Nov 152010

Clearly there is some element of risk involved in any sort of online financial transaction. Credit card numbers or bank account numbers can be stolen, passwords intercepted…

I recently had an unauthorized $400 charge against my debit card. Someone used it to pay for a plane ticket. My card is always in my wallet, but I often use it to make purchases online or pay bills. Apparently the card information was intercepted or stolen somehow.

The https prefix indicates a secure website

The https prefix indicates a secure website

The card has been closed and my bank refunded the charge, but the point is that online financial transactions carry a risk. Online bill payment is no exception.

So how do we minimize the risk? How do we know that an online bill payment website is secure? How can we safely transfer money online, or buy a product without worry?

1. Make sure the bill payment website is secure. The website address or URL should begin with https rather than http. https indicateds a “secure socket layer” or SSL connection, which is one in which data is fully encrypted and therefore protected.

Typically with an https website you will see a padlock icon in the corner of the browser window, either at the top or the bottom (or in some cases it may even turn the URL address background light blue or green). Clicking the padlock icon reveals the site’s security certificate and allows you to read about the protection that this affords.

2. Make sure the login process is secure. A quality bill payment website will usually give the customer two options: either to pay instantly as a guest, or to register and save payment information for future transactions. Neither one of these is necessarily better – it depends on your preferences – but both options should be secure.

If you’re paying as a guest, the website will usually ask only for your email address, then ask you to choose a payment option. Payment options could include online bank account, credit card or debit card. If you choose to pay by credit card or debit card, you may have to verify the card through 3D secure-a process used by major credit card companies as an added XML layer for online credit and debit card transactions. Visa call this process “Verified by Visa”, MasterCard call it “MasterCard SecureCode”, JCB International call it “J/Secure” and American Express call this “SafeKey”.

When choosing this option, look for specific statements on the website that credit card or debit card information will not be saved or stored in any way.

If you choose to register, a well designed and secure website will ask you to choose a name and password for future logins, and may also ask for your name, email address, physical address, and telephone number. You may even be asked for your date of birth, driver’s license number or passport number, though in my opinion asking for such information is excessive and carries the risk of identity theft. The same is true for your social security number. There’s no good reason for a commercial website or bill pay website to ask for such info.

You will often be asked to set up security questions in case you lose your login info. This is legitimate and common. Some websites now use cell phone verification. If you attempt to log in from any computer other than your usual computer, the website will send a verification code to your phone by text message. You must then enter the verification code into the website to proceed.

While these procedures may seem excessive, they are part of a good security system and they are there for your protection.

%d bloggers like this: