The holiday shopping season is officially upon us, and so is a new seasonal batch of payment security threats.

The holiday sales rush spells payday for retail cybercriminals. Eight percent of consumers fell victim to identity theft or fraud during the holidays last year, according to a 2018 Experian survey, and nearly half of all holiday identity theft incidents are the result of shopping online.

As you scramble to snag deals on gifts for your friends and family this month, don’t forget to stay safe and protect your sensitive data with these 13 security tips.

13 Security Tips for 2019 Holiday Shopping

1. Avoid Public Wi-Fi

Seventy percent of smartphone users won’t hesitate to connect to open wireless networks, according to IBM Security. However, unprotected networks can expose your passwords, credit card information and other personal data to cybercriminals. Play it safe by avoiding public Wi-Fi and USB charging ports whenever possible.

Change your mobile device settings to prevent your smartphone from automatically connecting to Wi-Fi networks. If you’re frequently on the go, consider using a virtual private network (VPN) to encrypt your mobile data before you shop or bank online. It’s always safer to shop from a secured wireless network, such as your home Wi-Fi, or use mobile data to make purchases.

2. Be Wary of Social Media Scams

If you see a deal on social media that looks too good to be true, listen to your senses. There’s an epidemic of social media ads for e-commerce scams designed to capture credit card numbers. The Better Business Bureau has issued an official warning to consumers to watch for red flags such as “free trial offers” or charity scams.

If you see a product advertised at rock-bottom prices on Facebook, it may be a scam. Performing a quick search for a retailer’s name or a retailer’s name plus “complaints” can often reveal whether a sale is suspicious. Finally, keep your eyes open for signs of retail scams, including:

  • A domain name that is close, but not identical to, a major retailer’s
  • Nonexistent return policies or contact info
  • Pop-up ads that try to capture financial data
  • Free products or prices significantly lower than competitors’

3. Use a Digital Wallet

Using a digital wallet to make online purchases can add an additional layer of security compared to simply entering your credit card number. Avoid saving your credit card information on retail websites. Retailers should also protect customers by offering e-commerce support for secure payment methods.

4. Check Site Security

Before making an online purchase or entering your sign-in credentials into a website, double check the URL to make sure there’s a padlock icon next to it. The “S” at the end of “HTTPS” in the search bar is an important sign of website encryption. In addition, verify the URL to make sure you’re not on a copycat retail website.

5. Beware of Shipping Scams

Both retailers and consumers should be wary of shipping scams and take action to counteract them. For instance, as a customer, you can call customer services if you receive an email about a shipping update to an order, as this could be a sign that a scammer has rerouted your package.

Retailers can fight delivery fraud by limiting post-purchase package rerouting options. Fraud analytics can authenticate high-risk purchases and alert your team to abnormal activity.

6. Don’t Panic

Avoid falling victim to an unusual email or text message notifying you about unusual account activity or rock-bottom prices. It could be a phishing scam designed to incite feelings of panic or urgency and steal your data.

Examine all emails for signs of scams before you click a link or open any attachments. A quick phone call to a customer service department can be the easiest way to figure out whether you’re a social engineering victim.

7. Avoid PoS Fraud

You’re a lot more likely to fall victim to malware or phishing schemes than point-of-sale (PoS) fraud, but it’s still important to watch for payment terminal risks. Using a credit card with chip technology is an important protection, but it’s not entirely without its own risks. Avoid swiping your card at locations that are vulnerable to tampering, such as outdoor ATMs or gas pumps.

Retailers should closely monitor for signs of PoS tampering or malware. Maintaining full payment card industry (PCI) compliance and monitoring PoS technology can protect your business and your customers from point-of-sale threats.

8. Update Your Devices

Chances are good that your laptop or mobile device sends a notification each time an update for your operating system or browser becomes available. Ignoring these updates can result in unpatched critical vulnerabilities, which is equivalent to leaving your digital door unlocked for threat actors to steal your data or hack into your mobile wallet using proximity-based compromise tactics. To prevent this, be sure to make online purchases from updated devices only.

9. Protect Your Accounts

Cybercriminals are using a wide variety of tactics to threaten payment security this holiday season, including compromising customer loyalty accounts. As a consumer, the most important step you can take is to adopt better password security practices. These best practices include:

  • Using passphrases consisting of several unrelated words combined into a 20+ character password
  • Opting into multifactor authentication (MFA), which may require, for instance, a password and a mobile text code
  • Not recycling passwords between online accounts
  • Using a password manager

10. Avoid Sketchy Apps

There’s been a surge in creative cybercrime tactics that aim to convince consumers to download compromised mobile apps. Always avoid downloading applications from any source other than official apps stores. Never click to download an app from a text message, email or social media, as it may not be legitimate.

11. Use a Credit Card With Chip Technology

Credit cards generally offer better payment security and fraud protection than debit cards. $0 credit card liability on fraudulent purchases means you won’t be on the hook for a cybercriminal’s shopping spree if your card number is stolen. Better yet, consider using a temporary credit card number for online purchases. See if your credit card service offers one-time card numbers.

12. Beware of Gift Card Fraud

Gift cards may not be as safe as you think. There’s been a wave of gift card fraud caused by physical retail tampering and digital theft. Don’t leave enormous balances on gift cards and always take the option to register cards online.

As a retailer, monitor your website for signs of gift card bots or programmatic attempts to strike gold by entering endless combinations of gift card numbers and PINs. Offer customers the opportunity to register cards online and change their card PIN at the time of registration.

13. Watch Balances Carefully

The average consumer plans to spend $1,047.83 on 2019 holiday purchases, according to the National Retail Foundation. Chances are good that your December credit card statement will be lengthy. It’s probably not possible to check all of your payment accounts every day for signs of fraud, which is why it’s important to centralize your purchases.

Consider relying on one credit card or digital wallet for online purchases. Opt into any method that makes it easy to notice account compromise, such as text alerts or email statements from your provider.

Simple Payment Security Is a Seasonal Necessity

It’s easy for retailers and shoppers to get lost in the holiday shopping spirit. While the coming weeks can provide a rare opportunity to snag unbelievable deals, don’t forget about payment security. Listen to your senses — better yet, adopt every method you can to uncover fraud. Try to make purchases from a single credit card with chip technology, check your balances regularly and remain wary of digital scams.

Nowadays, retailers have a lot more to worry about than competitor sales and physical PoS compromise. Fortunately, automation and orchestration technology can simplify PCI compliance and payment security without adding to your workload. Stay vigilant for threats like PoS malware, web app attacks and fraud risks.

This holiday season, don’t forget to give yourself the gift of security.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today