girl_christmas_shopping_online_with_credit_card_iStock_000021878112Small.jpg

It is that time of year once again -  the holiday season. With it comes family gatherings, celebrating traditions, and of course, holiday shopping. You’re likely to put together a game plan when it comes to budgeting, where and when to find the best deals, and what to get everyone on your list. But, if you are one of the estimated 59% of Americans that plans to do your shopping online, it’s important to put together a plan for protecting your data, and your money, this holiday shopping season.

This is the first year in Deloitte's annual survey that shoppers have predicted their online purchases will exceed what they buy in-store. And with the average consumer planning to spend $967.13 on holiday purchases this year, you can be sure that cybercriminals are planning to do some ‘shopping’ of their own. 

Here are a few strategies for safely shopping online as you gear up to score those irresistible Black Friday and Cyber Monday deals:

Look for the lock.

When visiting a retailer's website, first check the address bar for a padlock symbol before the address. This will let you know it is a secure website. You can also look at the beginning of the web address for an "s" in "https." If it doesn’t have that, it does not have a higher level of security that has been guaranteed by a known entity like Verisign, Symantec and others. All reputable online retailers utilize this higher level of security.

 An example of a secure site. Note the green padlock and the 's' at the end of http, in the address.

An example of a secure site. Note the green padlock and the 's' at the end of http, in the address.

Consider using a separate email account for shopping.

Many people have separate email accounts for work and personal use. However, consider creating a dedicated email account for online shopping. Not only will this help you to organize all those receipts, but in the event of an email hack, cybercriminals will not gain access to more sensitive information, like banking and credit card accounts.

Never use public wifi for online shopping.

While it’s tempting to get some shopping done while waiting for a latte, never use a public wifi network to make an online purchase. Ensure that the network your computer/device is on is secure and you know who has access to your network. This usually means using your own home network/router. Your home WiFi network should always be password protected to make sure traffic can only be initiated from the inside-out, not outside-in. Also, consider disabling automatic Wi-Fi connectivity on your phone or device, so you don't unknowingly connect to an unsecured network while out of your home.

Checkout as a guest.

Most retailers now offer the option to create an online shopping account to store shipping and billing options to make checkout quicker. While it's a little more work to type this information in each time, check out as a guest rather than creating an account. If the website is breached by hackers, your data is less likely to be compromised. If you do choose to create an account with a retailer, only do so for those that you often shop with outside of the holiday season.

 An example of guest checkout.

An example of guest checkout.

Use multi-factor authentication.

Many retail sites are now beginning to offer multi-factor authentication, similar to email or banking accounts. This prevents a hacker from logging in to an account without having a secondary form authentication, such as a one-time text message or email code. If you have not yet set up multi-factor authentication for banking or email accounts, do so before shopping online.

 An example of how multi-factor authentication works to keep your accounts secure.

An example of how multi-factor authentication works to keep your accounts secure.

Verify the validity of mobile shopping apps.

According to digital risk management company RiskIQ, almost 30% of Black Friday and Cyber Monday purchases will be placed on mobile devices; many using retailer apps. They also found that 1 in 10 mobile apps that appeared in the results of a 'Black Friday' search in Apple and Android app stores is blacklisted as malicious. These apps are designed to fool users into entering credit card information or downloading malware to steal personal information or lock the device until the user pays a ransom. Be wary of applications that ask for suspicious permissions, like access to contacts, text messages, administrative features, stored passwords, or credit card info. Also, make sure to take a deep look at each app. Notice how many times the app has been downloaded and be aware of the spelling of brand names.

 Always be sure you have downloaded a retailer's legitimate app. Pay attention to spelling of brand names and number of downloads.

Always be sure you have downloaded a retailer's legitimate app. Pay attention to spelling of brand names and number of downloads.

Review your bank accounts often.

While not just a tip for the holiday season, checking your bank accounts often is especially important during this time of year. Keep a close eye on your banking and credit card statements for any charges that you don't recognize. Report any suspicious activity to your bank or credit card company as soon as possible. The financial institution will walk you through all necessary steps to solve the issue. Also, consider setting up SMS/email alerts for purchases made without being inserted into a processing machine (mostly meaning online purchases) or for large purchases.

There’s no doubt that online shopping helps us avoid the hassles and headaches of stepping into a department store during this busy shopping season. However, it does come with increased risks of being targeted by cybercriminals. By following these, and other, safety tips you can enjoy a happy holiday season and protect your online data into the new year.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.