Online transaction security: Tips for staying safe

By Alex Kidman on 09 June 2009

Quick access

The online economy is massive, with billions of dollars changing hands every single day. Online shopping has brought consumers lower prices, incredibly diverse choice and an ease of buying that simply can't be matched in the physical world.

At the same time, however, it's not without its perils. Any time that much money is changing hands on a regular basis, there will be sharks circling trying to snap off a chunk of cash. Consultants QPR recently released a report into credit card fraud in which they estimated the cost of fraud where credit cards weren't present in Australia (which logically includes all internet-based transactions) was a problem worth $71,578,908 in 2008, a rise of 33 per cent over the previous year. Or, in other words, ouch.

So, online buying presents challenges to keeping your money safe, but if you're smart, they're challenges that aren't too hard to overcome.

Online banking

Banks love online banking; it's cheaper for them to deliver than over-the-counter services, and the convenience of being able to check your balances, transfer funds and pay bills online make it a real winner for consumers as well. The Commonwealth bank, for example, is reported to have at least 2.6 million active online banking customers, with a take-up rate of 60,000 more each month.

In order to access your online banking, you typically need your account number and a password. Needless to say, it's a very bad idea indeed to write your password down somewhere that somebody might find it. That doesn't have to be the end of your banking security, however.

To access your account, you'll typically need an account or client number and a password (Credit: Commonwealth Bank of Australia)

Some banks extend their security with additional measures, which range from floating on-screen keyboards (which stop automatic attacks that rely on the position of the entry field being absolute) to the ability to have a secondary code automatically generated, either via a security dongle the bank supplies, or even by having the code sent via SMS to your mobile phone.

Picking a secure password

There's a balance between picking a multi-character, multi-case password with many numbers in it that's as secure as possible and utility. Too long, and you'll never remember it and lock your own money away from you. Too short and it's too easy for hackers to crack. Never choose a dictionary word or a password made up from your personal details (like street or pet names), as it's trivial to run a check against those from any PC. This doesn't mean you can't use some personal information to generate a memorable password that's still sufficiently tough to crack. Just don't use it in an easily identifiable way. Instead of using your last name, use a single letter from it, along with a large amount of other personal information, as an acronym.

Imagine your name was John Smith, and at one time you lived at 123 Evergreen Terrace (but you don't any more), you were born in 1972 and you have a cat called Fluffy.

The basic acronym from that could be JS123ET1972F. Not bad, but with a bit of mixing of order and cases, and you can get Js123eT1972F, which is better, and not exactly obvious to anyone — but you.

Many browsers — and the add-on portion of security suites such as Norton's 360 — offer the ability to store long complex passwords away in a password protected area, so that you don't have to remember too many long incomprehensible strings.

You can take the software approach and generate passwords that way, although we'd then advise you to use a program to store those passwords safely, as they can be near impossible to remember!

Two-factor authentication

Just knowing a password for a service (along with perhaps a name or account number) is what's referred to as single factor authentication — because you know something used to secure that bit of information. A more secure approach is two-factor authentication — either knowing two bits of information, which is weaker security (but better than single factor), or having access to another security measure, whether it's an SMSed password, token generator or biometric authentication measure. That way, a payment gateway authenticates something you have and something you know, lessening the risk if only one of those bits of information gets into the hands of financial hackers.

Tokens that randomly generate an access code add a secondary layer of security to your online banking and shopping experiences (Credit: VeriSign)

Topics: online security, transactions, online banking, security, password, bank, online, browse, paypal, detail

Related Articles

Comments (6)

  • MSERYNABULA commented on 02/09/2009 15:31 Report abuse

    Picking a password is difficult. Pick something you will remember, or pick something that not even you’re the government hackers could crack. Hmm. Finding the right balance is important. Yes you can use different characters, cases, and numbers, but in the end you could lock your money away, or let that rival steal your shoes in an auction.
    The article was really good by the way. very well written.
    Sorry to just-got-scammed. hope your recovering. the worst feeling of getting scammed is seeing all your hard wok go. My friend had a boost rewards card in his wallet and as you know, you have to get 9 boosts to get your free one. He had 8. You all sound like good savers so you know what i mean wen i say thats crazy because boosts are expensive. Moving on, his wallet got stolen and you know what he was pissed about? The boost card. Because it was hard work. So beleive me when i say...PROTECT YOUR MONEY!!!

  • just-got-scammed commented on 17/06/2009 16:44 Report abuse

    well, cheers for the article.

    but last week, i just got atm-scammed and im with CBA.

    it seems one of the atm's i visisted in sydney cbd had a card reader and a camera attached to it. There you go, it made a duplicate of my card and the camera caught my pin.

    2 days later, There were transactions from my savings account in UK and greece.

    well, CBA have launched an investigation into this, and i can only hope to get my money back.

    so advice to all there, when typing your pin on an atm, please use your other hand to cover the numbers.

    always better to be safe than sorry.

  • hey-girl commented on 16/06/2009 10:45 Report abuse

    LastPass is great- available for Firefox and IE

  • Alex Kidman commented on 10/06/2009 19:47 Report abuse

    The acronym doesn't have to be hugely complex -- the example given was just that, an example -- but most people wouldn't have too much trouble remembering a few key details (like addresses, pets, etc) and making an acronym of those. The danger with a simple phrase is that if you used a common mnemonic, it's probably in a dictionary or word list somewhere -- and thus insecure.

    As always, it's that balance between what you're comfortable remembering and choosing something that's actually secure.

  • Dave commented on 10/06/2009 16:00 Report abuse

    Hey, great post, very well written. As mentioned, one needs to be careful with passwords. Never have the same passwords for different accounts. I feel alphanumeric and random passwords work better. Since I find it difficult to remember them, I use this free toolbar called Billeo( http://www.billeo.com/features.jsp ). There are many password managers out there, take your pick. It saves you the hassle of writing down your passwords on post-its, notepads etc.

  • BadAdvice commented on 10/06/2009 15:04 Report abuse

    Picking a huge password based on a complex acronym is bad advice - the end result is that people will either mis-type, forget, write it down or change too infrequently.

    It's far better to pick a simple phrase, e.g. "cnetisblahblahblah"

Post your own comment

You must read and type the 6 chars within 0..9 and A..F

You must read and type the 6 chars within 0..9 & A..F

Submit

Enter your personal information to the left, or sign in with your Facebook account by clicking the button below.

Connect

The Explain Series

Must read