Online Shopping Risk Looms on Black Friday

Black Friday, the post-Thanksgiving holiday shopping “event,” is just a week away, and you can bet that cybercriminals are gearing up just as much as those with gift-buying to do—especially when it comes to online commerce, which is expected to constitute a major percentage of transactions this year.

Given that the breach of Target’s payment systems just before Christmas last year has given way to story after story about global retailers having credit cards and personal information stolen from their customers, many consumers may think that online shopping is less dangerous than shopping at big-box stores.

“Don’t be fooled about the inherent safety of online shopping,” said Mark Stanislav, security researcher at Duo Security, in an emailed note. “Attackers can still access important details from you if you aren’t cautious.”

Shoppers should be proactive about financial security this holiday season, by employing a few tricks of the trade.

Stanislav noted that one of the easiest ways to mitigate financial risk is to use a card that has temporary usage, such as a prepaid credit card.

“By purchasing prepaid credit cards, usually for free, the purchases you make online (or in store) won’t be attached to your primary credit card number that you may use to pay your bills online or for daily use,” he said.

Some financial institutions, such as Bank of America, offer temporary credit card numbers for usage online that don’t require users to physically acquire a prepaid card.

Also, shoppers should take care to look for the “HTTPS” in the website URLs where they’re doing business.

“Unfortunately, it’s been a rather rough year for the security of SSL and TLS, the underlying standards that protect your website communications when shopping on the internet,” Stanislav said. “However…secure communications between you and the web server you are speaking with helps to prevent a number of attacks, especially when doing some on untrusted networks at places like coffee shops or university libraries.”

Consumers should also check with their financial institutions as to their ability to enable fraud alerts and what the thresholds are.

“One aspect to information security that many people don’t think about until it’s too late is the ability to respond to fraud quickly,” the researcher noted. “A problem that goes on for a day versus a month could be a big difference to your credit history and financial accounts.”

Some companies may let you get an alert if spending goes over a certain dollar amount to make you more aware of when big transactions occur so that you can vet them easier, and some, like American Express, have mobile fraud alerts available.

 Password managers are also a great idea.

“It can’t be overstated how much a bad or poorly secured password can ruin your day,” Stanislav noted. “Whether through phishing, brute force, or password reuse, criminals love to gain access to your credentials in order to steal money, buy goods, and, in general, steal your digital identity.”

And finally, users should always take care that their browsers and machines are updated.

“Many of us are still running operating systems or web browsers that were last updated two or more years ago, which puts us highly at risk,” he said. “The number of vulnerabilities that can impact browser security, either natively or via plugins like Flash, is overwhelming. An updated and well-patched system can quickly and easily prevent us from potential risks while shopping online.”

While they’re at it, users should schedule automatic updates so that they happen regularly and often, without any active input.

What’s Hot on Infosecurity Magazine?