Skip to main content

How to shop super securely this holiday season

It's officially one month before Christmas and shoppers are facing the busiest time of year paying for presents online and in-store, but in this rush, it is important for us to not let security take a back seat when making purchases.

In the UK last year, there were 56 million credit cards and 88 million debit cards in circulation and fraud losses on these cards totaled £450.4 million. With 75 per cent of all UK retail spend resulting from debit card purchases, it's no wonder card fraud is a lucrative business for cyber criminals.

Online banking fraud increased by three per cent to £40.9 million last year. Intelligence shows this increase has also been driven by the rise in ‘vishing’, where fraudsters try to gain personal information from consumers by making phone calls purporting to be a bank or other trusted source and tricking the consumer into revealing personal information.

What the criminals are looking for

What it comes down to is information. With enough personal details on an individual, fraudsters are able to open additional credit cards and to take control of your assets by combining the stolen information with other information acquired from social engineering. Personal details and stolen credit card data is freely sold on Black Markets where criminals trade in your information.

Naturally, November and December are busy shopping periods for Britons as one-fifth (21 per cent) of the yearly online sales will occur during this period and it is estimated that 24 per cent of these online sales in the UK during the Christmas season will come from a smartphone or a tablet. As such, shoppers should be wary of the websites where they buy their gifts.

Often, when we look for presents we find ourselves on smaller websites without the appropriate security measures. Be sure to check that you have an encrypted connection by checking the lock icon next to the URL in your browser window. Then be careful not to store your payment information on websites you will not frequently use. Storing your data just increases your risk of exposure.

[caption id="attachment_109138" align="aligncenter" width="331"]

Google, security, secure

The lock looks like this[/caption]

In addition, as an alternative to cards, you may want to explore Near Field Communication (NFC) payment options such as Google wallet and Apple Pay when making purchases in store.

A contactless payment option is inherently more secure because your actual credit card information isn’t used. The major breaches we have seen in the last year such as Target and Home Depot where hackers took advantage of point of sale software and stole credit card information as it was transmitted. The new NFC payment options are designed to protect against this and your personal information is never even revealed to the retailer.

What you can do 

Here are my top tips for busy shoppers this holiday season:

1) Be wary of social engineering and attempts to gain personal information. Do not enter unnecessary details on websites or give information away over the phone.

2) Double check that you are always using a secure connection by validating the green lock icon next to the URL in your browser.

3) Explore NFC payment options available on your phone to make in-store purchases.

4) Avoid storing your payment details on websites you do not frequently use.

5) If the website feels outdated or the checkout process seems complicated, then walk away. There are plenty of other places on the internet. When shopping at smaller boutique websites, try to find ones that use major, reputable payment processors like Amazon, Google, or Paypal.

Keep on shopping in the free world 

In summary, this holiday shopping season is bound to be a busy one. With consumers in a rush and more strapped for time than ever, security is not bound to be on the top of the list of priorities, but with these simple tips, they can reduce their chances of becoming helpless victims to credit card fraudsters. While there is no need to wear a tinfoil hat, but it’s a good idea to safeguard your personal information and to treat it as a personal asset.

Russ Spitler, VP of product strategy at AlienVault