First, and this is really important, use safe Internet security practices to make sure you are at the site you want and that you have a secure Internet connection. Also, never enter credit card or personal banking or investment account information on a computer that is not currently protected by anti-virus and anti-spyware software. Finally, it’s probably not a good idea to enter credit card or personal banking or investment account information from a public hotspot.
The safest way to pay or bank online is with some sort of personal digital security device that verifies your identity. This ensures no one can fraudulently use your personal information. This could be a one-time password (OTP) token, a small device that generates a different password you must enter for every online payment or login. Or it could be a smart card-the mini computer inside your bankcard with special security software-used in Canada, Latin America, Europe and Japan. You can either insert your card into a small reader to generate an OTP or connect the smart card to your PC with a USB reader. These both act as an additional security measure when you pay online or login to your bank account.
Banks call this “two-factor” authentication-something you know, the PIN, and something you have, the card or token. This is similar to when you make an ATM withdrawal, requiring both a card and a PIN code. Two-factor authentication makes online payment and online banking more secure. For example, Barclays, a leading UK bank, reports zero online fraud among customers using EMV-compliant chip and PIN cards with handheld readers for logins.1