Every year, stolen credit and payment card information accounts for billions of dollars in losses during the holiday season. And that’s just one way thieves steal.
Cybercriminals have been preparing for this year’s boom in online shopping, so review these tips to keep your payment cards safe.
1. Use a Credit Card, not a Debit Card
If you’re the victim of fraud or theft with a debit card, the money is siphoned out of your account immediately. With debit cards, you’re not protected by the same laws that protect credit cards. If someone accesses your debit card account, they can drain your tied bank accounts immediately with little recourse.
With a credit card, federal law limits your liability for fraud or unauthorized use. When fraud occurs, you can retrieve your losses by simply disputing the charges by filing a fraud claim with your credit card provider.
If you have one, best practice is to use a credit card for purchases as much as possible.
2. Don’t Store Your Card Information on a Website
When your computer asks if it should “remember” your password to a website, the correct answer is “no.” This feature is obviously convenient, but it leaves you vulnerable should someone gain access to your computer or browser.
Similarly, as you’re making a purchase, most sites will ask if it should remember your card information for future purchases. Always choose “no.” The last thing you want is to allow someone else to access the site and “one-click” shop using your stored card information.
3. Monitor Account Activity and Boost Anti-Fraud Measures
Many credit card issuers allow you to sign up for transaction alerts that will notify you when a purchase has been made over a set amount, which can help you monitor your account. Some issuers will even let you tie in the location of your smartphone to your credit card. This way, if a purchase is made in Tampa, Fla., and you are in Chicago, that transaction will not process. It’s a great idea to call your credit card issuer and set these up ahead of your holiday shopping.
Regularly log in to your account to keep tabs on your account activity. If you notice anything questionable, report it right away.
4. Look for http “s” Before Purchasing
Not all sites are safe and secure. Ensure the site you are visiting is secure before purchasing by looking for the “https://” in the browser’s address bar before you provide your credit card information. The “s” stands for secure and should appear on all web pages that require disclosing financial information. If it’s not there, the site is not secure, so discontinue any transactions.
5. Be Wary of Emails Requesting Information
According to the Cybersecurity and Infrastructure Security Agency, attackers may attempt to gather information by sending emails requesting that you confirm a purchase or account information. Legitimate businesses will not solicit this type of information through email.
Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log in to the authentic website by typing the address yourself.
6. Be Careful of Faked Websites
“Typosquatting,” also called URL hijacking, is what may occur when you mistype a website name and don’t realize it. Scammers set up fake domain names that are just a letter or two off from popular sites to take advantage of unintentional misspellings. Those who normally type quickly and rely heavily on autocorrect are especially at risk. This can result in Amazon becoming “Amazone” or “Amazne.”
If you are unsure how to spell the name of a website, look for it by using a reputable search engine and double check the URL to make sure you are in the right place. Bookmark the pages you visit most often to make navigating easier and less of a hassle.
7. Assume Public Wi-Fi is Not Secure
Wi-Fi hotspots in coffee shops, libraries, airports, and other public places are convenient but often not secure. Online shoppers don’t realize that cyber thieves can grab their wireless data at Wi-Fi hotspots, because the majority of these places don’t encrypt the information you send over the Internet. If a network doesn’t require a password, it’s safe to assume it is not secure.
When using a hotspot, only log in to websites you know to be secure and be sure your entire visit is encrypted from the time you log in to when you log out. You can do this by looking for the “https” at the start of the URL address or look for the security padlock sign. Don’t stay permanently signed in to any accounts. Also, it’s a good idea to change the settings on your mobile devices so they don’t automatically connect to nearby Wi-Fi.
8. Consider Using a Virtual or “Disposable” Credit Card Number
One final way to safeguard your card information when shopping online is to use a virtual or “disposable” credit card number. While disposable numbers are not available with every credit card, some of the major issuers offer the feature. Your card issuer gives you an alternate number to use when you check out online. The disposable number still links to your accounts, but is temporary, and you can limit the amount of money than can be transferred.
You can also buy preloaded cards to use specifically for your online shopping. It’s a good way to limit risk and direct access to your bank accounts.
Take extra precautions while shopping this holiday season. Cybercriminals know we’re conducting more business online than ever and they’re looking for ways to target unsuspecting consumers. For more tips, visit the Cybersecurity and Infrastructure Security Agency’s Shopping Safely Online tip sheet.