Online identity theft is growing. It is now thought to cost the UK economy at least £1.5 billion every year. But are websites doing all they can to help stamp out this fraud?
As website owners we must ensure that all online transactions are conducted safely and securely. This goes almost without saying these days. However, there are chinks in the armour.
Submitting registration details or completing online forms, for instance, are just two areas that need close attention. Indeed, we as website owners should be reviewing every area of customer contact for possible security risks.
In reviewing our customer contact on the web, we must try to keep communications as focussed as possible by not asking for any more than we need to process the request. As well as improving efficiency, we are also less likely to inadvertently lend potential fraudsters a hand should they intercept the details in transit.
For example, while researching this article it was worrying the number of sites that asked people to give a date of birth while form filling over an insecure connection. Yikes! What a gift to a criminal with fraud in mind. Armed with a name, address and date of birth, hijacking a person’s identity becomes a whole lot easier thanks to ill-considered, insecure web forms like these.
The other very real concern, of course, is the possibility of legal action against a company should an identity theft victim hold the website responsible. Data protection is a serious issue for companies of all sizes. Prudence, therefore, would dictate that it’s always better to err on the side of caution. Not to do so could well result in some very expensive and legally awkward situations.
But don’t wait to find out the hard way; review your site interaction and communications today. If you already have access to a secure server for e-commerce transactions, find out about porting in other web forms or contact pages as well.
If not, check with your web hosting company. Often they offer free access to a shared security certificate and allow sites to set up for free or for a small fee secure pages that encrypt submitted information.
Among the unsecured data horrors uncovered for this article were:
· Numerous sites that asked users for their date of birth.
· A company that wanted job seekers to provide their date of birth and National Insurance number.
· A web site with a credit card payment form users were supposed to download and post in but which it was possible to complete online.
