com in the address bar at the top of the browser window. And it should also have the trademarked Trust Guard logo at the top of the page. (In Yellow below.)
For McAfee Secure seals:
- McAfee Secure has a simple seal that will say; Tested and today's date. (In Blue below.)
- Drag your mouse over the seal and hold it there. Now look at the bottom of your browser window. You'll see it shows a URL that starts with https://www.mcafeesecure.com. (In Green below.)
- When you click on the seal its self, it should open up a new window that has a URL that starts with https://www.mcafeesecure.com in the address bar at the top of the browser window. And it should also have the trademarked McAfee Secure logo at the top of the page. (In Yellow below.)
Both companies have different sized seals, and Trust Guard seals can be red, blue, green, or gold, so don't let that throw you off. The important thing is to make sure you drag over the seal and make sure it's real.
Once you have done these simple steps you can shop with confidence, knowing your identity and information is being protected!
Identity Protection, A quick recap
1. Always protect your PC or Laptop with an up to date anti-virus / anti-spyware programs, before you do anything online.
2. Look for the lock at the bottom of the page and the "https" in the address bar, and make sure the web page goes secure before you enter your credit card or any personal information. SSL certificates only protect information as it travels from your computer to the website.
3. Look for a Security Scanned seal from one of the top sites like Trust Guard, or McAfee Secure.
- Make sure the Trust Seal is Real. Drag your mouse over the seal, click on the seal, make sure it opens with the right URL https://secure.trust-guard.com or https://www.mcafeesecure.com.
Co-founder Trust guard
* This is based on actual scans performed by Trust Guard. Other sites and companies report numbers as high as 85.6%, the reality is this is a huge problem that is not getting the press it should.
** We surveyed over 1,500 website owners.