Subscribe

E-payments users still lack security savvy

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 06 Oct 2015
As a rule, users should also never click on a URL/hyperlink embedded inside an e-mail, says Gelmato's Xavier Larduinat.
As a rule, users should also never click on a URL/hyperlink embedded inside an e-mail, says Gelmato's Xavier Larduinat.

Online users still lack knowledge on basic security rules when making online payments.

This is according to a Kaspersky Lab test conducted online of over 18 000 users from 16 countries across the globe.

The test revealed that many users do not know (or know, but do not follow) basic security rules when making online payments or using online banking systems, says Kaspersky Lab.

The aim was to learn what their online habits were, whether they could make the right decisions about their cyber security. Also whether they could recognise a threat when they encountered one, says Kaspersky Lab.

The respondents scored an average of 95 points out of a possible 150 - meaning they only chose the safe options in half of the hypothetical situations. In the remaining situations they exposed themselves to the risk of unpleasant consequences such as a confidential information leak.

Only half of users check if a Web site is authentic before entering their financial details, while almost a third consider it completely unnecessary to take any measures to protect their money online, says Kaspersky Lab.

"These figures reinforce what has long been observed that many users still are not only endangering themselves and their money but also the banking and payment system businesses they use, says Ross Hogan, global head of the fraud prevention division at Kaspersky Lab.

He points out dealing with incidents, even if they are caused by inexperienced users, can consume considerable resources and have a negative impact on a company's reputation.

User confidence in companies doing everything possible to protect them from online fraud imposes a great deal of responsibility, says Hogan, adding this means the use of specialised security against online theft is becoming a necessity.

David Emm, principal security researcher at Kaspersky Lab, urges users to evolve with technology and improve their cyber savviness.

"Today everything has a digital format - our personal life, intellectual property and money - all this requires that we adopt the same kind of responsibility as in real life."

Users often assume they're following security rules and don't pay appropriate attention - not suspecting they're being targeted by fraudsters, says Xavier Larduinat, marketing manager for banking solutions at Gemalto.

Security on a banking site should always be visible, and banks should educate their end users as to best practices when banking or paying online, he adds.

Also, end users should also take the time to learn how to distinguish security features as this is in their best interest, says Larduinat.

When doing online payments or online banking, users should always check to make sure the URL is an https type (i.e. provides point-to-point security with a SSL socket), he adds.

Some Web browsers provide consumers with security assistance by highlighting the URL bar in red or green based on known malicious domain names, notes Larduinat.

Users should always verify that the domain name in the URL window sounds familiar and, in case of any doubt, should not proceed with the browser session.

"As a rule, users should also never click on a URL/hyperlink embedded inside an e-mail, but rather go back and log on to their online banking account to perform any online banking transaction."

Also, they must treat e-mails asking them to verify banking details with caution - most banks will not ask their customers to provide details by clicking on an e-mail link, says Larduinat.

In SA, there are too many banks still using one factor authentication, such as a static login and password which, once stolen, can easily be used by fraudsters to access one's bank account and transfer money, notes Larduinat.

Implementing two-factor authentication is the way forward as this ensures both fast and easy access to online services, and robust security to combat the threat of phishing attacks, he adds.

On the end-users' side, it is equally important to keep browsers and security firewalls updated, concludes Larduinat.

Share