Is my data safe?
Nothing is 100 per cent guaranteed. Even the most secure and conscientious companies can be hit by a data breach. As fast as the security companies uncover and shoot down scams, criminals find new ways to circumvent the security measures.
Handing over data to a third party is always a risk. “You are never 100 per cent secure,” says Espion’s Stephen O’Boyle. “There is so such thing really as no risk. However, if someone is managing information in line with best practice, they will have different types of controls in place that try to prevent a bad thing happening, and will detect if something slips past.”
There is a specific standard governing the handling of payment card data. So anyone who stores, processes or transmits such data is supposed to be compliant with the payment card industry data security standard. That’s typically managed by the acquiring banks whether or not companies are compliant.
“If they are compliant, they should be theoretically at a much lower risk of having a data breach,” Mr O’Boyle says. “From a consumer point of view, it’s quite difficult to tell if sites they’re dealing with are compliant or not.”
What can I do?
Mr O'Boyle recommends that shoppers use common sense when spending online. Most internet-based stores are legitimate. A bit of research can go a long way in protecting your data, so shop with online stores you are familiar with and trust. Or seek recommendations from friends for reliable sites.
If you are shopping on a new site, do a search on them before you hand over your credit card details. Five minutes with a search engine may show if there are more than a few complaints about a retailer.
All credit card data and confidential information should be encrypted. So when you are handing over payment details, make sure the page’s web address starts with “https” rather than “http”, indicating a secure connection. “Look for the padlock,” advises Mr O’Boyle. And trust your instincts. “If you think something looks too good to be true, it may well be,” he says.
That goes for those “helpful” emails that are sent to you claiming to be from your bank, informing you that your account details must be verified or your bank accounts will be suspended. Banks will never contact you in this way. It’s safe to assume that these emails are what is known as “phishing”, and they’re hoping that you will hand over your personal data into a fake – but often convincing – website.
Can my data be shared?
Read the small print, whether it's online or in a mobile app. The terms and conditions and acceptable usage may hide a few surprises, namely involving selling your information on to third parties. "If you're not paying them for the application, you are likely the asset," says Mr O'Boyle.
It’s not just companies that can be hacked. Malicious software on your computer can also steal data, so make sure that your antivirus software is up to date. The same goes for your browser and operating system.
What should I do if I think my data has been stolen?
If you suspect your financial data has been compromised, get in touch with your bank or card issuer to alert them and get the cards cancelled. It may end up being a false alarm, but better safe than sorry.
Keep an eye on your bank statements for any suspicious activity, no matter how small the transaction is – even if it is just a few euro . If you find anything, alert your bank and request a refund.
If you suspect a company has compromised your confidential data in some way, you can make a complaint to the Data Protection Commissioner, who can investigate the matter. Companies can be fined for failing to adhere to data protection guidelines, if the commissioner deems it necessary.
However, if you are after financial compensation, you will have to take that through the courts with the appropriate legal representation.