Online shopping versus in-store shopping
STORY HIGHLIGHTS
- Check your address bar for "https" before entering payment information
- When shopping from mobile devices, use trusted apps and WiFi networks
- Always turn on the passcode protection for your mobile devices
- If an online deal sounds too good to be true, it probably is
Increasingly, people are
using their smartphones and tablets for online shopping. There was a
190% in mobile purchases this year on Cyber Monday, and 193% jump on
Black Friday, according to mobile payments company PayPay. The shift to
mobile presents its own unique security challenges, including malware
apps and text phishing scams.
Here are online shopping security tips to keep in mind all year round, on all your devices.
Check for "HTTPS"
Not all webpages are
equally secure. Before entering any personal or payment information,
make sure to look up at your browser bar. The URL should start with HTTPS, not HTTP. That one letter on the end, S, is the difference between a secure site and an unsecured site.
Bing takes on Google in fight for holiday shoppers
A secondary thing to look
for is the small lock icon in your address bar. This lock indicates
that you have an SSL (secure sockets layer) connection. The icon is
standard for most popular browsers, including Internet Explorer, Chrome,
Safari and Firefox.
On mobile devices, the
address bar is tinier and easier to overlook. Do a little pinch-and-zoom
to locate the S before sharing your payment information.
Watch your WiFi
Shopping from mobile devices means an increased chance you'll be on an unfamiliar WiFi network.
"Only window shop on
public WiFi," recommends Derek Halliday, lead security product manager
at Lookout, a mobile security company.
Holiday shoppers share tips for buying American
Avoid entering your
credit card number or other private information when you're on an
unsecured, public WiFi connection where people could snoop. Wait until
you are back at home or work.
Vet the vendors and apps
The Internet is packed
with stores, some reputable and others downright shady. While bargain
hunting, it can be tempting to make your purchase from the site offering
the lowest price, but take a moment to research any vendors you're not
familiar with.
"If something seems to good to be true, it probably is," says Claudia Lombana, a PayPal shopping specialist.
Before you hand over
your payment information, do a quick search for reviews of the vendor.
Calculate the total cost of an item, including shipping and tax, when
determining the lowest price.
The same tips apply when
you're using a mobile app. Only download apps for your smartphones and
tablets through official stores, like the App Store for iOS or Google
Play for Android.
The occasional unsavory
app has been known to slip through these proper channels. Always check
the reviews in the app stores to see what other users have to say. If
there are bunch of one star reviews or warnings, don't download the
software. Another option is to download a mobile security app to scan
new software and links.
Beware of phishing, SMiShing and other scams
By now most people know
to keep an eye out for phishing scams -- e-mails disguised as legitimate
companies or organizations that ask for payment or password
information. But every now and then, one comes along that looks
incredibly convincing. To be safe, copy and paste all links into a fresh
browser window instead of clicking on the hyperlink, check the
originating email address and when in doubt, contact the company to
verify the e-mail.
SMiShing (a lovely
portmanteau of "SMS" and "Phishing") has taken off recently, catching
people off-guard who don't expect to receive this type of spam as a text
message. Earlier this year, scammers sent texts telling people they had
won a $1,000 gift card from Walmart. The texts linked to a page that
asked for credit card information to cover the cost of shipping the
prize.
As a general rule,
legitimate companies will never ask for your private information over
email or text message, including payment information, usernames,
passwords, mother's maiden name or social security number.
Password protect mobile devices
This was the number one mobile tip from the experts we talked to: turn on the passcode on your phone or tablet.
It's an easy and
important precaution, but only 54% of Americans do it. Yes, it will take
a few more seconds to access your email or open an app, but smartphones
often contain more valuable information than what's in your wallet.
"Many shopping apps
archive your credit card information after your make a first purchase,
and many apps don't require that you enter your password every time you
use it," explained Halliday.
If your phone or tablet
is lost or stolen, anyone can access the wealth of data you have stored
on your device. Even if individual apps require passwords, someone can
use your email and phone number to try and reset them.
Update often
Many operating system
and application updates address security issues, plugging holes and
fixing errors that could be exploited by hackers.
On your computer, update the operating system when prompted, and make sure you're running the latest version of your browser.
For mobile devices, the
routine is easier because the apps come through a central app store. You
can see exactly what mobile apps need updating at a glance.
Use a credit card instead of a debit card
Credit cards are a more
secure online payment option than your debit card. The majority of
credit cards offer purchase protection in case your card number is
stolen, or if you make a payment at an online store that delivers a bad
product, or no product at all.
We know you're very busy
this time of year, but also take an extra moment to comb over your
statements. Should any of these security precautions fail, you'll want
to catch suspicious charges as soon as possible.
1 comment :
Thanks for the article. We all need to be more proactive about our personal account security. One thing you failed to mention is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, more and more sites are starting to offer and promote this option. 2-Factor Authentication to complete a transaction while shopping online wins every day. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering me enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
Post a Comment