Security Firm Offers Consumers 10 Tips for Safe Holiday Shopping Online

PALO ALTO, Calif., Nov. 16 /PRNewswire/ -- Fortify Software Inc., a leading expert in software and e-commerce security, today offered consumers 10 tips aimed at increasing the safety and security of online shopping as the holiday season approaches.

Online holiday shopping continues to grow, with online consumer spending topping $28.2 billion during the November -- December 2005 holiday season, a 25 percent increase from the same period in 2004 (1). The first Monday after Thanksgiving, dubbed "CyberMonday," has emerged as the day when most online purchases occur.

Fortify Software's security experts have provided the following 10 guidelines for consumers who want to avoid fraud, loss of personal and financial information, and other security hazards associated with online purchases:

1. Only shop using a computer you trust. Your home computer should be protected by a firewall and the latest anti-virus and anti-spyware software. If you have any reason to believe your computer has been compromised (for example, it has been acting strangely or running much slower than normal) then do not use it for online shopping. Never shop from a computer at a library or Internet cafe.

2. Stick to well-known brands. Typically, large e-commerce sites have more to lose from poor security and will take better measures. In the unlikely event that a hack does occur, you will likely read about it in the press and can take some action. An unfamiliar brand might save you a few dollars -- or cost you thousands if their security is poor.

3. Avoid using the same username and password at different sites. Use convenience features like the password wallets provided by all major Web browsers to track your information.

4. Never use a debit card to purchase online. You can get reimbursed quickly and easily by your credit card company if a purchase is compromised, but with a bank debit card, your money will be gone until your bank's investigation is complete -- a process that could take weeks or even months.

5. Don't ever enter personal information on a webpage that you opened from an email. Doing so puts you at risk of a phishing attack. Your credit card companies' protection may protect you from certain credit card overcharges stemming from such fraud, but they cannot reimburse you for the loss of your identity -- your real name, address, social security number, etc.

6. If a site offers to remember your credit card number or billing address for future convenience, just say no. It might take you a couple of extra minutes to retype them next time, but you eliminate the risk of your personal information being stored in an insecure database. Don't be fooled by SSL security claims. SSL security is meant to prevent attackers from stealing your credit card as it is being sent from your computer to the vendor; however, it cannot protect your credit card from being stolen from the vendor's database.

7. Some credit card companies offer special one time use credit card numbers. You can use these and never actually type in your real credit card number, and since they only work once, you don't need to worry about them being compromised after your transaction. Check your card issuer's Web site for more information.

8. The larger an eBay purchase is, the higher the fraud risk. For purchases of several hundred dollars or more, it makes sense to use an escrow company. However, many fraudsters will set up a fake escrow company website and when you send them the money, they won't send you what you paid for -- so use an escrow company of your choice, not the seller's.

9. If there is any option to prevent sharing your personal information with a site's affiliates, make sure to choose it. While the site you're shopping at may be secure, you know nothing about the security of its affiliates.

10. Use a popup blocker to prevent phishers and other attackers from tricking you into visiting questionable Web sites.

Finally, it's important that customers demand that their purchases and information are secure. In any follow-up customer service calls or surveys, emphasize that you'll remain a loyal customer if -- and only if -- a site uses the most advanced security to protect its software, and ultimately to protect you.

About Fortify Software, Inc.

Fortify Software products protect companies from the threats posed by security flaws in business-critical software applications. Its software security products, Fortify Source Code Analysis Suite, Fortify Security Tester and Fortify Application Defense, drive down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and Fortune 500 companies in a wide variety of industries such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by a world-class team of software security experts and partners. More information is available at http://www.fortifysoftware.com/.

(1) comScore Networks January 2006