Online Shopping Security System

Even if the misappropriated amounts are lower, the number of payment cards used fraudulently jumped 40% in 2 years, mainly on the Internet. Our experts examine 8 received ideas to help you acquire the right reflexes.

Piracies are due to a lack of security of commercial sites:

True, partly

“The risk of having your card number, expiration date, and cryptogram stolen can come from hacking the client database of a site or application where it is stored, or from your computer or smartphone where spyware has been installed without your knowledge to record this data and communicate it to a fraudster, ” says Frédérique Richert, digital marketing director at Gemalto, the French specialist in digital security. The risk of phishing or phishing is also significant. Unprotected, your credentials, even your credit card numbers, are found on the Internet.

“The data of a French card is worth around 15 euros,” says Colonel Cyril Piat, Center for combating digital crimes (C3N) of the National Gendarmerie.

Nothing prevents the fraudulent use of a card until it is opposed


In France, the security rules established by e-merchants and banks limit fraudulent transactions. Some sites identify the use of stolen cards by detecting inconsistencies between the transaction and the purchase history, connection locations, and so on. If they have signed up for 3D Secure – a solution by which the bank authenticates the payer as the holder of the card by sending a code by SMS or a mobile notification to validate the transaction – it can also be blocked. Still, to go under the radars of 3D Secure, hackers now multiply purchases of modest amounts that do not trigger the system.

Better to buy from the giants of
e-commerce than on small sites

Rather true

Nearly 80 percent of companies have been targeted by at least one cyber-attack in 2017, according to a June Interior Ministry report. No site is immune, even if the giants devote more resources to their cybersecurity. This explains the success of their “marketplaces”: Amazon, Cdiscount or Rueducommerce … welcome small merchants’ items and allow their customers to pay online more serenely.

Be alert to an unknown site, especially those at attractive prices, promoted by classified ads or social networks. At best, the products will be counterfeit or never delivered. At worst, the site is only intended to collect your card numbers

Virtual credit cards are safer:


Paid service offered by banks, these blue e-cards can generate a valid card number for a single purchase. Since the numbers can not be reused, there is no risk of hindsight ex post facto.

“But this solution does not offer a satisfactory experience , ” says Frédérique Richert. Non-memorable, these single-use cards do not allow purchases in one click – much to the chagrin of the merchant sites – any more than purchases of tickets for shows or transport tickets withdrawable on presentation of the card used, or those of automatic monthly payment subscriptions (VOD, mobile plan, etc.). Most banks do not offer them anymore. As an alternative, “individuals can opt for a dynamic cryptogram bank card, whose three-digit code on the back changes regularly on a small screen,” says Frédérique Richert.

It’s more risky to buy on a tablet or mobile than on a computer:


“Android and iOS, the operating systems of smartphones and tablets, are newer than those of computers and therefore better secured,” says Frédérique Richert. But the attacks that target them are more and more frequent and evolved. Merchants, like banks, must make sure to secure their mobile apps. ” The safety devices also depends on the user, the base is to lock their device (code, fingerprints, etc.) and use a virus by downloading the free versions of Avast, Avira, AVG and Kaspersky … Essential precautions if you use Apple Pay, Samsung Pay, Paypal or Paylib payment solutions.

Phishing is undetectable:


Undergoing the first hacking generally leads to being more vigilant against internet traps, especially phishing. It consists for fraudsters, after copying the visual identity of an institution, to send you an alert message or a tempting promise to extract your login login to a site or your banking data. An email from your bank informs you of the blocking of your card, taxes or the CAF inform you of a too perceived in your favor? Mistrust !

“Phishing can also be done by SMS or phone call, notes Colonel Cyril Piat. Do not communicate anything on requestand, in case of doubt, contact the establishment directly from the contact details on your invoices. “

You must never register your credit card on a site:

Rather true

Invented by Amazon, one-click payment removes the constraint of entering card numbers for each purchase since you have agreed to them being registered. Very practical, this solution calls for more vigilance. Your accounts must be secured by a complex password and your computer and smartphone protected from attack. Note: since the entry into force of the European regulation on the protection of personal data (RGPD) last May, in case of data theft, companies are now forced to report attacks to their customers and authorities.

“When there is a fraud, the responsibility lies with the e-merchant, so he must make every effort to protect users, first, because he does not want to support a large amount of fraud, then, because he would see his reputation suffer, notes Frédérique Richert. This situation will change thanks to the European Payment Services Directive (PSD2) which will require banks to ensure that the risk is minimal and to authenticate cardholders when they deem it necessary. “

Go through Paypal or Paylib, it’s safer:


Electronic wallets, like the American Paypal or the French Paylib, add a layer of security during payments. These solutions include a payer’s authentication by a code and avoid the storage of the data of the credit card associated with him in e-merchants. Only point of vigilance to respect, the couple email and password chosen should not be already used on other sites or to connect to social networks. A fraudster obtaining the combination after a data theft could otherwise access your electronic wallet, as happened in the past to Paypal users.

Good habits to limit risks:

1. Keep your antivirus up to date on your computer, use a firewall

2. Lock your mobile with a code, its fingerprints or facial recognition.

3. Regularly clean your devices with free software downloads: CCleaner, Glary Utilities, Malwarebytes.

4. Never communicate your personal and banking data by clicking on a link received by e-mail or SMS (bank, taxes, CAF, employment center …).

5. Do not register favorites of his favorite e-commerce sites or that of his bank to leave no clue on his habits.

6. Choose passwords with a minimum of 8 characters, including one uppercase, one lowercase, one number, and one special character.