062 A pensioner from Northriding, north of Johannesburg whose internet banking account has been robbed of R31.500 which he believes was an inside job. ( He did not want to be identified.) 280610 Picture: Boxer Ngwenya

Pretoria - I’ve had quite a few responses to last week’s column about “penny auction” website Viaziz, which has duped many South Africans into believing they were just registering on the site when in fact they were agreeing to buy about R2 500 worth of “credits”.

The site invites people to “sign up for free” then supply their credit card details in order to complete the “registration”. But the small print reveals what they’re really agreeing to when supplying their credit card details: “Package: 300 new customer welcome credits. You will be debited R2499.99.”

This is especially misleading, as, under the site’s more accessible FAQ section, the following promise is made: “Registration is totally FREE with no nasty hidden charges that other sites forget to tell you about! The ONLY cost associated with our website is the bid package costs.”

It fails to say that you can’t register without buying that package.

Among Viaziz’s terms and conditions, well hidden on the site, the truth lurks: “You agree that once you enter your card details and press either ‘Add Card & Finish’ or ‘Finish’ you have confirmed that you wish to have your card debited for the stated amount and you are fully aware that you will be charged for your selected bid package…”

That’s highly misleading, and, as law professor Robin Palmer pointed out, it falls foul of the Consumer Protection Act, which is all about protecting consumers from deceptive practices.

Sadly, if you don’t know what to look for on e-commerce sites, you’re easy prey.

Software expert Steven Silbert, of e-commerce hub E-Strategic, said there were several technical and other issues on the Viaziz site – and others – which raise a red flag:

l The lack of a company phone number. “Ideally, website owners should display photos of themselves, and make their e-mail addresses available, along with their office address and phone number,” he said.

l Lack of validation of input. It was a bad sign when this obviously hasn’t been done and the site contained obvious mistakes, Silbert said.

l The registration of the website is cloaked – you can’t find the owner of the domain name.

l Hidden terms and conditions. “Some websites use a link, but I prefer a scrollable text frame, with the terms inside. There should also be a tick box to validate that the user has actually read the terms. Generally, people tick it anyway, without reading, but it’s important to force someone to stop and see what they’re doing,” said Siebert.

When making payments, check for the padlock sign and “https” in the address bar, which tells you that you are on an SSL-secured site. Websites that are SSL secured will encrypt sensitive information, such as credit card numbers, during the transaction.

Also dispensing advice on how not be ripped off when transacting in cyberspace is Doros Hadjizenonos, South African sales manager with Check Point Software Technologies.

Here are some useful tips:

l Make sure it’s the real deal: be careful when clicking on links in e-mails, even if they appear to be from a big brand company. Malicious links could exploit your computer with malware or take you to a phishing site designed to steal your information. Instead, go directly to the company’s website.

l Update your browser: Hadjizenonos also advised consumers to consider disabling Java, as the program was battling a slew of security vulnerabilities. “This will sacrifice some websites’ functionality, but it will prevent potential drive-by download attacks that could infect your PC.”

l Use virtual credit cards: these are temporary or disposable devices, issued by banks or credit card companies free or for a small fee. They are usually for one-time use only or have a limited amount on them, so if a cyber criminal gets hold of this number your bank account is not at risk.

l Set up a separate e-mail address: many retail sites require an e-mail address to set up an account, log in and make purchases. By using a separate e-mail address for your shopping, you will reduce spam and phishing attacks on your personal, everyday e-mail account. This will also lower the risk of your personal information getting stolen.

l Update your security software.

It’s all great advice. Use it to avoid the downside of transacting online. - Pretoria News