Protecting Financial Information Online
Shopping and banking online can put your patrons’ financial information at risk. Sharing sensitive information like credit card numbers, financial information, and personal addresses on public computers, when using unencrypted websites, or while using public WiFi are especially risky.
Protecting patrons’ financial information
With libraries being one of the few options for free public WiFi, some patrons will need to enter their credit card or bank information on library computers. There are risks that come with entering financial information this way, and it is important that library staff communicate these risks to patrons and help their patrons with these transactions while maintaining patron privacy.
Identifying and reporting scams
Many libraries work with vulnerable populations that are at increased risk of being targeted by scams and identity theft. It is important for library staff to be well versed in common scams so they can identify them and communicate these risks with patrons.
Recommended Action: Advise patrons to look for the secure symbol in the address bar (https) before entering private information. For specific browsers, find more information here:
- Firefox: https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure
- Chrome: https://support.google.com/chrome/answer/95617?hl=en
- Safari: https://support.apple.com/guide/safari/avoid-fraud-by-using-encrypted-websites-sfri40697/mac
Recommended Action: Set a policy on how much help staff can give patrons when it comes to entering financial information, such as credit card and bank information. When determining this policy point, discuss boundaries and limitations. Are there exceptions to the policy? What variables would necessitate leniency?
Recommended Action: Ensure library staff are made aware of current scams and how to spot them. These could be raised in staff meetings or posted to an online training space. The Federal Trade Commission offers resources on how to spot a scam, which can be found here: https://www.consumer.ftc.gov/articles/how-avoid-scam. See the SFSF resources for phishing scams and online shopping. Additionally, consider creating a page on your website to educate patrons about scams, like the one at the Hawaii State Public Library System.
Examples of Library Policy
“Privacy while using the Internet in the library cannot be guaranteed. There exists a possibility of inadvertent viewing by others. Customers handling financial transactions or other activities that require confidentiality do so at their own risk. The Internet is not a private environment and security of electronic communication cannot be guaranteed.” –Ames Public Library (Iowa)
“The Library’s wireless Internet service is not encrypted. Users should be aware that any information sent or received could potentially be intercepted by another wireless user. Web-based security controls such as Secure Sockets Layer (SSL) are not sufficient to protect against certain types of attacks; therefore, users should avoid entering sensitive information such as credit card numbers, passwords or any other personally identifying information on any wireless network.” –Monterey Public Library (California)
“Avoid entering credit card numbers, passwords or other confidential information until you can verify that the Web site you are interacting with provides its own security mechanism such as SSL (Secure Sockets Layer) encoding. An SSL-protected Web page usually displays a small lock icon along the lower edge of your browser window. We strongly urge you not to use library computers for transfer of any sensitive information.” –South Thomaston Public Library (Maine)