RISE thanks reporter Annie Schroeder and the WSLS 10 News team for allowing us to share this message with their viewing audience.
Holiday shopping has become as much a ritual as Thanksgiving dinner. Businesses compete for our dollars with hot items in stock and fantastic deals. Our email boxes and social media feeds bloat with ads and offers, not unlike our bellies after that extra slice of pie.
The Internet provides buyers the ability to find more sellers, easily compare deals, and shop from the convenience of their home (or mobile!). At the same time the technology enables another avenue for criminals to profit through theft of our account information or posing as a legitimate business. Fortunately we have tools we need to protect our information and limit the damage should our account information be compromised.
Use Your Bank’s Protection Tools
The first step to addressing fraud or theft is knowing about it. While reviewing statements for unusual activity remains important, banks now offer better tools for safe online shopping and detection of unauthorized account activity. Methods offered vary across banks, so log on to your account or talk to your bank to see what features they provide. Many offer configurable account alerts – messages sent via email or text when transactions are made or account limits reached. If you set an alert for any time the card is used for a purchase (or withdrawal), you can quickly react to unauthorized charges.
Typically credit cards are recommended over debit cards for online shopping due to the enhanced protections they historically offered. Even with these protections dealing with the aftermath of stolen credit card information results in lost time, stress, and still the risk of financial loss. See if your provider offers card protections such as time-limited or “one-time-use” credit card numbers. Where available these can be generated through your bank’s app and may allow you to limit the maximum charge amount, valid dates, and even retailer that can use the number. If your bank doesn’t offer this service, using a few “pre-paid” credit cards might be your preference for limiting financial loss and avoiding headaches of stolen card numbers.
Despite big changes in how we shop and bank with the Internet, monitoring and reacting to unauthorized activity remains a core component of safe shopping. Find out what tools your bank offers to protect your account and identify problems quickly.
Use Trusted, Updated Devices
Software constantly changes and criminals continually probe for weaknesses that can expose your data. Keep your devices (laptop, phone, tablet) updated with the latest OS and application updates. When possible configure updates to occur automatically. This includes your anti-virus software! Today’s “anti-virus” goes beyond simply scanning your hard drive. Modern security applications include browser plug-ins that identify and block malicious web sites before you visit them. While you still need to exercise care and good judgement when choosing which sites to visit, these tools can help protect against malicious sites that try to mimic legitimate businesses.
Shop at Reputable Sites
No doubt the Internet revolutionized shopping: more choices, better deals, no lines. At the same time its explosive pace and wide reach makes it easier for criminals to stage legitimate-looking ventures taking advantage of frantic holiday shoppers. When shopping online be sure to stick with reputable businesses. Use sites that you know and trust, or have verified reputation through others you know. Some security software can help identify fake “knock-off” sites, and online searches can be a good way to verify a site’s reputation. If in doubt – pass on that deal from the business you’ve never heard of.
Don’t feel that healthy skepticism means you can’t shop local or independent. There are great online marketplaces that allow independent vendors to list merchandise and offer some means of buyer protection. You should still verify reputation of the marketplace – research it online or ask your friends – and make sure you understand any policies they list for buyer protection or dispute resolution.
Keep your Accounts Secure
Most online retailers allow you to create an account so you can track orders, view history, create wish lists, etc. You should always use a strong password. The definition of a “strong” password constantly changes as computer hardware becomes more powerful, allowing crimials to guess passwords at the rate of millions per second. Recommendations on creating strong passwords constantly changes. Read what the US Cybersecurity & Infrastructure Security Agency recommends for strong passwords.
Despite your best efforts you can’t protect all your data all the time. Even a legitimate business can suffer a data breach. This occurs when account data is stolen or exposed publicly. A retailer’s web site could be configured incorrectly or an unknown vulnerability exploited by a criminal. Even if your credit card information is not exposed, your account password could be compromised. This highlights the importance of using a different password for each online account. If the password for one account is compromised, criminals cannot use that password to access other accounts.
Consider not storing payment information in online accounts. While convenient for future purchases, the growth of online shopping is resulting in credit card or account information being stored in a growing number of systems. Simply limiting your exposure by not storing payment information for future use might be your preferred option.
For more tips on strong passwords and account security, check out this SANS article on “Making Passwords Simple”.
Beware of Scams
Even in the Internet economy buyers are looking for the best holiday and “Black Friday” deals. Security professionals recognize the risk as we see large amounts of “phishing” emails tempting users to click their links with promises of fantastic deals. Little effort is required to create an email that mimics a real business but links to a malicious site designed to steal information. If you can’t be absolutely sure of the source – Don’t click that link! Better yet – even if the sender is a business you trust, skip the link and manually visit the site in your browser.
SANS “Stop That Phish” explains phishing and can help you spot holiday deal scam emails.
Shop Smart – Shop Safe
Online shopping continues to provide convenience to buyers and opportunities for even the smallest of business to reach customers. As the public adjusts to the rapid change criminals and scammers will find ways to fool even the most savvy shopper. But you have fantastic tools available to protect your money. Take a few minutes to secure your accounts, be smart when visiting those shopping sites, and get out there to find those deals!