Keeping Your Payment Details Safe Online
January 06, 2015 11:55
I have been trading online since 2005 with Billiards Boutique and on numerous occasions we have been on the receiving end of Internet fraud, most of the time we are vigilant enough to mean that no losses occur, but there have been times where we have been caught by a charge back, and in the majority of cases right here in the UK.
Well, last night for the first time ever I was a victim from the other point of view. My personal PayPal account was hacked and over $2000 worth of goods were attempted to be purchased from the Far East. We managed to catch it quickly and it was resolved in about an hour – but still an hour I didn’t want to spend. This got me thinking about ways we can better educate our own customers and also explain in detail what actually happened.
What Actually Happened?
I received an email telling me that my PayPal account email address had been changed, I actually ignored this as I genuinely thought it was one of those ‘phishing’ type emails where you are enticed to click on a link and then you enter details that the fraudsters can get access to.
This was followed up by further emails telling me about purchases made on a website called Gmarket that is based in Korea. These purchases were in quick succession and totaled over $2000 in value. Rather than click on any information contained in the emails I quickly attempted to login to my PayPal account. This was when I realised something wasn’t quite right.
I could not access my account, the hacker/fraudster had changed the email address and password on the account along with the primary address. Remember this happened in the space of a few hours. This meant I could not get into the account at all and we had to contact PayPal.
At this point I will say that luckily for us we rarely use this account, there were no funds in the account and it is linked with our bank account. This actually went in our favour as there is a delay in bank funded transactions meaning we were able to severe the direct debit between PayPal and the Bank Account – on PayPal’s advice I must add.
It took a while for PayPal to trust that I was the original account holder after spending over 10 minutes on security questions, but I have to say they were fantastic. Gave us excellent advice, told us to sever the DD mandate and they instantly blocked the account and reset it back to our own email address and a new password. Headache and panic over.
The first lesson is to read each email carefully, even if you think the content might be dodgy, read it but don’t click anything from within it just in case (one of the best ways to find out if an email is dodgy is to hover your mouse over any link – this will give you the landing page of the link – don’t like it, don’t click!) Visit your PayPal account from your browser on a computer directly and then try and login.
The second major lesson and I would say that this goes for far too many people across the world. The password on the account had not been changed ever, and yes I had used the same password elsewhere. Make your passwords much more secure by using combinations of capitals, numbers, lower case and special characters where you can, also the longer the better.
If you catch these things quickly then the banks and payment providers are on your side and will act quickly to help you resolve it.
Tips on How to Keep Your Payment Details Safe Online
- Do not use the same password on every website you visit
- Change the password regularly
- Make sure you are using difficult to break passwords that contain a mixture of upper and lower case, numbers and special characters
- Do not store passwords on a phone/tablet or computer
- Purchase from reputable websites
- Look for a secure Internet connection, usually shown by a padlock in your browser or by the web address starting with https://
- Do not email credit/debit card details – this is not secure
- Do not provide credit/debit card details via live chat, this is not secure
- Regularly check bank account statements and PayPal accounts for signs of unauthorised activity
- Just be really vigilant
It is wise to take all precautions that you can with online transactions even if it seems like hard work or you can’t be bothered – I was the same of course – but in 2015 I will be changing my habits in order to make my own accounts more secure.
At Billiards Boutique we take fraud very seriously and during the Christmas period have managed to stop around 15 fraudulent transactions from happening. We do not store any card data and are fully PCI compliant.
Sometimes we will refuse a payment if certain elements of the data do not match, we receive two codes from our payment provider that help us make these decisions. Please do not be offended if this happens to you as it means that we are being vigilant. In some cases we will ask for further information or a proof of address, again, please do not be offended it is to protect card holders as much as ourselves.
Now go and change that password!