Sign up to our newsletter
Tips for safe holiday shopping, online or in stores, are something we’ve talked about in years past, but they are worth repeating as the 2014 holiday shopping season approaches. After all, some folks are still spooked by the ghosts of security breaches past (think Target, eBay, Home Depot, etc.). However, shopping can still be fun and safe if you follow a few sensible strategies.
If you do your shopping in a busy mall you know to keep a sharp eye and a firm grip on your purse or wallet. These days it also pays to keep a sharp eye on your payment card accounts, whether they are credit or debit, even if you do most of your shopping online. Most banks and card issuers now let you check activity on your accounts from your phone and receive text alerts and/or email for new transactions as soon as they occur. Take advantage of these features to monitor your accounts for suspicious activity.
If you see account activity that you do not recognize, notify the bank or card issuer immediately. Of course, most payment card companies check all transactions for indications of fraud, like someone trying to buy a big screen TV at a Walmart in Duluth with your card while you’re trying to pay for lunch in San Diego. But it also makes sense to set up your own alerts, for things like out of area purchases or charges over a certain amount. (And if you’re trying to keep your shopping within a budget, tracking your charges as they happen can help with that too!)
If you lose a debit card, or your debit card data is hacked, or your debit card is cloned by an ethically-challenged clerk or waiter, it is possible the bad guys will get to the funds in whatever accounts are linked to that card. That doesn’t happen with credit cards so consider using a credit card instead of a debit card. Also, you may find it easier to get your money back from a credit card if you are scammed with bogus charges. While it can be tempting to use debit cards — many retailers, whether at the mall or online, prefer debit cards because the transaction is cheaper for them — credit cards can put an extra layer of protection between you and the bad guys.
If you want to go on a $300 buying spree, why not get a stored value card with $300 on it? Banks provide these and they definitely limit your exposure (in this case to $300, or maybe less if the card is stolen, although this depends on the card terms, which you should read carefully). Some people use this shopping strategy all the time for both security and privacy reasons and they develop a system for managing card balances, expiration dates, and so on.
News of payment card data being exposed has become all too common, so it pays to pay attention to the news. And you should probably act on the news if you have used a payment card at any institution that is in the news for a “suspected breach.” For example, some big brand names have refused to acknowledge the full extent of breaches right away. If in doubt, consider requesting a new card sooner rather than later.
Keep in mind that if you have any auto-pay accounts that reference this account number, you will need to update that information. But that beats the pain of dealing with fraudulent charges, or waiting for a replacement card when a big breach is confirmed. (And if you’re lucky, your new card will come with a chip, which makes it hard to clone.) The Federal Trade Commission (FTC) offers a lot of advice on dealing with lost or stolen cards.
For any card that has a PIN associated with it, as is the case with all debit cards, you may wish to change your PIN if you have been using the same one for a long time, or if you selected it back when only four digits were allowed and you figured 4321 would be good enough. Changing up to a PIN that is harder to guess — and longer than four digits if your card issuer allows that — is a small step that can greatly improve your security.
Longer and harder to guess is also good advice for the passwords or passphrases you use to access your accounts online, whether from your phone or laptop. Check out the We Live Security guide to generating a strong password. Graham Cluley offers some thoughts on the worst pitfalls awaiting those who ignore password advice.
Every digital device you own should be protected so that if it is lost or stolen a stranger cannot use it. For laptops that probably means password or fingerprint. Smartphones and tablets may use passwords, patterns, or fingerprints. Yes, they can be a pain when you’re in a hurry, but they offer a lot of peace of mind if your device gets snatched. Consider using a theft protection app that allows remote locking of the device, a feature provided with some smartphone software suites. You can also get theft protection in a software suite for your laptop.
If something goes wrong, like your purse or wallet gets stolen, or your smartphone gets snatched, do you have the phone numbers for the people you need to call? The phone company, the bank? Or were they in that bag/wallet/phone? Consider good old-fashioned paper as a backup, carried separately, or placed somewhere easy to access. (But don’t make the mistake of putting your passwords and PINs on that piece of paper!)
Data stolen by criminal hackers is often sold on the black market. Some of the buyers specialize in identity theft, opening accounts in your name, and the holiday season is a prime time for such activity. If you regularly monitor your credit report you can spot these accounts. The FTC has a helpful website for those looking for tips on how to (safely) get a free credit report, including contact information for the three credit reporting agencies. You may also want to look into setting up a fraud alert or a credit freeze if you want additional protection against fraudsters trying to get credit in your name. Be aware that these steps will also mean you have to go through additional verification if you wish get credit, for the duration of the alert or freeze.
When you are in the ordering process on a website check to make sure it is using SSL, the standard in secure transactions that shows up in several ways. You should be able to see https in front of the web address instead of http. There may also be a lock or key symbol in the browser window as well. Using SSL encrypts the exchange of information, such as your credit card, so eavesdroppers cannot read it. When in doubt, a quick search in Google for the word “scam” or “fraud” along with the website name should tell you if that site has a history of problems.
If a deal looks too good to be true, it probably is, particularly if it’s an amazing offer on one of the season’s hottest products. Or a free gift card for answering a few simple questions. Or an unclaimed account, or lottery prize. Such deals can be very tempting, especially during the holidays, but it really is safer to avoid following links that offer goods, services, or gift cards at impossibly cheap prices, they are just too risky. Not all discount vendors are scammers, but ask yourself if the promised savings are worth the gamble (or Google the offer and/or vendor to see what others are saying).
While it is sad that we have to be mindful 0f the downsides of electronic payment systems when we are trying to have fun at the mall or our favorite retail website, there is a bright side. By this time next year we will see improvements. By then, most payment cards in America will come with an internal chip that should reduce card fraud considerably. The emerging alternatives, like paying with a smartphone, will be maturing and offer additional protections. And in America we may see the benefits of a new government initiative called BuySecure.
Author Lysa Myers, ESET