Seven tips you should follow to avoid being digitally ‘pick-pocketed’
Digital transactions are increasing each passing year, making it that much important for you to tread safely
No matter whether you’re pro demonetisation or you prefer the term ‘demonisation’, one thing is certain. The less-cash/cash-less move on November 8 is arguably the biggest fillip India has seen towards financial digitisation. The future of payments, from your cab rides and grocery purchases to government payments, are unequivocally digital. Sadly though, the large majority of consumers in India aren’t engaging in informed debates and conversations about data security and the need to safeguard oneself when transacting digitally. Help is at hand—whether you’re setting up your online banking account to pay next month’s rent or installing a digital wallet, here are some tips you should follow to stay safe and avoid being digitally ‘pickpocketed!’
This may seem basic to most, but most folks still ignore the “long and strong” rule for setting passwords and credit/debit card PINs, which means ‘1234’ and ‘password’ still remain top password choices. Choosing a child’s or a pet’s name, or a date of birth/anniversary is no better—any information you freely share on social media puts you at risk of a virtual break-in. While setting passwords, use a combination of alphabets, numbers and special characters, preferably with words that can’t be found in dictionaries—try misspelling the words to make the password stronger! Keep passwords unique to the service you are using, so if the service is compromised, your impact is limited only to that site and you aren’t scrambling to change password across a host of sites. What can really help you develop strong password discipline are apps like 1Password or LastPass—both help you set up complex and unique passwords for all your financial accounts, and even remember and enter the password for you when you visit your saved sites. Remember, strong passwords apply not only to your internet banking sites, but also for digital wallets and apps where you regularly transact and shop, and for e-mail accounts which you’ve set up to receive “Forgot Password” e-mails.
Given how important your e-mail account and social media presence is, as a measure to verify/authenticate yourself online, set up two-factor authentication on any service critical to you and your financial dealings online. To put it simply, two-factor authentication allows you to link your phone number to your account, so you can get a one-time password (OTP) each time you log in from a new device. It’s similar to the additional OTP you may get for each credit card transaction you make online, and if you notice any such texts or notifications without having signed onto a new device, you must immediately change your password and notify your service provider/bank.
We can skip the tech behind HTTP and HTTPS, but remember this—if you’re using the web interface for any e-commerce/banking site (instead of an app, for instance), always check that the site you’re accessing is using a secure HTTPS connection, indicated by a padlock icon next to the address bar. What this guarantees is that any data passed between your PC/mobile and the site server is shared only between these two devices. You can run a fair bit of risk if you send your personal information over unsecured HTTP, and while this might be okay if you’re just browsing for some information, it’s a big no no if you are entering credit card or bank account details.
Be Aware of Malware
Considering your phone and PC are now vital to your financial transactions, you need to exercise greater caution on which websites you visit and what you install. Before you click on just about any link that pops up on a website or e-mail, assure yourself on whether it is authentic… as malware that gets downloaded from seedy websites can potentially spy on you and steal your personal data. It will also help if you ensure that your anti-virus, anti-spyware (I’ve found Avast and Windows’ own Defender sufficient for most folks) and your operating system at large is up to-date. When using public PCs to access financial sites, use the virtual keyboard facility to thwart programs that could be running to log your keystrokes and steal your logins/passwords.
Mobile Device Security
Passwords won’t do much if the mobile devices are left unsecured. If your device supports biometric methods of authentication such as fingerprints, set them up… If not, set up a secure PIN or unlock code. Next, use apps like App Lock (for Android) to lock your apps so that specific apps need a password before you can launch them. Additionally, plan for the worst-case scenario—losing your phone. Know the remote wipe options for your device—both Android and Apple devices let you do this remotely over the internet.
There’s the occasional temptation to download the newest, yet-to-be-released game or app from outside the app store. More so if a friend has the installer file. Bear in mind, alternative app stores like Cydia or APKMirror don't have the same credibility as the official Google or Apple app stores, and apps uploaded here aren’t always vetted for security. So, before you pick your digital wallet or any financial app, go to the app store, check the reviews and ratings, and ensure you’re using a genuine app for the service.
Avoid Public Wi-Fi
While I’d recommend you conduct your financial transactions from within the safety of a secured, home/office network, there are those times when you’re connecting to a public Wi-Fi hotspot, such as the complimentary Wi-Fi at a coffee shop or a restaurant/mall. If you must use public Wi-Fi, make sure you’re using secure HTTPS sites, turn off all forms of network file sharing from your laptop, and use a VPN service like Private Internet Access or NordVPN. VPN services allow you to secure your communications using a difficult-to-intercept private encrypted channel, even over a public Wi-Fi network.