Risks of Online Shopping Increase Mainly Before Christmas

Contact: Diana Karaffová
Deloitte Slovakia
Clients & Marktes Senior Coordinator
+421 2 582 49 187

Bratislava, 27 November 2008 – A recent Christmas survey prepared by Deloitte shows that as many as 21% of Internet users in Slovakia will do some of their Christmas shopping online this year, while 28% will use the Internet only to compare prices, and 24% only to compare products.

According to the survey, convenience, avoiding crowded stores, and being able to view a larger range of products are the main reasons Slovaks will choose to do their shopping online this Christmas season.

The survey’s respondents also said they will shop online because it saves time and because they appreciate the practical aspect of having their goods delivered directly to their homes.

"We have noted that Slovak consumers are more and more confident that online shopping is safe and secure. However, staying one step ahead of fraudulent activity requires vigilance by both consumers and retailers. Therefore, we offer tips for safe online shopping."

— Marián Hudák,
Partner, Enterprise Risk Services, Deloitte Slovakia

Consumers should:

1. Practise safe online shopping

Register your credit card for added protection from fraudulent purchases. Many major credit card companies now offer advanced purchase protection processes, such as MasterCard’s SecureCode and Verified by Visa, for all online transactions when using their cards. This added layer of protection requires the cardholder to enter a pre-registered personal identification number (PIN) only the customers would know, at time of purchase. This PIN number should never be shared with anyone.
Avoid using public Internet cafes to conduct online transactions. Kiosk workstations may contain malicious code, such as keystroke loggers, to capture your username and password, and other sensitive personal information.
Access wireless access points with strong security and built-in controls such as Wi-Fi Protected Access (WPA). These controls ensure that sensitive data, including passwords, are encrypted on the wireless network you are surfing.
Look for "seal of approval" icons, and read the company’s privacy policy. Seals of approval provided by different authorities, such as Verisign™ and WebTrust™, serve to verify that the web site adheres to their stated privacy and/or security policies. If you have any questions or concerns about its validity, consider contacting the retailer directly by phone to clarify that the site is adequately protected.
If you suspect that your identity has been compromised, notify your financial institution.

2. Practise good house-keeping

Update the latest operating system patches, firewall, anti-virus and anti-spyware software on your computer regularly and check that they are running. Set your computer to automatically scan for and detect any malicious programs (Trojan horses, spyware) planted by hackers wanting you to disclose sensitive information or to misdirect you to a fraudulent web site.
Verify that your browser has the latest security upgrades (also known as patches) and that it supports 128-bit encryption. This high encryption level helps to prevent sensitive data from being accessed by unauthorized people while transacting online. Consider upgrading the web browser to the latest version, as it provides a better security level and tools.
Avoid opting for the "remember password and username" option. Despite its convenience, your information will be stored for any and all future users to access. On a public computer, avoid this option altogether.

3. Don’t fall prey to online fraud activities

Disregard emails requesting that you log in to a shopping/financial web site, in order to update account information. Never click on web site addresses sent via email. Unscrupulous individuals who attempt to steal your personal data often use this technique, known as "phishing," to lure customers to bogus, look-alike web sites designed specifically to collect as much of your personal information as possible.
Never send your financial information, including credit card, chequing account or social insurance numbers, via email. If you initiate a transaction and want to provide your financial information through an organization's web site, look for indicators that the site is secure, such as a lock icon on the browser's status bar or a URL for a web site that begins with "https:" (the "s" stands for secure). Fraud is ever-more sophisticated, so vigilance here is key.

Retailers should:

Participate in Verified by Visa and MasterCard’s Secure Code. By making this service available to consumers, merchants can protect themselves against ID related chargebacks.
Request the three digit security code (on the back of the credit card) from consumers making online purchases and validate it as part of their authorization. For Visa it is called Card Verification Value or CVV2, and for MasterCard it is called Card Verification Code or CVC2. American Express refers to this process as CID.
Adhere to the payment card industry data security standards (PCI DSS) and other application security standards. Assess your payments systems regularly against the PCI DSS. Adherence on your part will protect both you and your customers from breaches and losses of confidential information.
Provide assurance around the privacy of customer information. Post your privacy policy on your web site and communicate to your internal workforce the importance of adhering to the privacy policy.
Ensure that all card information is transmitted using SSL (secure socket layer). A higher level of encryption (128-bit) that safeguards the confidentiality of sensitive data transmitted over the web.
Leverage and adhere to Internet Seals of Approval. Leveraging seals, such as Verisign™ and WebTrust™, can enhance consumers' confidence in your web site.
Do not use email as a basis for driving traffic to your web site. Use other means to attract traffic (such as search engine advertising or other forms of advertising/branding), as consumers may not discern between legitimate and phishing email until it’s too late.
Never send ‘unmasked’ credit card information in email messages to your customers. Emails containing confidential information can be intercepted and exposed if left unmasked.
Encourage customers to check your web site for status updates. A good practice is to always drive customers back to your web site for status updates or confirmations. Do not send links to your web site by email – rather, advise customers to re-type your domain name directly into the address bar. This will ensure that they are visiting your legitimate web site.
Test the vulnerability and exposure of your web site. Regularly verify and quickly correct vulnerabilities as a service to yourself and your customers.
Practise due diligence with regards to payment card addresses. Validate cardholder information for all transactions (i.e. do the area codes for phone number and billing address match?)
In the event of a breach or loss of customer data, be forthcoming and communicate quickly with your customers, banks and service providers.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/sk/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's 165,000 professionals are committed to becoming the standard of excellence.

Deloitte Central Europe is a regional organization of entities organized under the umbrella of Deloitte Central Europe Holdings Limited, the member firm in Central Europe of Deloitte Touche Tohmatsu. Services are provided by the subsidiaries and affiliates of Deloitte Central Europe Holdings Limited, which are separate and independent legal entities.

In Slovakia, the services are provided by Deloitte Audit s.r.o., Deloitte Tax k.s. and Deloitte Advisory s.r.o. (jointly referred to as “Deloitte Slovakia”) which are affiliates of Deloitte Central Europe Holdings Limited. Deloitte Slovakia is one of the leading professional services organizations in the country providing audit, tax, consulting, risk services and financial advisory services through over 250 national and specialized expatriate professionals.