Online E-Banking/E-Commerce

In Brief

Now you can shop and bank from the comfort of your home, with no need to queue at tills and counters. E-commerce and online banking are making life much simpler. If comfort and security are what you are looking for, you need to look no further: let NC3 show you how! Nowadays, secure e-commerce is available to everyone thanks to simple guidelines, fact sheets, ‘step by step’ procedures and comprehensive case files offered by NC3. To assess your knowledge at the start or end of your training session, all you need to do is take the BEE PASS+ (https://beepassplus.bee-secure.lu/) quiz on online banking/e-commerce.

The ‘golden rules’ of IT Security

To keep yourself safe online, make sure you follow the ‘golden rules’ as follows:

Password: lock the safe

Passwords are the keys that grant direct access to your information and your online accounts. But it is very tempting to choose a password that means something to us and is easy to remember, such as the name of one of our children or our date of birth: in other words, a password that can easily be discovered by someone with bad intentions. The challenge, therefore, lies in creating a password that you are not likely to forget, but which cannot be easily guessed by others.

• Make sure you choose and use your password wisely

Multi-factor authentication

Many online services now offer multi-factor authentication. In addition to use a password to log in, you will also need to add a code sent to you by SMS from the service in question. Nowadays, using a password as the sole means of authentication is often not enough.

This authentication is based both on something we know (the password) and something we own (GSM).

LuxTrust authentication

Given the wide-scale spread of viruses and certain Trojans specifically designed to steal passwords, stronger methods of authentication are strongly recommended wherever possible. For online services in Luxembourg, the use of LuxTrust authentication products is strongly advised.

Logging in with a LuxTrust tool involves entering a password (something you know) and combining it with something you own (a LuxTrust tool, for example). A LuxTrust tool cannot be copied, but in the event of loss or theft, your LuxTrust distributor can easily supply you with a replacement.

Antivirus: vaccinate your computer

Just like you, your computer needs to be vaccinated to remain in good health and guard against viruses and worms. Having an antivirus installed and updated regularly is a must in terms of Internet security. However, do not forget that antiviruses do not offer full protection; it works like a seatbelt, offering essential protection, but its effectiveness will depend on how you use it.

• Antivirus

Firewall and other security software: additional barriers

Other security tools can also provide effective protection. For example, a pre-configured firewall that comes with your antivirus program or anti-spyware software may be used. You must nevertheless bear in mind that while each security program offers a layer of protection, none of them provides full and total coverage against threats.

• Firewall and network segmentation
• Spyware
• Useful: Sandboxie

Security patches: plugging the breaches

Your software contains a large number of security flaws. They are corrected over time, and new versions of your software are published regularly. To protect your computer against online threats, it is not only important to update your operating system, but you also need to update your other software and, in particular, your browser.

• Useful: Secunia PSI (for non-professional use only)
• Patches

Rules Specific to Online Banking/E-commerce Security

Before logging in to online services, it is very important to read about and apply good habits:

Emails: beware of appearances

One of the best-known scams involves a criminal sending an email that fools you into thinking it was sent by a trustworthy online company. Using social engineering, this email asks you to enter personal information (passwords, bank card numbers, etc.) or invites you to click on a link that takes you to a page designed to look like an official website. The aim is to be able to access your accounts and use them at your expense to commit criminal acts. In this case, your best protection is to learn to recognise these fraudulent emails.

• Phishing
• Protect yourself against social engineering
• Emails

Apply good practices relating to both emails and malicious software.

Encrypted web: spot the signs

When you perform an online payment or banking transaction, you should always check to make sure the website address begins with ‘https’. This guarantees that nobody will be able to intercept your communication or any authentication passwords you enter.

• HTTPS

Web site reputations

Check the reputation of a website before visiting it or purchasing any products or services from it. Phishing attempts, spam or suspicious adverts try to lure Internet users to scam websites or websites that try to infect their visitors’ computers with malicious software. You can use https://www.webutation.net and web of trust (see our article on WOT) to check the reputation of a website by entering its URL. CIRCL has published an abusive URL service to check if a malicious website might be hiding behind a URL.

Suspicious log-in: let your bank know immediately

If, during your online banking/e-commerce session, you notice a security risk or anomaly, let your bank know about it right away. Examples of possible anomalies:

• an interrupted session,
• a longer session than usual and one in which a download bar appears, for example.

If you notice something unusual and suspect you might have a security problem with your session, you can lock your online banking account yourself if your bank offers this service. Depending on your bank, go to the ‘Security’ or ‘Options’ tab and follow the steps. To find out more about keeping yourself safe online, we recommend you read through our full dossier on good habits to adopt.