Black Friday and Cyber Monday saw record traffic and record online sales. But merchants selling their wares are not the only ones who took notice – nefarious individuals hoping to perpetrate fraud for their own financial gain are also watching. So protect yourself when surfing for bargains this holiday season by taking a few steps to avoid becoming a victim.
1. Reputation is everything:
Shopping on the information highway is a lot like shopping at brick-and-mortar stores – only shop at stores with a good reputation – stores you trust. Look for HTTPS in the URL (not HTTP). Look for the closed padlock icon or green address bar (e.g., in IE8 and later). These don’t guarantee a secure site, but when not displayed you are almost guaranteed the site is NOT secure. You can also look for trust seals on web-site requesting you enter your credit card, for example: VeriSign or TRUSTe seal. These seals indicate the site has been vetted by a third party and is probably safe. Of course, when shopping online, if the deal is too good to be true, it probably is, proceed with caution.2. Avoid public WiFi:
Public hotspots and WiFi may be monitored, compromising your entire internet session, including credit card and expiry date entry. If these details are captured, they have what they need to make purchases using your credit. If you have to use WiFi when shopping at least make sure the connection is encrypted (e.g., WPA2 and WPA). If encrypted you will need a password, which hotels and other establishments often share. And if prompted to “Set Network Location” select “Public” which disables file and print sharing – common attack vectors.3. Use a credit card not a debit card:
Using a credit card provides a grace period to review your credit card statement and report potential fraud. By law, refuted credit card purchases are immediately backed off your account while they are investigated. Using a debit card has funds immediately withdrawn from your account, limiting recourse. Also consider using a separate credit card just for online purchases, perhaps with a lower credit limit and with strong fraud protection.4. Enroll in text notifications:
Many credit cards offer free or reasonably priced text notifications that can provide purchase details via text message in real-time. Some also allow dollar amount thresholds. For example, you can request a text for any purchase more than $100. This lets you proactively monitor purchases on your credit card and report possible fraud immediately.5. Secure computing:
Keep your computer protected by installing security patches, antivirus software, and a robust firewall. Avoid using public computers to make online purchases. And of course, use strong, unique passwords for each service. If you use a single password for everything, including less important accounts, and one is compromised, they also have your password to your more important accounts (e.g., online banking). Two-factor authentication (2FA) is something else to seriously consider – it adds a second level of authentication to an account log-in, making it far more difficult for threat actors to access your accounts.6. Share:
Make sure family members and friends are taking the same precautions. If they compromise your computer everyone using that computer may be at risk.Every time you enter your credit card number into a website or hand the card to a merchant, you assume some risk. Managing that risk by following these security practices will hopefully make your holiday season bright. But if you believe your credit card number has been compromised, contact the financial institution where you obtained the credit card immediately. Of course, this requires monitoring your account! So read your credit card statement every month, verify all purchases, even small amount purchases, and consider using a card with text alerting to proactively monitor your credit.