Is it safe to shop online? What you should know about common payment gateways.

Josh Sale

Whether it’s scrolling through online stores while commuting or making a more substantial purchase from an overseas vendor, there is no denying online and mobile shopping have improved our access to just about anything we want. Security risks of online shopping are unfortunately very real, and so it’s important to discuss the key component that enables this is the evolution of online payment technology, especially with so many new players regularly emerging.

If you have ever needed to transfer funds, make a purchase or accept money online, chances are you’ve heard of or encountered some of the most common online payment gateways, including PayPal and the New Payments Platform, which includes PayID and Osko.

As our love of online shopping seems unlikely to wane any time soon, it’s important to be aware of some of the security risks of online shopping and to practice safe online habits, to help keep your financial data (and money) as secure as possible. Here we’ll explore a few of the key features and risks associated with these online payment options, and offer some tips on how to use them as safely as possible.

What are the dangers of shopping online?

It’s common when online shopping to forget to ask yourself ‘is this website safe to buy from?’ But with so many stores moving online, it’s more important than ever to protect yourself from online shopping dangers such as identity theft, data breaches, scams, and viruses. Luckily, there are plenty of security best practices to keep you and your personal information safe.

Our top tips for online shopping security

With so many convenient shopping options available online these days, it’s important to know how to shop online safely. Keep your money and details safe by taking the following precautions before each purchase:

  1. Only trust encrypted websites. So that you know your details are transferred safely, it’s important to limit your shopping to encrypted websites on a trusted WiFi network. Look out for padlock symbols next to the WiFi network’s name and in the URL bar.
  2. Look for the ‘S’ in ‘HTTPS’. This is another way to assess online shopping security. Be sure that the page is secured before entering any details. There should be an ‘S’ for ‘secure’ in the URL, so make sure it starts with ‘https://’ rather than ‘http://’.
  3. Protect your personal information. If the website is asking for details or private information beyond preferences to personalise your shopping experience with them, be extra careful.

How safe is PayPal?

PayPal is currently one of the most popular online payment gateways, with around 286 million active user accounts around the world as of June 30, 2019. PayPal lets users pay for goods, send money and receive payments quickly and securely online. You’re most likely to encounter PayPal when shopping in an online store, such as eBay, for example.

The benefits of using PayPal

PayPal claims to use data encryption and anti-fraud technology to keep customers’ details safe. It also says it doesn’t share the financial information of its users with the merchants or recipients of payments, so if a website requests payment via PayPal, it’s usually pretty trustworthy.

The security risks of online shopping with PayPal

Many of the most significant PayPal security issues that may arise are generally considered to be a result of hackers taking advantage of user behaviour. Here are three common risks that might expose a user to fraud:

  1. Linking your PayPal account to your bank account or debit card. If someone gains fraudulent access to your PayPal account, they could potentially also access your linked bank account or the account connected to your debit card. However, if you link your credit card to fund your PayPal purchases instead, you gain an extra layer of protection from your credit card provider and its fraud protection measures, plus hackers will generally only have access to your credit limit, not your entire life savings.
  2. Poor password hygiene. If you do not set a strong password or have used the same password for multiple accounts and sites, you may be an easier target for hackers. If they gain access to your PayPal password, then they could get into your account, which could give them access to your linked card or account. So, if you’re wondering ‘is it safe to give my PayPal email?’ The answer is yes, so long as you keep other personal details to yourself and you have a really strong password.
  3. Not having a secure digital connection to PayPal. As with all online money transfers, you could be exposed to a higher level of risk if you shop online while using public Wi-Fi, with hackers potentially able to access your login details. Public Wi-Fi connections are typically easier for hackers to breach than a private connection within your home.

New Payments Platform (NPP) – PayID and Osko (by BPAY)

The NPP is a payment infrastructure enabling Australian consumers, businesses, and government agencies to make real-time payments between accounts at participating financial institutions. Users of the platform can choose to create an easy-to-remember PayID, which could be their mobile number, Australian Business Number (ABN), or email address, that links to their bank account. Users can then provide their PayID to people or organisations they wish to receive money from.

One of the first services to use the NPP technology is Osko by BPAY. Osko offers customers the ability to transfer money from one participating bank to another almost instantly, either by using a BSB and account number or a PayID. Financial institutions offering Osko generally make it available to customers through mobile and online banking.

The benefits of using Osko

PayID is a simplified payment process that can help eliminate the need for users to share their BSB and bank account details for a transaction, therefore reducing the risk of an error. According to BPAY, the main benefit of Osko is the speed at which the service can transfer money from one eligible account to the next. If you are a customer of a participating institution, you could potentially use Osko to send money to an eligible account in minutes at any time of the day or night, even on weekends and public holidays. BPAY says Osko is also looking at ways to improve its service offering, including hoping to link the platform to superannuation accounts in the future, which could mean simplified, instantaneous super contributions.

The security risks of online shopping with NPP

The NPP claims to use world-leading data security standards and to be monitored 24/7. Users’ security, however, relies on participating financial institutions having appropriate protective controls in place. For example, a security gap was highlighted recently when Westpac experienced a cyber-attack on its NPP service and some of its customers’ PayID details were exposed. As PayID operates like a phone book, it is possible for people to type in a mobile number or email address and see the name of the corresponding account holder. That being said, generally, no bank account details would be compromised in that scenario.

7 quick tips for safe online shopping

While these gateways can offer a high degree of convenience when making a purchase online or transferring money, they can also expose us to some possible threats. Here are a few simple methods you can adopt to help you use these payment gateways more effectively and safely:

    1. Secure your devices

Make sure your device is always secure, with a strong password to log in, in case someone gains access to it. If the email address and password associated with your purchase become compromised, hackers can gain access. And, if you use the same details and credentials elsewhere, they can gain access to those accounts too. So creating strong, unique passwords for logins is an excellent way to advance your online shopping security.

    2. Install software updates

Ensure your computer’s operating software is up to date to make sure you have the latest security updates. While it’s easy to put this off, keep in mind that with every update, security improves to fight new attacks. The protective benefits are well worth the update. The next time you see the reminder or alert for a software update, don’t put it off.

    3. Use antivirus software

Consider installing reliable cybersecurity software on your mobile devices (namely any phones or tablets you may have) and your home computer or laptop, to better protect yourself against security threats. When the software is designed to provide safety for all internet activity, you know it can defeat the security risks of online shopping. Cybersecurity software will remove threats and aid in all cyber issues, including viruses and trojans. Having this software installed is one of the easiest ways to protect your data.

    4. Create strong and unique passwords

Create strong, unique passwords for your accounts (such as PayPal). As touched on, having these individual passwords for each login is a really wise move to ensure online shopping security. In a case where a hacker gains access with a stolen password and has your email credentials, the hacker could look for other associated accounts elsewhere and gain entry with ease. And when the password is really strong, it makes for a hard guessing game.

    5. Avoid using public Wi-Fi

Avoid making online payments when connected to public Wi-Fi. Connecting to unprotected Wi-Fi can expose your activity and, worst case, your sensitive information to cybercriminals. Avoid public Wi-Fi when handling sensitive information, especially when you’re banking or entering card details to an online shop. Hackers can launch various types of cyberattacks on public Wi-Fi and can also peek at confidential information sent while you’re connected.

    6. Link your PayPal to your credit card, and use MFA

Consider linking your PayPal account to your credit card instead of a debit or savings account and incorporating two-factor verification. Credit cards often provide additional protection to each payment, making them safer for purchases overall. And having two-factor verification adds another layer of protection against the security risks of online shopping. A password alone is useless to a hacker if you have two-factor verification set up.

    7. Only buy from verified, secure websites

As we brought up earlier, only buy from verified merchants and look for the secure padlock on the left side of the address bar. This indicates your information is encrypted to prevent ‘eavesdropping’ from external sources. The little ‘s’ is more important than you might think. Put simply, it’s a signal that means that a website visitor’s information is converted into secret code to make it indecipherable.

Online payment technology is expected to continue evolving and improving, reducing the security risks of online shopping. However, despite these advances in security and functionality, there’s always an element of risk when making payments or transferring money online. It’s therefore a good idea to review your online habits and consider whether your device and cybersecurity software is updated and adequate for your online spending habits.

About Josh Sale

Josh Sale is a Senior Research Analyst at Canstar, responsible for the continued methodology development and delivery of Canstar's flagship Star Ratings. Josh has tertiary qualifications in economics and finance, and transforms millions of rows of calculations into consumer-friendly Star Ratings.