We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Putting yourself on the line

March 2015

Online shopping offers an alternative to shopping at malls and other public venues. It offers consumers many advantages in terms of choice of and access to goods and services, as well as the ability to compare products and prices.

However, online shopping is not unequivocally beneficial. There are risks and dangers which are not present in more conventional face-to-face commercial transactions. So, while you sit alone in front of your computer shopping basket that you have accessed through an internet browser and are about to pay online, does the thought cross your mind: is it really safe to share your debit or credit card number? After all, your shopping history or passwords could be compromised by countless prying eyes.

Various scams and pitfalls are associated with internet based shopping. And there is also the very real risk of identity theft.

Having said this, some of the risks attached to shopping in cyberspace are also present in the physical world. For example, someone may steal your credit information by hacking into the server of an online retailer or an unscrupulous waiter at a restaurant may copy your credit card number and forge your signature while processing your payment.

You will have much better control over your privacy by understanding how your data becomes exposed online in the first place.

Online merchants employ a number of technologies designed to make the shopping experience more pleasant and efficient, with the goal of boosting sales. For example, many online retailers have the option of remembering your credit card information and collect information to get a good idea of what other products you may like to buy. But this typically means that you have to give something up in return, usually an amount of privacy.

When you return to a website where you have done business in the past, even just to browse, it very often "remembers your last session". This is done using something known as "cookies" which are pieces of code left on your computer's browser that track your shopping and web surfing habits.

Cyber suppliers also have tools that closely track your search enquiries and other purchases you might have made in order to advertise unrelated websites. This is not a problem if you are purchasing a cook book, but if you are anonymously purchasing a self-help book on depression, you may very well not want that information shared.

A further concern is that targeted adverts may lead to marketing profiles of online shoppers that reveal too much, including personally identifiable data (such as our name, address, identification number etc).

As a rule one should only offer information that is strictly required to complete an order and only share information that is actually needed. There are certain details about yourself that no online retailer needs to know. Retailers often try to collect additional details, such as annual household income or favourite types of entertainment, but this is usually for marketing purposes. Disclosure of non-essential information can lead to spam, telemarketing calls or worse.

Certain types of information should never be shared when making online purchases. The primary example would be your identification number. With the abundance of other personal data that may already be online, including your birth date and email address, an intercepted identification number could lead to identity theft.

Protecting your password
When you enter a password, you generally tell the server that a certain individual is entering a particular site to gain access to privileged information. Choosing a strong password that has a combination of letters, numbers and symbols and is difficult for somebody else to figure out is imperative to protecting your online privacy. Do not use the same password for every site. Once you have chosen a password, it is important that you do not write it down or otherwise make it vulnerable to third parties; even the most sophisticated security technology is no match for a compromised password. Public computers (public libraries, internet cafes) often save browsing history and sometimes even your log in information, which includes your password. Logging out of all sites visited and emptying the cache is one way to protect your privacy but, the best advice is - limit your online shopping to a home computer or other secure device.

Some computer viruses or spyware may capture key strokes and otherwise compromise your password. Keeping software up-to-date and using up-to-date antivirus software on a computer can help safeguard its content. But remember, even low tech methods of interception such as peering over a person's shoulder as they type in a password, can result in a privacy breach.

About privacy policies
Most online shoppers immediately click "agree" when asked to check a box indicating that they have read and understood the company's privacy policy. The fact is that most online privacy policies go unread. Privacy policies generally address the following areas:

  • Sharing of information
  • Tracking/cookies
  • Mandatory/optional data
  • Information collected

It is important to read them to understand your rights, and the rights that you are giving to the online merchant by clicking the "I agree" box.

The Protection of Personal Information Act, which has been promulgated but does not yet have an implementation date, seeks to go a long way in order to secure personal information in South Africa by setting out the eight principles of accountability to be adhered to by persons who process personal information. This will result in online service providers becoming more aware of keeping secure the information held by them.

It is interesting to note that in February 2015, the Justice Department sent out a communication stating that Cyber Security Bill is under construction and will soon be submitted to Cabinet for approval. According to a statement, the proposed legislation aims to address cybercrime and cyber security in South Africa. It also clarifies which offences apply in cyberspace and the criminal liability of offenders.

The Minister confirmed that public consultations on the Bill would start in the new financial year. This is important because while POPI regulates the flow and protection of personal information between parties which have relationship, it is very often on the online platform that third parties with criminal intent are looking for personal information and gaps in data security. South Africa has the third highest prevalence of cybercrime in the world after Russia and China, with between 80 and 84% of citizens having fallen victim to cybercrime in some form. Cybercrime is estimated to cost South Africa ZAR3.7 billion a year.

In order to avoid being a victim of cyber-attacks:

  • Do not leave mobile devices unattended.
  • Use passcodes or swipe gestures to unlock mobile devices.
  • Do not click on links in emails or SMSs that are not from a trusted source.
  • Look out for clues if you get emails or SMSs from your "bank" or "service provider". Banks will never say "Dear Client" or "Dear Customers".
  • When online purchases are made, only do so from "https" sites.
Loading data