The holiday shopping season is officially upon us, and so is a new seasonal batch of payment security threats.
The holiday sales rush spells payday for retail cybercriminals. Eight percent of consumers fell victim to identity theft or fraud during the holidays last year, according to a 2018 Experian survey, and nearly half of all holiday identity theft incidents are the result of shopping online.
As you scramble to snag deals on gifts for your friends and family this month, don’t forget to stay safe and protect your sensitive data with these 13 security tips.
13 Security Tips for 2019 Holiday Shopping
1. Avoid Public Wi-Fi
Seventy percent of smartphone users won’t hesitate to connect to open wireless networks, according to IBM Security. However, unprotected networks can expose your passwords, credit card information and other personal data to cybercriminals. Play it safe by avoiding public Wi-Fi and USB charging ports whenever possible.
Change your mobile device settings to prevent your smartphone from automatically connecting to Wi-Fi networks. If you’re frequently on the go, consider using a virtual private network (VPN) to encrypt your mobile data before you shop or bank online. It’s always safer to shop from a secured wireless network, such as your home Wi-Fi, or use mobile data to make purchases.
2. Be Wary of Social Media Scams
If you see a deal on social media that looks too good to be true, listen to your senses. There’s an epidemic of social media ads for e-commerce scams designed to capture credit card numbers. The Better Business Bureau has issued an official warning to consumers to watch for red flags such as “free trial offers” or charity scams.
If you see a product advertised at rock-bottom prices on Facebook, it may be a scam. Performing a quick search for a retailer’s name or a retailer’s name plus “complaints” can often reveal whether a sale is suspicious. Finally, keep your eyes open for signs of retail scams, including:
- A domain name that is close, but not identical to, a major retailer’s
- Nonexistent return policies or contact info
- Pop-up ads that try to capture financial data
- Free products or prices significantly lower than competitors’
3. Use a Digital Wallet
Using a digital wallet to make online purchases can add an additional layer of security compared to simply entering your credit card number. Avoid saving your credit card information on retail websites. Retailers should also protect customers by offering e-commerce support for secure payment methods.
4. Check Site Security
Before making an online purchase or entering your sign-in credentials into a website, double check the URL to make sure there’s a padlock icon next to it. The “S” at the end of “HTTPS” in the search bar is an important sign of website encryption. In addition, verify the URL to make sure you’re not on a copycat retail website.
5. Beware of Shipping Scams
Both retailers and consumers should be wary of shipping scams and take action to counteract them. For instance, as a customer, you can call customer services if you receive an email about a shipping update to an order, as this could be a sign that a scammer has rerouted your package.
Retailers can fight delivery fraud by limiting post-purchase package rerouting options. Fraud analytics can authenticate high-risk purchases and alert your team to abnormal activity.
6. Don’t Panic
Avoid falling victim to an unusual email or text message notifying you about unusual account activity or rock-bottom prices. It could be a phishing scam designed to incite feelings of panic or urgency and steal your data.
Examine all emails for signs of scams before you click a link or open any attachments. A quick phone call to a customer service department can be the easiest way to figure out whether you’re a social engineering victim.
7. Avoid PoS Fraud
You’re a lot more likely to fall victim to malware or phishing schemes than point-of-sale (PoS) fraud, but it’s still important to watch for payment terminal risks. Using a credit card with chip technology is an important protection, but it’s not entirely without its own risks. Avoid swiping your card at locations that are vulnerable to tampering, such as outdoor ATMs or gas pumps.
Retailers should closely monitor for signs of PoS tampering or malware. Maintaining full payment card industry (PCI) compliance and monitoring PoS technology can protect your business and your customers from point-of-sale threats.
8. Update Your Devices
Chances are good that your laptop or mobile device sends a notification each time an update for your operating system or browser becomes available. Ignoring these updates can result in unpatched critical vulnerabilities, which is equivalent to leaving your digital door unlocked for threat actors to steal your data or hack into your mobile wallet using proximity-based compromise tactics. To prevent this, be sure to make online purchases from updated devices only.
9. Protect Your Accounts
Cybercriminals are using a wide variety of tactics to threaten payment security this holiday season, including compromising customer loyalty accounts. As a consumer, the most important step you can take is to adopt better password security practices. These best practices include:
- Using passphrases consisting of several unrelated words combined into a 20+ character password
- Opting into multifactor authentication (MFA), which may require, for instance, a password and a mobile text code
- Not recycling passwords between online accounts
- Using a password manager
10. Avoid Sketchy Apps
There’s been a surge in creative cybercrime tactics that aim to convince consumers to download compromised mobile apps. Always avoid downloading applications from any source other than official apps stores. Never click to download an app from a text message, email or social media, as it may not be legitimate.
11. Use a Credit Card With Chip Technology
Credit cards generally offer better payment security and fraud protection than debit cards. $0 credit card liability on fraudulent purchases means you won’t be on the hook for a cybercriminal’s shopping spree if your card number is stolen. Better yet, consider using a temporary credit card number for online purchases. See if your credit card service offers one-time card numbers.
12. Beware of Gift Card Fraud
Gift cards may not be as safe as you think. There’s been a wave of gift card fraud caused by physical retail tampering and digital theft. Don’t leave enormous balances on gift cards and always take the option to register cards online.
As a retailer, monitor your website for signs of gift card bots or programmatic attempts to strike gold by entering endless combinations of gift card numbers and PINs. Offer customers the opportunity to register cards online and change their card PIN at the time of registration.
13. Watch Balances Carefully
The average consumer plans to spend $1,047.83 on 2019 holiday purchases, according to the National Retail Foundation. Chances are good that your December credit card statement will be lengthy. It’s probably not possible to check all of your payment accounts every day for signs of fraud, which is why it’s important to centralize your purchases.
Consider relying on one credit card or digital wallet for online purchases. Opt into any method that makes it easy to notice account compromise, such as text alerts or email statements from your provider.
Simple Payment Security Is a Seasonal Necessity
It’s easy for retailers and shoppers to get lost in the holiday shopping spirit. While the coming weeks can provide a rare opportunity to snag unbelievable deals, don’t forget about payment security. Listen to your senses — better yet, adopt every method you can to uncover fraud. Try to make purchases from a single credit card with chip technology, check your balances regularly and remain wary of digital scams.
Nowadays, retailers have a lot more to worry about than competitor sales and physical PoS compromise. Fortunately, automation and orchestration technology can simplify PCI compliance and payment security without adding to your workload. Stay vigilant for threats like PoS malware, web app attacks and fraud risks.
This holiday season, don’t forget to give yourself the gift of security.
Jasmine Henry (formerly Jasmine W. Gordon) is a Seattle-based emerging commentator and freelance journalist specializing in analytics, information security, ...