By Michael Chertoff, Executive Chairman and Co-Founder of The Chertoff Group, a premier global advisory firm focused exclusively on the security and risk management sector.

This holiday season the National Retail Federation has predicted that American’s will spend as much as $105 billion online, an increase of 8-11% over last year’s figures. As consumers prepare to make their online purchases this holiday season, there are several things they can do to help ensure the safety and security of their personal and payment card data.

 1) Make sure you see the “lock” icon in the address bar of your browser when making online purchases.  This icon, found to the left or right of the web address in your browser, is displayed when you are on a page which uses SSL/TLS encryption to secure the connection between your computer and the server hosting the page. This encryption helps to ensure that your personal information and payment card data is not intercepted by a malicious actor while being transmitted to an online retailer. Make sure this icon, and the accompanying “https” web address prefix which also indicates the presence of SSL/TLS encryption, are displayed in your browser’s address bar when you enter your home address and payment card information.

2) Be on the lookout for phishing attacks. Phishing attacks remain one of the most successful means for cyber criminals to capture valuable personal information, including payment card numbers. While spam filters and other technologies have helped to reduce the volume of phishing emails reaching consumers, more sophisticated phishing emails—some personalized for the individual—are still used to lure consumers into voluntarily surrendering their data through fake websites. Make sure an email or link is authentic before clicking on it. Does it look right? Did you sign up for emails from this store? Is it taking you to the retailer’s actual website or that of an imposter (for example, “walmarl.com” instead of “walmart.com”)? When in doubt, navigate to the retailer’s site on your own or conduct a web search rather than clicking on the link.

3) Don’t make online purchases over public WiFi. While the free WiFi at Starbucks or your local pizza shop is convenient, it is often far from secure. Most public hotspots have little or no security in place to protect the data transiting the WiFi connection, leaving your data vulnerable to interception to anyone within range of the WiFi network. Some criminals will also create their own hotspot with names identical to those of a legitimate public WiFi network, tricking users into connecting to the public WiFi network’s “evil twin,” allowing the criminal to capture all of your web activity, including your personal and payment card information.

4) Be smart about your online accounts. Many of us have dozens of online accounts with retailers, banks, and other sites which allow us to conduct online transactions or access additional content or features. Unfortunately, at some point one of these accounts could be compromised in a cyber-breach, exposing the information it contains. As such, carefully consider the information you store in that account. Do you want the retailer to store your credit card information? Also, be sure to practice good password hygiene. Use complicated passwords that are more difficult to guess or crack. Create passwords that are over ten characters long and use a mix of letters, numbers, and symbols. Many sites with more advanced security requirements will force you to create passwords that meet these, or similar, standards. Use creative and purposefully inaccurate answers to password recovery questions—for instance, who would guess that your first car was a penguin? Most importantly, don’t reuse your passwords, especially passwords that you use to access primary email accounts or banking sites. Cyber criminals frequently attempt to use the passwords captured in a breach to gain access to users’ other web accounts, potentially granting them the ability to make online purchases or banking transactions in your name. If you are having trouble keeping track of a myriad of usernames and passwords consider password management software, such as LastPass or 1Password.

5) Closely and frequently review your bank statements. Even when taking all of the proper precautions, your personal and payment card data can be compromised, potentially enabling a criminal to make purchases using your credit or debit card. Though credit card companies won’t hold you responsible for fraudulent online transactions, you still need to report fraudulent transactions in a timely manner in order for them to be removed from your account. The rules for debit cards are more complicated and can leave consumers on the hook for a much larger amount ($500 in many cases) when the fraud is not immediately reported. As such, consumers should play close attention to their credit and debit card statements and quickly report the loss of a card or any fraudulent transaction. Tracking your credit and debit card transactions has been made even easier by online banking, which can allow you to review card transactions in real time rather than having to wait until the end of the month for a statement in the mail. Consider regularly checking your credit or debit card transactions online to ensure you are able to quickly identify fraudulent transaction.

A Business Radio Special Presentation: Hacked! is airing on SiriusXM’s Business Radio Powered by Wharton, CH. 111, on Saturday 11/15 at 12 pm ET. For a free 30-Day trial, check out http://www.siriusxm.com/fbtrial.

Powered by WordPress.com VIP