Online shopping is faster and more convenient than traditional shopping trips. But there are also more risks: the chance of meeting cybercriminals is several times higher than real robbers. We share tips on how to make online purchases as safe as possible.
Most often, fraudulent transactions with bank cards occur on the Internet. And every year people's financial losses are growing. For example, in 2020, fraudsters stole 1.5 times more money from cards than in 2019.
Where is the danger lurking?
The risk arises during purchases on websites and in applications, the use of electronic wallets, mobile and Internet banking.
The main weapon of cybercriminals is phishing. In other words, fishing out confidential data: passwords, card or account details to steal money from a card or from an online wallet.
Thieves play on psychology: they send SMS, emails and chat messages with a request, for example, to "confirm the account" or "restore access to the bank account."
The messages contain a link to a special phishing site — a double site of a bank, government agency or other organization. If you did not notice the substitution, then after entering your login, Internet banking password or card details, you will immediately transfer money to fraudsters.
How to protect yourself from phishing and other types of cyber fraud?
1. Use only personal devices
Make purchases, log in to your online banking or mobile banking only from your personal computer, tablet and smartphone. Be sure to put a password on them.
2. Protect yourself from viruses
Be sure to install an antivirus on all your devices, including mobile ones, and update them regularly. A good antivirus package always includes protection against phishing and virus programs.
3. Choose safe sites
4. Use a secure payment system
When you go to the payment page, look for the logos of MasterCard SecureCode, Visa Secure and Mir Accept programs. These programs, using 3D-Secure technology, additionally protect you while shopping online.
If the online store supports this technology, after entering the card details, it will redirect you to the bank's secure Internet page. To confirm the purchase, the bank will send an SMS with a one-time password to the mobile phone number linked to the card or account. Do not tell anyone this code — just enter it in a special field on the payment page.
5. Get a separate card for online purchases
If you often make purchases or pay for services on the Internet, such as telephone communication or fines, it is safer to use a separate card for this. Deposit only the amount you are going to spend on it, and set a limit on the number of operations per day. Some banks allow you to create virtual cards that are valid only for one online purchase.
6. Do not share personal information with anyone
Most often, it is not the banks, payment systems or online stores that are to blame for the theft of funds from the account, but the gullible users themselves.
Scammers know a lot of tricks to ingratiate themselves with you. And your task is not to fall for these tricks. Never tell outsiders your card details, personal data and SMS codes.
Do not tell anyone your PIN code and the card's authentication code (CVV2/CVC2/PPK2) are the last three digits on its reverse side. Even bank employees have no right to demand this data from you. If anyone tries to find them out, be sure — it's a fraudster.
The same rules should be followed when using an Internet wallet: never tell anyone the username and password of your account.
7. Connect SMS notifications about card transactions
In this case, you will immediately learn about the payment, which you did not make, and will be able to react quickly: block the card and protest the operation.
What should I do if the money was stolen after all?
The same should be done if you have lost your card or even just suspect that its data has become known to outsiders.
If the bank proves that you have violated the rules of using the card, then you will not be able to return the money. For example, when you yourself told someone the details of your card, the verification number on its reverse side or the PIN code.
But this law will not help in case of problems with an electronic wallet, depersonalized prepaid cards and other non-personalized means of payment.
Most often, fraudulent transactions with bank cards occur on the Internet. And every year people's financial losses are growing. For example, in 2020, fraudsters stole 1.5 times more money from cards than in 2019.
The risk arises during purchases on websites and in applications, the use of electronic wallets, mobile and Internet banking.
The main weapon of cybercriminals is phishing. In other words, fishing out confidential data: passwords, card or account details to steal money from a card or from an online wallet.
Thieves play on psychology: they send SMS, emails and chat messages with a request, for example, to "confirm the account" or "restore access to the bank account."
The messages contain a link to a special phishing site — a double site of a bank, government agency or other organization. If you did not notice the substitution, then after entering your login, Internet banking password or card details, you will immediately transfer money to fraudsters.
How to protect yourself from phishing and other types of cyber fraud?
1. Use only personal devices
Make purchases, log in to your online banking or mobile banking only from your personal computer, tablet and smartphone. Be sure to put a password on them.
2. Protect yourself from viruses
Be sure to install an antivirus on all your devices, including mobile ones, and update them regularly. A good antivirus package always includes protection against phishing and virus programs.
3. Choose safe sites
- Never follow links from emails and SMS from unknown senders. Even if the message came from a person or organization you know, do not rush to open them. It is possible that scammers have access to their accounts and they want to get access to your data as well.
- Type the bank's Internet address manually, or even better - save the addresses of your banks, government agencies and other organizations in bookmarks.
- Always check the browser address bar. Sometimes you can get to a phishing site when you switch from one page of a portal you know to another.
- Make purchases only on sites that provide a secure connection. The address of such a resource begins with https://. There is an icon in the form of a closed lock in the address bar.
- Even better — check the site's security certificate. To do this, click on the lock icon and select "View certificates" in the window that opens. Make sure that the certificate is issued to the site you are on, and its validity period has not expired yet.
- Choose well-known online stores and services. Study reviews about them from other users. It is best to look at reviews on several independent sites. A conscientious seller always gives full information about himself: phone number, address and other contact details.
4. Use a secure payment system
When you go to the payment page, look for the logos of MasterCard SecureCode, Visa Secure and Mir Accept programs. These programs, using 3D-Secure technology, additionally protect you while shopping online.
If the online store supports this technology, after entering the card details, it will redirect you to the bank's secure Internet page. To confirm the purchase, the bank will send an SMS with a one-time password to the mobile phone number linked to the card or account. Do not tell anyone this code — just enter it in a special field on the payment page.
5. Get a separate card for online purchases
If you often make purchases or pay for services on the Internet, such as telephone communication or fines, it is safer to use a separate card for this. Deposit only the amount you are going to spend on it, and set a limit on the number of operations per day. Some banks allow you to create virtual cards that are valid only for one online purchase.
6. Do not share personal information with anyone
Most often, it is not the banks, payment systems or online stores that are to blame for the theft of funds from the account, but the gullible users themselves.
Scammers know a lot of tricks to ingratiate themselves with you. And your task is not to fall for these tricks. Never tell outsiders your card details, personal data and SMS codes.
Do not tell anyone your PIN code and the card's authentication code (CVV2/CVC2/PPK2) are the last three digits on its reverse side. Even bank employees have no right to demand this data from you. If anyone tries to find them out, be sure — it's a fraudster.
The same rules should be followed when using an Internet wallet: never tell anyone the username and password of your account.
7. Connect SMS notifications about card transactions
In this case, you will immediately learn about the payment, which you did not make, and will be able to react quickly: block the card and protest the operation.
What should I do if the money was stolen after all?
- Block the card
The same should be done if you have lost your card or even just suspect that its data has become known to outsiders.
- Protest the operation
If the bank proves that you have violated the rules of using the card, then you will not be able to return the money. For example, when you yourself told someone the details of your card, the verification number on its reverse side or the PIN code.
But this law will not help in case of problems with an electronic wallet, depersonalized prepaid cards and other non-personalized means of payment.
- Contact the police