Holiday shopping usually means crowded shopping malls, long lines and full parking lots. But more and more Americans are skipping the crowds and doing their holiday shopping from home.
In 2016, Americans spent $91.2 billion online in November and December. In 2017, that number increased to $106.1 billion, and this year it's expected to climb to $123.4 billion.
Of course, online shopping does come with some risks—including an increase in predators looking to steal identities and commit fraud. According to Trustwave's 2018 Global Security Report, targeted attacks, malware and email threats have become more sophisticated than ever.
Before shopping online, employ these cyber safety tips to protect your money and your identity:
1. Only Shop at Secure Websites
Before making a purchase online, make sure the retailer's website is secure—otherwise, criminals can more easily get access to your personal data.
To find out if a site is secure, check that the URL starts with https:// instead of just http://. You can also look for a small padlock icon in the address bar.
2. Use Credit, Not Debit Cards, to Pay for Things Online
Credit cards offer strong protection when it comes to fraudulent charges. As long as you report fraudulent activity within one to two months, your liability is capped at $50—and most issuers won't hold you liable for any amount.
Debit cards offer similar protections. However, if thieves are able to successfully use your debit card, that money is immediately taken from your bank account, and you could spend a lot of time and effort in order to get it reimbursed.
Be suspicious of sites that only accept wire transfers or checks as payment methods.
3. Don't Conduct Your Online Shopping on a Public WiFi Network
Do your online shopping at home on a secure WiFi network. It may be tempting to take your laptop to a coffee shop, but conducting secure transactions on a public WiFi network puts you at risk.
Thieves can more easily intercept any data, like credit card numbers and passwords, on a public network. And never use a public computer—you never know what kind of spyware or malware may be on the device.
4. Ask Your Credit Card Issuer If They Offer a Virtual Card Number
Some banks or card issuers offer their customers virtual credit cards, which are basically randomly-generated, temporary card numbers that can be used while shopping online. The disposable card numbers are designed to protect your actual account number from falling into the wrong hands.
For example, if there is a data breach at a retailer where you shop, your real account is protected. If a merchant only has your disposable card number, it's more difficult for potential fraudsters to access your credit card to make unauthorized purchases.
5. Make Sure Your Online Account Passwords Are Unique and Secure
If hackers gain access to your account passwords, they can steal your payment information or order items with your account and leave you with the bill.
Make sure you create secure passwords that use a string of a few unrelated words separated by spaces to minimize your risk. And don't use the same password across different accounts, because if one is hacked, all your accounts are vulnerable.
6. Update Your Computer's and Mobile Device's Software
Software updates can seem like a drag, but if you get an alert to update your operating system or browser, do it immediately. These updates are often released to protect consumers from new attacks that are being introduced each day.
7. Watch out for Online Scams
Be aware of phishing scams in which fraudsters use the information they know about you—like your name or hometown—to get you to divulge other personal data through email.
Scammers do this by embedding hyperlinks into emails or text messages that direct you to sites intended to collect your personal information or install malware onto your computer or phone.
As a rule of thumb, do not click on links sent through email or text, especially if they are asking you to give up personal information. There are several variations of phishing scams—including spear phishing, angler phishing, and smishing—but the bottom line is you should always be vigilant when being asked to enter any personal information online or via text.
8. Monitor Your Credit and Identity
It's always smart to remain vigilant about your identity and credit, especially if you do a lot of online shopping. Start by checking your free Experian credit report for errors or suspicious accounts.
If you are worried that your personal information has fallen into the wrong hands, you can consider filing a free initial fraud alert on your credit file that remains active for one year through the Experian fraud center. (File it with one credit bureau and you're good to go because the bureaus will share such alerts with their counterparts.) The fraud alert notifies lenders pulling your credit report to take extra steps to verify your identity.
If you want to block access to your credit reports altogether, you can do so by initiating a security freeze, a free measure that prevents lenders from issuing new credit in your name altogether.
- Allows you to easily lock or unlock your report in real time, with no waiting period.
- Provides daily monitoring of your credit file, which means you will be alerted about any key changes, including new account openings.
- Provides up to $1 million in identity theft insurance: If you become a victim of identity theft, you can be covered for the unreimbursed costs of restoring your identity, like fraudulent electronic fund transfers, lost wages, legal fees, and travel expenses.
- Gives you access to your Experian credit report and FICO® Score, along with all the other benefits of Experian membership, such as dark web monitoring, which lets you know if your information is found on the dark web.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
This article was originally published on November 7, 2018, and has been updated.