Alert Priority Moderate
28 October 2015

You are advised to be aware of the risks of purchasing products and services online using credit and debit cards following a spate of reported security breaches of Australian and international retailers.

A news service reported this week that outdoor clothing website Patagonia has released a statement conceding that the credit and debit card details of up to 600 customers who used its Australian website could be ‘at risk’ following a security breach. According to the report, up to 12,500 other customers may have had personal details compromised.

News of this breach follows recent reports of security breaches at David Jones and Kmart that allowed criminals to steal personal customer details. In the David Jones incident, a third party exploited a vulnerability in the retailer’s website to steal details such as customer name, email address, order details and mailing addresses, while the breach of Kmart’s ‘customer online product order system’ enabled an unauthorised individual or group to capture customer name, email address, delivery and billing address, telephone number and product purchase details.

International retailers have also been hit hard by security breaches, not all of which have involved their websites. For example, about 40 million credit and debit card details were stolen from Target in the United States in late 2013, reportedly after malicious individuals stole network credentials from a subcontractor and uploaded card-stealing malware to the retailers’ point of sale devices.

Minimising your risk

Retail websites to which you provide credit or debit card information use a range of technologies and processes to manage the security of data they keep about you. You should consider the risk whenever you provide credit or debit card information to a website.

Some of the ways to minimise your risk include:

  • Only pay via a secure web page—one that has a valid digital certificate, the website address will begin with ‘https’ instead of ‘http’
  • Use a separate credit/debit card with limited funds in case it is compromised for all online purchases
  • Use reputable third party payment services.
  • Review the places where your credit or debit cards are registered online and remove your information from sites you no longer use. (Note: sites may still retain your information).
  • Read the security information offered by websites when you sign up. Good websites will often promote their security technology and practices, particularly if you are providing credit or debit card information.
  • You can also conduct an online search for these companies to see if they have any previous security concerns.

More information

Stay Smart Online has information on buying and selling online.