Credit cards still offer best protection online says fraud expert

McLachlan - whose company specialises in advising clients on how to defend against cyberattack and electronic fraud - told Infosecurity that his firm's research has revealed a significant gulf in protection that cardholders enjoy when paying online with a credit card over all other forms of payment.

This is, he says, despite users seemingly preferring to use debit cards and also despite the fact that banks promote the protection offered by Visa (and MasterCard) debit cards.

Whilst these debit cards have their place, he adds, credit cards have far more protection and are, essentially, the bank's money - meaning that if something goes wrong, it's the bank's problem to resolve.

McLachlan says he came to this conclusion after researching a number of online e-commerce sites, notably the Olympic 2012 tickets portal, which he noted - in common with a number of e-commerce portals - as routing customers to a payment processor’s site for secure transactions.

"The problem here is awareness and understanding. Most people understand the security of the padlock on the screen, and that the data being sent is encrypted. But this is still no guarantee that your data is going to the right site, especially if the portal you've just bought from has diverted your session," he said.

This isn't to say that the Olympic 2012 ticket sales site is in any way iffy, he stressed, adding that - like many sites - it simply redirects customers to a payment portal.

"But this is still confusing, as the customers have no real guarantee that there are being redirected to the correct site, and that cybercriminals have not intercepted the session and have routed the users to their own `secure' site", he explained.

So what is the solution?

McLachlan says that, in the short term, there is no solution other than using a credit card for protection, but in the longer term, the online industry needs to do more to educate users about the risks of rogue and intercepted online sessions, as well as develop systems that alert users to the presence of a truly secure IP redirect.

"It's really a server issue. Poisoned DNS servers can cause problems - and as it stands, the customers have no way of truly knowing where they are being directed to. And this is what credit cards should always be the preferred option," he said.

What’s Hot on Infosecurity Magazine?