15 online shopping and banking security tips in time for the holidays
Halloween has come and gone, and now it's Christmas everywhere. Retailers are setting up displays and getting ready roll out their best sales. Unfortunately, hackers and thieves are also gearing up to do big business this time of year.
"Fraudsters definitely increase efforts around the holidays," says David Ackley, senior vice president of the senior information and corporate security office for Camden National Bank. "People can be more susceptible to phishing scams, especially emails with malicious links for things like checking the status of an online purchase [or] tracking shipping of a package."
MoneyRates talked to Ackley and online security experts Tony Anscombe, senior security evangelist for AVG Technologies, and Assad Lazarus, senior vice president of product and customer experience at Equifax, for their suggestions on how consumers can keep their finances safe.
Here are 15 expert tips for online shopping and banking this holiday season:
1. Use a strong password for every account
Passwords are on the front lines when it comes to protecting accounts against hackers, and a strong password is one that includes both capital and lower case letters as well as numbers and special characters.
Many banks and retailers insist their users have strong passwords, but even if one isn't required, it's in your best interest to use one. One simple way to create a strong password is to use a sentence, with capitalization and punctuation, rather than a word or phrase.
2. Don't use the same password everywhere
Even strong passwords can be compromised so you want to be sure to use different passwords for all your accounts.
"That way, if one account gets breached, fraudsters don't get the keys to the rest of your online profiles," Ackley says.
Rather than memorizing all those passwords, you could record them offline in a notebook kept in a secure location, or you could use an online password manager such as RoboForm or LastPass.
3. Install anti-virus protection on your computer and phone
Anscombe says anti-virus and malware protection is essential for both phones and computers nowadays, particularly because users typically have no idea their device has been compromised.
"Now, [viruses] get on devices and hide in the background," Anscombe says. "If your phone is infected, chances are you'll never know."
Unfortunately, some anti-virus apps are actually created by scammers to give them access to your phone. It's a problem so prevalent that Apple eliminated the anti-virus category from its app store.
Do your research before downloading anything and stick to reputable companies such as AVG or Avast! Mobile Security.
4. Avoid public computers for banking and shopping
Who knows who's been on the computer at the library or the Internet café before you? They could have installed a program to log keystrokes and transmit your log-in information.
Rather than risk having your accounts compromised, limit your use of public, shared computers to activities such as surfing the Web, reading the news or catching up on your favorite blogs.
5. Set up a VPN if you use public WiFi
Using your own device on a public wifi system can also be a risky proposition.
"A WiFi connection, especially in a public domain, increases your risk of identity theft," Lazarus says.
You can reduce your risk by installing a VPN - short for virtual private network - to encrypt data sent over a public system. Some VPNs are free, but many have a monthly charge. They include options such as AVG's cheekily named Hide My Ass! as well as services with names, like PureVPN and Hotspot Shield Elite, which won't make your grandmother blush.
6. Skip the banking and shopping entirely until you get home
Your safest bet may to simply skip shopping and banking until you get home.
Consider that researchers at Syracuse University found attackers don't even need to see your phone screen to figure out what you're typing. By discretely recording people logging into their phones, Professor Vir Phoha and his team were able to analyze people's finger movements and correctly guess a PIN on the first try 50 percent of the time. After three tries, their success rate jumped to 85 percent.
7. Only shop at reputable online stores
You don't have to buy everything from Amazon, but you should exercise caution before buying from unknown websites. Do your research to determine whether the site is legitimate and has a history of happy customers.
8. Think twice about buying from overseas
Shoppers may want to reconsider buying from an overseas seller.
"Your legal rights might change if the seller is outside the country," Lazarus says.
That may not pose too much of a problem if you buy a $20 stocking stuffer, but it could be an issue if you buy a big ticket item that ends up being defective.
9. Look for a secure connection before sending data
Regardless of whether you're banking or shopping, look for a secure connection before entering your log-in or credit card information.
You'll know a site is secure and your information is encrypted if the URL starts with an "https" instead of "http." In addition, many browsers will display a lock by the Web address to indicate a site has been verified as secure.
10. Always pay with a credit card
While debit cards offer fraud protection, credit cards are the better choice for online shopping. That's because fraudulent charges made to a credit card don't come out of your pocket.
A thief could wipe out your checking account if they gain access to your debit card. That could leave you penniless while you sort out the mess with your financial institution.
11. Look into tokenized payment methods
Even better than a credit card is a tokenized payment, says Anscombe. Currently, most tokenized payments are made through mobile payment methods such as Apple Pay or Google Wallet. Currently, these services are mainly used in stores, but some websites accept them as well.
"It never sends your transaction data," Anscombe says.
Instead, these systems give merchants a token code they can use to release the payment from your financial institution. As a result, the retailer never sees your card number or other payment data.
"That's actually safer than walking into a shop and using your card," Anscombe says.
12. Never store your information on a retailer's site
Both Anscombe and Lazarus say it's a mistake to allow companies to record your credit card number for future use. While it may be inconvenient to type in your number every time you check out, it keeps your data safe in case the retailer's server is compromised in the future.
"When you check out as a guest, you still get the emails with the deals and coupons so you're not missing out," Anscombe says to reassure those who may think creating an account is the only way to be notified of sales.
13. Be wary of phishing scams in your inbox
Phishing often involves emails that appear to come from a bank or retailer and they may say your account has been limited or fraudulent activity has been detected. Recipients are directed to click a link and enter their account data to confirm their order or unblock their account. However, the link actually takes people to a fake website where their personal information is collected.
"The best prevention is to avoid clicking links in emails that are not expected or seem out of character," Ackley says.
If you are concerned your account may actually need attention, don't click the link in the email. Instead, type the URL for the website directly into your browser address.
14. Use fraud protection tools available
Banks and card issuers are typically on the hook for absorbing the cost of fraud so they are understandably interested in keeping their customer's data safe.
Ackley says people can ask their banks about using secure tokens to authenticate their account log-ins. Meanwhile, card issuers may have a number of notification options available to let their customers know when a card has been used. For example, American Express has five different fraud alert options that will notify people when their cards have been used for an online or phone purchase or a foreign transaction, among other things.
Finally, credit bureaus such as Equifax and companies such as LifeLock offer credit monitoring services that can detect fraud. These come at a price but offer additional peace of mind.
15. Keep gift searches off a family computer
Anscombe has one final, bonus tip to share. It's not one that will prevent hackers from accessing your account, but it may help keep a wrap on holiday surprises. He advises people avoid using the family computer for gift searches.
Online advertising often uses your browsing history to customize the ads you see. That's why the item you were just looking at on Amazon suddenly appears in an ad box on Facebook.
"If you're searching for a PlayStation for Christmas, then your kids will know they're getting a PlayStation for Christmas [thanks to the ads]," Anscombe says.
And ruining a holiday surprise may be the biggest crime of all.
Comment: Are you worried about debit or credit card breaches? Are you doing all you can to keep your financial info safe during the holidays?
More from MoneyRates.com: