9 Jun - 6 min read
Over the past few years or so, online
shopping has gotten a lot more convenient and inexpensive (free shipping
anyone?) that it is getting harder and harder to justify bother visiting brick
and mortar outlets and be awkwardly followed around by their attentive staff.
There is no stopping this train as more and
more Malaysians jump on the online shopping bandwagon, with local online retailers such as
Zalora, popular auction website Lelong.my, and even DIY handicraft retailers on Etsy Malaysia sprouting overnight and populating the marketplace — the Internet really is the most revolutionary marketing tool ever since,
well, the invention of the printing press.
But let’s cut back to the consumer’s side
of things —
how can you ensure that your credit card or debit card details are
kept safe online? Can we trust that our transactions are not being watched by
other people? Because as you know, the Internet is also fertile ground for
scammers, hackers, and the less malicious but no less amusing
When making a payment at the online
checkout counter, you will be prompted to enter your credit card or debit card
details. More specifically, they will need your full name, credit card number,
card expiry date, verification code (the 3 numbers on the back of your card),
and a billing and/or shipping address — these are fairly standard. In addition,
your e-commerce transactions are also protected by Verified by Visa and
MasterCard Securecode, collectively known as 3D Secure. What are these things?
Let us introduce to you two-step authentication.
Two-step authentication, also known as 2
factor authentication is the added process after filling in your card details.
A one-time password will be sent directly to your mobile phone via SMS which
you will need to enter when asked. Below is a step-by-step example of an online purchase
using a CIMB credit card with 3D Secure enabled, called CIMB Secure ePay:
How does this makes thing safer? Simple —
Only you and the bank will know the password, it is not stored anywhere else, only
used once, and never recycled. It is important that the mobile number that you
have registered with the bank is still in use, otherwise, you will need to go
to an ATM machine or bank branch to update your particulars. Other banks such
as Maybank also have a similar system called MSOS, or Maybank Secure Online Shopping.
This is also probably a good time to introduce you to
Hypertext Transfer Protocol Secure, or HTTPS. You probably see it everyday in your browser address bar, but what does it do? Without getting too technical, it is a widely deployed way for computers and servers to communicate safely. It plays a big part in keeping your information safe during e-commerce transactions, so make sure that you see these initials when making any transactions online.
If you have ever made a purchase on eBay,
then you would have definitely used PayPal. For those of you who have never bid
or bought anything on eBay, Paypal is a popular service that allows you to pay
online using cash stored in your PayPal account, or cash in your linked bank
account or credit card.
service will definitely limit direct access for merchants to your credit card
or bank account, while giving you the same if not more benefits such as:
$29.95, or RM97, you will be able to purchase the PayPal Security Key.
It is a card that displays random security codes for your account every 30
seconds. You can also have these codes sent to your
your credit card linked PayPal account gets hacked, your liability will be
limited to $50, which translates to RM160 if you report within 2 business days.
The same cannot be said for an account linked to your bank account, as a
perpetrator can siphon money out directly from your bank account!
Other popular alternatives to PayPal include – Google Wallet, Skrill, and Paymate.
Never ever, ever respond to bank emails,
SMSes, browser pop-ups, and even telemarketers calling to request that you give
them your credit/debit card details to “update” your records, or for
any other reason whatsoever — they simply have no business in knowing these
things, and sharing sensitive information such as passwords through email
shouldn’t be in a bank’s best practices handbook. These are simply scammers and
crooks who are out for your hard earned money. Here is an example of a common
From the image on the left, what are the tell-tale signs of a fake and fraudulent email? Easy, the mere fact that they are
asking you for your credit card information or online banking credentials!
Local banks have been
actively doing their part to warn their customers of
these threats. In extension, it is very important that you do not keep
sensitive information such as passwords on your computer if you can help it. End
It is never a good feeling to look at your
account balance or monthly credit card statement and not remember that you’ve
made some of the transactions printed in black and white — perhaps because it
Something you should periodically do is to check on your monthly
statements for any suspicious activity, and it is important to know where
you’ve used your card and at what amounts.
Always keep your receipts and cross check
with your online statements using online banking. I myself have been a victim
of credit card fraud — someone decided that it was a good idea to buy RM150
worth of concert tickets using my credit card.
Thankfully, I regularly check my
account statements and have noticed the transaction. After a month
of calling and emailing to the bank, the full amount was credited back into my
If you have the time, do read the retailer’s
and uses your personal data. We may never be 100% safe from credit card fraud or
identity theft, but we can help to make ourselves less vulnerable by carefully
picking out the more legitimate e-commerce websites, with favourable reviews.
Try not to finalise transactions when using a public
and easily accessible Wi-Fi connection such as at a Starbucks, and
always make sure your computer’s anti-virus is up-to-date and running in the
background — you never know who’s snooping around.