AdobeStock_77939924_WM.jpeg

Koroll & Company Blog

How to Protect Your Data During Online Transactions

[fa icon="calendar"] Jul 12, 2019 11:00:00 AM / by Allen Koroll

A person using their credit card to purchase products online

When buying online, it can be easy to assume that the sites we are using are properly securing our personal data. But this isn’t always the case.

Every online retailer has varying degrees of security, and with the growth of credit fraud and identity theft, it is becoming more important than ever to understand how your data is stored and used by these retailers and the risks associated with mismanagement.

In 2017 alone, there were over 17,000 reports of identity theft and fraud across Canada.

Thankfully, there are steps that can be used to protect you when using online retailers.

Before we dive into the personal information being stored by retailers, it is important to note that there is another place that many online shoppers store their information, aside from with the actual retailer, and this is in your web browser.

You may have noticed, when filling out forms across different sites, a drop-down appears with auto-fill options, including name, address, contact information and payment details. This information is not being stored by the retailer themselves.

Instead, this information is stored on your computer using cookies and accessed by the website when you visit it, or the information is stored within the web browsers files.

To protect data stored in this way, consider the following:

  • Review and delete cookies regularly, especially if you are on a shared computer.
  • Use the “check out as guest” option whenever possible to minimize the number of cookies that are created, and in turn the personal data that is being stored.
  • If you do store your data for convenience purposes, opt for the autofill function as it is more secure than cookies.

For retailers to store your data, you must sign up for an account. Your information, including account details, payment information, buying patterns and other details, are then maintained in customer files.

In Canada, the storing and usage of personal data with regard to payment information are regulated by the Payment Card Industry Data Security Standard (PCI DSS), which are standards developed by major credit card companies to ensure compliance by retailers accepting card payments. Any failure to comply with these regulations come with heavy fines.

Similar to brick and mortar stores, online retailers are only required to keep customer data until the customer has been authenticated.

The problem is, to add convenience to your shopping experience, online retailers often give you the option to store payment information for future purchases. In these situations, the PCI DSS requires retailers to ensure the data is effectively encrypted and guarded. Due to the complexity of this process, it often requires the help of third parties who protect your account information using tokenization – encryption using random characters which is worthless if intercepted.

The information that will be stored includes the customer's name, account details, credit card number (properly concealed), and the card’s expiration date. Access to this data is to be restricted and, when no longer required, policies must be in place to properly destroy the data. Online retailers are not allowed to store your CVV or your PIN number.

To better secure your personal information when using online retailers, you will want to consider the following:

  • Keep track of the data you have shared.
  • Read the retailer’s security policy to find out about data retention and whether they use a third party to protect your information.
  • Think about whether you really need to create an account.
  • Manage the data yourself whenever possible.

By taking the time to better understand what data is being stored, how it is managed and how it can be best protected, you decrease the chances of becoming subject to credit card fraud and identity theft. Have any questions? Feel free to contact our team of experts today.


Book A Free Consultation


The information presented is only of a general nature, may omit many details and special rules, is current only as of its published date, and accordingly cannot be regarded as legal or tax advice. Please contact our office for more information on this subject and how it pertains to your specific tax or financial situation.



About Koroll & Company

At Koroll & Company we grow our firm through satisfied clients referring us as a trusted accounting firm to their friends, family members and associates. The only way we know how to achieve this is strive to exceed your expectations and provide you with exceptional service. We have 20+ years servicing Newmarket, ON and the surrounding areas, and look forward to servicing you next. So give us a call and speak to a friendly staff member from Koroll & Company today!

Topics: Internet

Allen Koroll

Written by Allen Koroll