As we prepare to say good-bye to 2020 and all it has brought us, we will first prepare to celebrate the 2020 Holiday season. While online holiday shopping has become more and more popular in the last several years, the global coronavirus pandemic has ensured that this holiday season will be like no other that most of us have seen. Retailers are likely to increase their online shopping presence, in order to allow shoppers to be socially distanced and keep their employees safe; and as shoppers, we want to do all we can to protect ourselves and our loved ones from COVID-19. For a lot of us, that means online shopping. But beware… hackers and scammers know this is coming and this is exactly the kind of environment where they can thrive and take advantage of you and your finances. All is not lost, however. There are a number of things you can do to protect yourself from hackers and scammers and have a happy holiday season.
This may not be much of a problem for you if you are working from home and limiting your time out in public. However, should you find yourself on public WiFi, be aware this is not secure. Your data is vulnerable to being intercepted and stolen. While using public WiFi, don’t log in to any bank account, or enter your credentials for anything; if you must log into one of your accounts to check something, disconnect from the WiFi and use your cellular data which is secure and encrypted.
"We see people take advantage of this 'benefit' all of the time, yet you probably never ask the coffee shop who is securing their network. Many still fall victim to using free WiFi, and with free WiFi so widely available, it's easy to sit down anywhere and start your holiday shopping. I understand that our dependence on a virtual world is only increasing as our in person interactions are decreasing, but you must uphold some discipline when it comes to accessing public WiFi and entering personal information. Wait to buy that toy for your cat until you’re on a secure (and private) network; otherwise, you might see a lot more expenses and activities on your accounts than you ever wanted.”
- Ben Davis, Business Development Manager, Technium
Official Retailer Apps
When shopping on your mobile phone or tablet, be sure to use the official app for the retailer, rather than a third-party app. You can find these apps in your App Store or Google Play Store, be wary of apps that may appear to be official but are not. Read the customer reviews of the app to see what others have experienced when shopping with the app.
When shopping from your home computer, be aware of retail scams. There is a reason this adage is still around: “If it’s too good to be true, it probably is”. Is the seller legitimate? They may be trying to get your credit card information from you. Check with the Better Business Bureau and customer reviews. Are there a lot of complaints? You can verify that the site is secure with either a padlock at the beginning of the URL bar, or the address will start with HTTPS://. Both that S and the padlock indicate you are on a secure website, information you enter will be safe and encrypted. If the site you are shopping on does not have one of those indicators, don’t enter any personal data; leave the site.
Make sure you have an anti-virus product installed on your devices, and that the anti-virus application is up to date. This will help you avoid pop-ups and non-secure websites, as well as keep you safe when browsing for your perfect purchase.
Phishing and Scam Email
We all get a bunch of junk in our email. One of my accounts frequently receives an email purporting to be one of the major media streaming companies indicating that there is a problem with my account, and requesting I click on a link to fix the issue. Before clicking on a link in an email that will be requesting you to enter your personal information or logon credentials, verify that it’s legitimate. Look at the sender’s email address – not just the name it appears to come from, does it appear to be from the vendor, or is it a very long and strange email address. Is the logo slightly off? Are there typos in the email? Rather than click on the link in the email, open an internet browser and go to the vendor’s site to check your account, or call the phone number on the legitimate website to connect with Customer Service.
Your devices, mobile phones, tablets and computers, should always have the latest updates installed, for both the operating system and any applications you use. Updates contain security fixes and patches of known vulnerabilities, as well as new features, that can keep your device (and information) secure. Unpatched known vulnerabilities are a huge open door on your device, which hackers can take advantage of to gain access to your personal and financial information.
I am sure you’ve probably heard this before: you should only use strong passwords, and don’t reuse your password for multiple accounts. But what makes a strong password? A strong password should have at least 10 characters (more is better!), and uses different types of characters, such as a mixture of lower and uppercase letters, numbers and symbols or punctuation. Better yet would be to create a nonsensical passphrase, using multiple unrelated words, making it really difficult to guess. Don’t use easily identifiable information for your passwords, such as birthdays, phone number, address, your name. You can use a password manager to help you keep track of your strong passwords, and some will even generate strong passwords that you can use. There are a number of excellent password manager applications available, some are free while others may offer a premium version with more features for a fee. Do your research and find the one that suits your needs.
Another way to keep your accounts safe is multi-factor authentication (MFA). MFA requires that you provide two pieces of evidence to prove your identity. The first piece is something you know - your password. The second piece is something you have; it could be a one-time code generated by a third-party authenticator app or a one-time code sent to your mobile phone by text. This ensures that even if your password becomes compromised, a bad actor can’t access your account and data without that second authentication factor. You can find MFA applications in the appropriate app store for your device; I currently have both Microsoft Authenticator and Twilio’s Authy installed on my mobile phone for various accounts. MFA can also include biometrics, such as a fingerprint scanner on your laptop or phone or facial recognition.
Use a Credit Card for Shopping
Most credit cards have some protection for the card holder if their account is compromised and fraudulent purchases have been made. This could mean that you are only liable up to a certain amount, $10 - $50 in most cases, while some cards may eliminate that liability entirely. These protections aren’t available if you use a debit card.
Some banks offer one-time use digital credit cards to protect your account, or you could use a pre-paid credit card. Though if you do use a pre-paid card, don’t leave it with large balances on it, it may prove difficult to recover in the event it’s compromised.
You could also limit your purchasing to one credit card. This will make it easier to keep track of your purchases and notice it there’s fraudulent activity on the account. Look into setting up alerts for your account that will alert when there’s abnormal activity, or large transactions, so you can immediately verify the activity and report it if it is fraudulent. Most banks require that fraudulent activity be reported within a particular number of days, some as low as 30 days, or they won’t address it.
There are now digital wallets that you can use on your mobile phone where you can register your credit cards and make purchases by holding your phone near the point of sale terminal. The actual card number and personal information are stored in the digital wallet application, not on your phone, for increased security. Along with using strong encryption to protect your information, these apps usually require authorization via fingerprint or passcode to complete the transaction. The business and cashier never see your actual card information, protecting it from being misappropriated. The other benefit of using a digital wallet, besides the convenience and security it offers, is the ability to make contactless purchases, which is hugely important this year. Your card is never in someone else’s hands, you don’t have to touch the point of sale terminal to enter codes or signatures. As an additional bonus, some digital wallets may offer rewards for using the product or making a particular purchase.
Following these practices year-round is the best protection your personal data can have, but particularly as you prepare for your holiday shopping season, I hope you find these tips helpful. There’s no reason why you can’t have a safe and happy holiday season as you shop online.
If you have any questions, please feel free to contact us!