This holiday season I’m realizing one harsh reality – It’s hard to feel safe shopping online, particularly when I know how detrimental a data breach can be. Losing a few dollars on your debit card (and going through the hassle of locking your accounts down to prevent more widespread damage) pales in comparison to what happens during a data breach at an organizational level, but it’s still a scary first look at what can happen when your data, personal or otherwise, goes unprotected. Due to the increase in retail traffic and ecommerce on well-known shopping days such as Black Friday and Cyber Monday (and the month of December in general), the risk of attempted fraudulent activity is amplified. Here’s my story about Black Friday fraud.
This past weekend I found myself doing something that I promised myself I would never do once I got out of retail. I, a former retail worker, risked my sanity to head to the mall on Black Friday. It wasn’t as busy as I had feared, chiefly I think because of all the people I heard mentioning Cyber Monday at work. I would have preferred to be holed up at home shopping online too. Needing something immediately ruled that option out for me. Miraculously, we escaped the mall unscathed. I hadn’t bought a single thing.
Following the breadcrumbs…
The next day, I went to pay for a coffee using my debit card. The cashier told me that my card had been declined. What was in my account would definitely cover my $2 coffee. I was concerned and decided to call my bank as soon as I got home and spent cash at the rest of my stops. I didn’t want to risk the embarrassment of having my card refused again even if it was just a fluke.
Hours later I found myself on the phone with my bank. Again. The same thing also happened to me in September, right before I left on a two week jaunt across the country to attend a wedding. Reviewing my transaction history, I noticed one for that took place on Black Friday. It was for a small amount to a vendor I had never heard of. I asked the representative and he told me he had no idea where the charge originated from but that my card had been flagged for fraudulent activity the day prior. Minutes into speaking with the representative, I was verifying that several attempted (and failed) charges weren’t initiated by me. They were thorough in their explanations and their steps to rectify the situation, but it still leaves anyone who has been through this feeling violated in some way – even if the charges were minuscule.
As someone who has been a victim of this repeatedly, I’m always interested in ways to be safer when using technology to shop. Tim Weber, Director, Security Services, was kind enough to offer his insight.
How can you verify the legitimacy of an app or website when you’re looking to purchase online?
- For websites, go directly. Don’t access via links from emails as these can be easily used to redirect to fake sites. Mobile apps are a bit tougher and have been a source of issues already this holiday season. For the mobile apps, try to download them directly from the vendor website and look for the date the app was created. Newer ones should be considered suspect.
Are certain payment methods safer than others right now?
- Credit cards are better than debit. If a debit card gets breached your bank accounts can be drained.
What should you do if you think one of your accounts has been breached?
- Who you need to contact depends on if a specific account was breached or if it is your whole identity that was taken. Identity theft is a different animal that requires a large amount of work. For specific accounts, you should contact the financial institution as a first step to get a block put into place. You should also contact the credit bureaus to have a “fraud alert” put into place. Next, you should file a report with your local law enforcement agency. Lastly, you need to file a complaint with the Federal Trade Commission (FTC) as they track these crimes.
How often should you change your password for shopping accounts where you have personal or financial info stored?
- Most important thing to do with passwords is to not use the same password for all of your applications. Make sure your passwords aren’t something that can be easily guessed. Consider the use of pass phrases instead. The frequency of changing the passwords would vary depending on how much you use them. Always keep an eye out for news stories on website breaches. Change all passwords if any of your accounts have been potentially compromised.
If you’re using devices to shop on your company network, is the network at risk too?
- Not necessarily. The bad guys are typically after the quick hits – getting credit card info so it can be sold on the black market – as opposed to causing damage or hacking into specific computers.
Protecting your personal information while browsing the internet may not be as easy as you’d think, but fortunately there are steps you can take to stay a little safer online. Wishing you a season of happy, safe shopping!