As you gear up to accomplish your holiday shopping this year, you may be more focused on doing so through online retailers than ever before. Ever since the breach of Target’s payment systems just before Christmas last year, which made international headlines, consumers have had to endure story after story about leading global retailers having credit cards and personal information stolen from their customers.
While online shopping may seem less dangerous than shopping at big-box retailers these days, don’t be fooled about the inherent safety of online shopping. Attackers can still access important details from you if you aren’t cautious. Be proactive about your financial security this holiday shopping season and follow these five tips to keep you safe on black Friday.
1) Pre-paid credit cards
If a financial card breach concerns you, one of the easiest ways to mitigate financial risk is to use a card that has temporary usage, such as a pre-paid credit card. By purchasing pre-paid credit cards (usually for free) the purchases you make online (or in store) won’t be attached to your primary credit card number that you may use to pay your bills online or for daily use. Pre-paid cards are also not attached to your financial institution, so you don’t need to be concerned about an attacker accessing your bank accounts. If the card was stolen, the thief wouldn’t be able to access your money and there is no risk attached for you.
Some financial institutions, such as Bank of America, offer temporary credit card numbers for usage online that don’t require you to physically acquire a pre-paid card.
2) HTTPS everywhere
Unfortunately, it’s been a rather rough year for the security of SSL and TLS, the underlying standards that protect your website communications when shopping on the Internet. However, that’s no reason to give up hope! Secure communications between you and the web server you are speaking with helps to prevent a number of attacks, especially when doing some on untrusted networks at places like coffee shops or university libraries.
The stalwart defenders of all things digital rights, the EFF, provide a browser extension called “HTTPS Everywhere.” This extension ensures that sites you are communicating with always leverage encrypted communications (when able). This prevents attackers from being able to manipulate your web traffic to make you feel that the network is secure and offer up sensitive data you believe to be safe. The best part? It’s free!
3) Fraud notifications
One aspect to information security that many people don’t think about until it’s too late is the ability to respond to fraud quickly. A problem that goes on for a day versus a month could be a big difference to your credit history and financial accounts. Companies such as American Express will even let you use their mobile application to receive fraud notices and respond, all without having to make a phone call.
Check with your financial institutions as to their ability to enable fraud alerts and what the thresholds are. Some companies may let you get an alert if spending goes over a certain dollar amount to make you more aware of when big transactions occur so that you can vet them easier. Being aware of how your money is being used is a great first step in resolving fraud when it happens.
4) Password manager
It can’t be overstated how much a bad or poorly secured password can ruin your day. Whether through phishing, brute force, or password reuse, criminals love to gain access to your credentials in order to steal money, buy goods, and, in general, steal your digital identity.
With the seemingly endless number of sites to provide a password for, using a password manager such as 1Password or LastPass is a quick way to regain your sanity and security. By randomly generating unique passwords for each website, you reduce the risk of one stolen password compromising security in other areas of your life. Password managers these days usually alert you when you are using a weak password or reusing a password that was used on an at-risk site, for instance: a website that was recently breached.
5) Patch your system
Many of us are still running operating systems or web browsers that were last updated two or more years ago, which puts us highly at risk. The number of vulnerabilities that can impact browser security, either natively or via plugins like Flash, is overwhelming. An updated and well-patched system can quickly and easily prevent us from potential risks while shopping online. So, make sure to download all updates on your computer. While you’re at it, schedule automatic updates so that they happen regularly and often, without any input from your end.
Final though: Don’t be a victim
With Black Friday just around the corner, these simple tips can help you keep your account information safe throughout the busy holiday shopping season. Since retail data breaches seem to be an inevitability, consumers need to empower themselves to protect their financial accounts, and this starts with monitoring for any suspicious activity and understanding the do’s and don’ts of holiday shopping.
Certainly, retail organizations will have an eye on security after major data breaches at leading global brands such as Target, Neiman Marcus, Home Depot and Michael’s have led to negative headlines over the past year. But these five tips are a good start toward your own personal data security and making sure that you, and your personal information, aren’t a victim in the next round of headlines.
Mark Stanislav is a security researcher at Duo Security.