Ground Rules for Online Banking and Shopping
Even though online banking and grocery shopping have existed in Sri Lanka for many years, the majority of Sri Lankans preferred doing these things offline. That was before COVID-19 gave them a limited array of options. According to a study conducted by “Survey Research Lanka” with 580 samples collected from the nine provinces, 47% of consumers purchased groceries online during the pandemic. Only 9% of consumers did so before the pandemic [Source: Daily News].
Although an impressive development it also leaves an opportunity for cybercriminals to steal valuable data such as credit card information because most consumers don’t know how to defend themselves from attacks. (I call them cybercriminals instead of hackers because they are a disgrace to the hacker community. Their activities are electronic cancer that eats away at humanity.) It’s the reason why I decided to share my ground rules for online shopping and banking today. I developed these disciplines after becoming a victim myself in the years 2009 and 2012.
Note: In the event, you feel these instructions are complicated feel free to drop me an email. I will be glad to help you further.
Ground Rule #1 for Online Shopping and Banking: Use Low-Risk Payment Methods
When shopping online, the majority of us use our credit cards. It has a significant drawback in that you do not realize your card information has been stolen until it is too late. Hence the first ground rule for Online Shopping and Banking. Use Low-Risk Payment Methods. Given below is a list of such methods I use when shopping online.
1. Devote a Debit Card for all Online Transactions
I maintain two savings accounts. I call them the primary savings account and the secondary savings account. I don’t keep any funds in the secondary savings account. Every time I want to make a payment, I use the smartphone app provided to me by the bank to transfer the amount needed from the primary savings account into the secondary savings account. Then I use the debit card linked to the secondary savings account for making the payment. Once the transaction is complete the account also becomes empty. Even if a criminal captured my card details, he has nothing but a string of numbers and a security code.
2. Use Direct Deposit or Electronic Funds Transfer
Use old-fashioned direct deposits or electronic funds transfers when making payments to local merchants. Banks don’t charge for transferring funds to accounts within the same bank. Even if the target account is in another local bank, it will not only cost you more than 50 rupees per transfer. The transaction could take up to thirty minutes to appear in the target account but it’s much safe compared to credit card transactions.
3. Cloak the Credit Card with PayPal for Security
If you must pay with your Credit Card, cloak it with PayPal. The popular online payments network lets you make payments online without revealing your credit card details to the merchant. (See to it that you protect the PayPal account with Two Factor Authentication) PayPal’s consumer security features can also guarantee that you get a refund if an item you purchase online does not appear or does not meet the seller’s description. This is particularly helpful when buying goods on eBay, where shop assurances are not always available.
4. Use Old Fashioned Cash on Delivery Method
This one is self-explanatory. Cash on Delivery or best known as “COD” is the simplest and the most secure low-risk payment method. A majority of the local online merchants still support this as a payment method in addition to credit and debit card payments. It’s old-fashioned but keeps the thieves away from your hard-earned money.
Ground Rule #2 for Online Shopping and Banking: Enable SMS Alerts for Transactions
It’s easier to detect fraudulent activity on your credit cards and online banking accounts if you can monitor their activities in real time. Hence the second ground rule for Online Shopping and Banking. Enable SMS Alerts for Transactions. Most banks have a facility where you will be alerted via SMS every time a transaction is carried out using your credit card (whether offline or online) or transfer funds to another account using online banking. Some banks upon request offer the facility for debit card transactions also.
Ground Rule #3 for Online Shopping and Banking: Enable Two Factor Authentication
From guessing to phishing, a criminal can employ zillion methods to steal your online banking passwords. Hence third ground rule for online shopping and banking. Enable Two Factor Authentication. When you have enabled 2FA for a particular account, you need more than just a username and password for logging into that account. Typically, with a unique PIN, generated by a mobile app like Microsoft Authenticator (available through Play Store and App Store) or sent to you via SMS by your bank every time you want to log in. That way even if a crook obtains your online banking credentials, he is unable to log in unless he has access to your phone.
Since it is faster and they can get away with the attacks most of the time, cybercriminals have been attacking individuals shopping and banking online rather than big businesses lately. Consequently, Sri Lankans are becoming a soft target for cybercrime ranging from credit card fraud to identity theft as the number of people banking and shopping online grows. The vast array of hacking methods available on the dark web, as well as consumers’ comparatively weak security habits, also have contributed to this situation.
It’s a relief to learn that local stores don’t keep credit card information on their computers. Even the banks seem to use industry-standard encryption mechanisms to protect online banking sessions. However, amid all of the seller’s precautions, a malware infection on the customer’s end will compromise protection. Hence these ground rules can provide an extra layer of protection at the consumer level.
I seek to foster thoughtful and respectful dialogue. Toward that end, I require that you use your full name when commenting. Also, any comments with profanity, name-calling, and/or a nasty tone will be deleted.