Shopping or banking online? Here’s how to stay safe

Ever since I started watching Mr Robot, I’ve become rather paranoid about cybersecurity. Even though I very much doubt that my collection of fluffy kitten photos and tasteful gym selfies would be of interest to the average cyber-felon, my banking credentials, credit card information, and loyalty program balances certainly are. 

So it’s never a bad idea to take some basic precautions when banking, shopping, or transacting with your loyalty program online. While there’s nothing as fulfilling as same-day delivery, there’s nothing as annoying as finding out your credit card’s been compromised (“Wait…you mean to tell me there are bad people on the interweb?”).

In this post, I’ll talk about some simple things you can do to stay safe online. 

Subscribe to transaction alerts

The easiest way to keep tabs on all the activity on your credit or debit card is to subscribe to transaction alerts. That way, you’ll know immediately if an unauthorized transaction has taken place. 

For Standard Chartered customers, subscribing to card transaction alerts is a quick and one-time affair. Login to internet banking, hover the mouse over your name in the top right hand corner, and select “Alerts & SMS Banking”.

You’ll be redirected to the mobile services portal. Here’s where you’ll register for SMS Banking (if you’ve not already done so), and set up SMS & email alerts. 

To set up a transaction alert for your credit card, click “Alert Settings”, select “Credit Card” and then “View Alerts”. 

You’ll be prompted to choose the card you want to set up alerts for. Select it, then click “Customized Alert Conditions”, and “Transaction Alert”.

Here’s where you can set the specific threshold above which a transaction will trigger an SMS/email alert. By default it’s set to S$500, but you can adjust it all the way down to 1 cent if desired, ensuring that you’ll get an alert for every transaction made. 

Look for the padlock symbol (Https)

See that padlock symbol in your browser’s address bar? It’s not just there for cosmetic reasons. This symbol means that the connection between your web browser and the website server is encrypted, so even if the data were intercepted, it would not be possible to make sense of it. 

You should look out for this symbol on all online e-commerce sites you shop at…

…as well as any internet banking portal. If the symbol is missing, don’t even think about entering any personal information. 

To be clear however, the padlock symbol is the bare minimum you should be looking out for- it does not mean “see padlock= website OK”.

As security firm Malwarebytes points out, a secured connection counts for very little if the underlying site is itself fraudulent! Criminals know that some people are hardwired into associating the padlock symbol with safety, and set up their websites accordingly- it’s been reported that 74% of all phishing sites use a secured connection.

Therefore, it’s important to exercise common sense and inspect the website address to ensure you’re browsing the real thing. 

Look out for phishing websites and emails

You may receive an email telling you that your account has been compromised, and you need to follow a particular link to secure it. Clicking the link sends you to a familiar looking site that prompts you for your login details and 2FA code (if any)…then promptly steals them. 

Take the website above- it may look like PayPal, but on closer inspection, it’s anything but. The URL should be a dead giveaway- instead of paypal.com, it’s showing security-paypal-center.com. This is a common tactic used by scammers, in the hope that people will focus on the visual similarity of the website, as opposed to looking closely at the URL. 

Other telltale signs of a phishing website are spelling/grammar mistakes, broken English, low-resolution images, and the use of a different top-level domain (.net instead of .com, for example). 

When in doubt, Google’s Safe Browsing site status checker can be a useful tool for checking if a website may host suspicious content. 

Store your credit card details with trusted merchants

If you’re making a one-time purchase on a site you’ll probably never use again, it makes little sense to store your credit card information. This just creates an additional vector through which you may be compromised. 

However, saving your credit card details in an app or website is probably unavoidable in this day and age (imagine having to enter your 16-digit card number every time you want to order food or hail a cab). The key is to be judicious about where you do so; major e-commerce sites are probably safer bets than mom-and-pop operations. 

Don’t overshare

Be careful what you post on social media. Pictures of receipts and order confirmations may contain personal information (e.g your mobile number) that a hacker could use to compromise your other accounts. And as tempting as it may be to post a photo of your boarding pass on Instagram (#travelgoals), there’s a frightening amount of personal information printed on it.  Someone with malicious intentions could use the information to change your seats or meals, or even cancel your flight. 

If you’re reaching out to a merchant for customer support through their social media pages, never post any personally identifiable information on their public page- always send this via DM. 

Shop on sites which use 3DS-OTP

If you’ve shopped online before, you’ll no doubt have encountered 3DS-OTP authentication. This additional step helps to further reduce fraud, because even if your card number is compromised the hacker won’t be able to complete a transaction without access to your phone.

However, 3DS-OTP is not implemented on all websites. Look out for the “Verified by Visa” or “Mastercard SecureCode” icons when shopping for an extra layer of security. 

Special offers for Standard Chartered cards

I’ve previously written about how COVID-19 affects the miles versus cashback equation, and for those choosing cashback, Standard Chartered has two main options: the Spree and the Unlimited Cashback Card.

	Spree Card	Unlimited Cashback Card
Online Foreign Currency Spend	3% cashback	1.5% cashback
Online Local Currency Spend	2% cashback	1.5% cashback
All other spend	1% cashback	1.5% cashback
Cashback Cap	S$60/month	None
T&Cs	Link	Link
Apply Here	Link	Link

The Spree earns a higher cashback rate for online shopping, but is subject to a cap each month. The Unlimited has a lower cashback rate than the Spree for online shopping, but more on other categories (except excluded transactions) and with no cap. 

Standard Chartered is also offering Milelion readers a special acquisition offer of S$100 cashback when approved for either a Spree or Unlimited Cashback Card (usual: S$80). This will be credited to your account upon activating the physical card (T&Cs apply).

If you’re a Standard Chartered customer, do make sure to download the SC Mobile app, which allows you to monitor and authenticate your transactions, track your spending, and receive alerts. 

Conclusion

There’s plenty of other simple habits you can form to keep your online balances safe, like using strong passwords and 2FA (supported by more and more loyalty programs too, including Singapore Airlines KrisFlyer). At the end of the day, however, your best defense is common sense. 

Online shopping, banking and loyalty account management are no doubt great conveniences, but things can quickly go wrong if you don’t take the proper precautions. Some of these may seem excessive, paranoid even, but trust me: a minor inconvenience is better than a major loss.