(as published in the WACHA Newsletter November 20, 2013)
Shoppers are expected to spend nearly $62 billion online throughout the holiday season this year, up more than 15% from 2012. The use of mobile devices for online shopping (mcommerce) is projected to reach almost $10 billion for the 2013 holiday season, as more consumers are using these devices to compare prices, research products, locate stores, and make purchases to a larger degree than ever before.
Whether you’ll be conducting transactions from your desktop, laptop or mobile device, keep these tips in mind to help protect yourself from identity theft and other malicious activity throughout the year:
• Secure your computer and mobile devices. Be sure your computer and mobile devices are current with all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates. Ensure you use a strong password and unique password, which is not used for any other accounts. Set a timeout that requires authentication after a period of inactivity.
• Use mobile applications with caution. As devices such as smartphones and tablets, continue to gain popularity for online shopping, so too will the volume of attacks against them. Malware could be downloaded onto the device from seemingly legitimate shopping apps that can steal credit card and other sensitive information for transmission to cyber criminals. Update all apps when notified and disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data—such as credit card number—being intercepted by a nearby device.
• Know your online merchants. Limit online shopping to merchants you know and trust. Only go to sites by directly typing the URL in the address bar. If you are unsure about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s contact information in case you have questions or problems.
• Consider using an online payment system or credit card. Where available, you may want to use online payment services, which keep your credit card information stored on a secure server, and then let you make purchases online without revealing your credit card details to retailers. If you do pay online directly to the retailer, use a credit, not debit card. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
• Look for “https” before you click “Purchase.” Before you submit your online transaction, make sure that the webpage address begins with “https.” The “s” stands for secure, and indicates that communication with the webpage is encrypted. A padlock or key icon in the browser’s status bar is another indicator. Also, make sure your browser is current and up-to-date.
• Do not respond to pop-ups. When a window pops up promising you cash, bargains, or gift cards in exchange for your response to a survey or other questions, close it by pressing Control + F4 on Windows devices, or Command + W for Macs.
• Do not use public computers or public wireless access for your online shopping. Public computers and Wi-Fi hotspots are potentially insecure. Criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other sensitive information. Care should be taken that the settings on your computer or device prevent it from automatically connecting to Wi-Fi hotspots.
• Secure your home Wi-Fi. Make sure you control who has administrative access, and that any users on your network authenticate with a strong password. Encryption settings should be enabled and strong – using WPA2 is recommended.
• Be alert for potential charity donation scams. Cyber criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests as a means to gain access to your information or computer/device. Think before clicking on emails requesting donations. Don’t give your financial or personal information over email or text. Contribute by navigating to the trusted address of the charity, never through a link in an email. To check if an organization is eligible to receive tax-deductible charitable contributions, visit the IRS website.