’Tis the Season for Online Safety

Sunday November 30, 2014

The holidays are approaching as quickly as a sleigh pulled by magic reindeer, and every year it seems like the shopping season starts earlier and earlier. In many places, Christmas decorations are now put up before Halloween, ensuring a long and profitable season for merchants. And while most of us have had the experience of opening a disappointing gift on Christmas morning, one thing that can ruin your holiday faster than a homemade sweater is finding out that someone has obtained your credit card number, or compromised your account on your favorite shopping website.

By now we’re all familiar with the dangers of unsecured online shopping, with all-too-frequent reports of credit card theft or new web browser vulnerabilities. But that’s not deterring consumers during the holiday season. According to dailyfinance.com, on Black Friday 2013 online retailers did $1.2 billion in business, a 15 percent increase from the year before. Walmart alone saw 400 million page views, with the amount of mobile traffic triple that of 2012. However you look at it, computers and mobile devices are playing an increasingly large role in the holiday shopping experience.

Fortunately, a little common sense can go a long way toward keeping you safe during your online shopping experience. Here are 12 ways to be sure the only thing stolen during Christmas is a kiss under the mistletoe.

The Twelve Tips of Christmas

  1. First, be sure you are using the most secure tools available for your shopping. That means updating your browser to the latest version, which addresses the most current online risks.
  2. Even with an up-to-date browser, not every website you visit will be secure. Look for “https” in the address bar rather than just “http.” The “s” means it’s secure. You should also see a padlock symbol next to it in the address bar. For an added sign that the site you’re visiting is authentic, look for the green browser bar and the website’s name to appear in green.
  3. If your browser gives you a message about an untrusted security certificate for a website, don’t proceed. The website may have been compromised by cyber criminals or malicious software. Even popular sites for major companies can be victimized by such attacks. Reputable certificate authorities work with businesses to maintain valid certificates to protect their customers.
  4. Online shopping is already incredibly convenient, but it may be tempting to take it a step further by allowing websites to store your payment information such as credit card numbers or online payment service credentials. Wherever possible, don’t allow merchants to keep that information on file. It seems trite, but the more places your information is stored, the more chances there are for it to be stolen.
  5. We’re all tempted by online ads now and then that promise impossibly cheap prices on the latest trendy product, especially as Christmas approaches. These might direct you to a site you’ve never heard of. Before visiting the site, take advantage of free online tools provided by security companies to verify that it’s safe to visit. A browser search for “website safety tool” will give you a variety of choices before you click.
  6. Never use a public computer for online shopping, even if you clear the browser history afterward. You have no control over what security features are available, and you have no way of knowing who else might use the machine, maybe with dishonest intentions. There’s too much risk that your information could fall into the wrong hands.
  7. Be careful about using mobile devices for shopping. They are the ultimate in convenience, but it comes at a price. Your phone or tablet can be infected not only by visiting a suspicious website, but also by the apps you download. Consider installing security software that monitors Internet browsing and app installations to reduce the risk of having personal information stolen as you shop.
  8. We all want to avoid mobile data charges, and connecting to public wireless networks with our laptop or phone saves us money. But many of these networks are prime real estate for would-be digital thieves who employ a wide variety of tricks to intercept information sent over these networks. If you’re not completely confident in the security of your device, wait until you get home to do your online shopping.
  9. When creating accounts for making online purchases, use strong passwords that include a variety of alphanumeric characters and symbols. Don’t include words or phrases that could be guessed based on publicly available information about you. For example, if you’re always talking about your dog on Facebook, don’t use his name as part of your password. And while it can be a chore, you should also vary passwords between websites, so one theft doesn’t turn into a chain reaction.
  10. Some websites and payment services offer two-factor authentication when you log in or make a purchase, requiring more than a single password to access your account. This significantly increases the security of the site and is an excellent tool for safer online shopping.
  11. It’s also the season for extra virus checks. With the potential for a large number of financial transactions taking place on your computer, have your security software conduct a full system scan to identify any viruses or holes in your security before you start your shopping.
  12. You can never be too careful about what comes into your inbox. In addition to the obvious spam that sometimes makes it through filters, cyber criminals send millions of emails out pretending to be from legitimate businesses, hoping that some recipients by chance may have an account with that company; then, when they follow the link, they’re infected and their information is stolen. If you receive emails you’re not sure about, navigate to the website manually rather than clicking on the email.

Online shopping is great you beat the traffic and the lines and get to view hundreds of products and customer reviews from the comfort of your favorite chair. But even the most savvy shoppers need to be careful about where they are sending payment and account information as they make these purchases. As you search for the perfect gift, fill your online cart with these tips to enjoy a season where the only unpleasant surprise will be the fruitcake your neighbor brings.l be the fruitcake your neighbor brings.

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium