It’s no secret that holiday shopping can do some damage to your bottom line. Unless you create a gift-giving budget based on what you can reasonably afford—and commit to sticking to it—it’s all too easy to run up your credit card balances and end the year in unexpected debt. However, there’s a sneakier financial danger you may not have considered. It’s known as identity theft, and unless you take steps to protect yourself, you may be putting your financial future at risk with every online purchase.
RewardExpert spoke with Steve Weisman—attorney, cyber security expert, author, and professor at Bentley University in Waltham, Massachusetts—about simple ways you can protect yourself this holiday season and throughout the year.
Identity Theft Dangers are Significant When Shopping Online
Weisman became interested in identity theft in the early ‘90s when his own identity was stolen. “Someone took information from my wallet that was in a locked locker at a gym I was working out at,” he explained. “When I saw how much work it took to get my identity back, it piqued my interest.”
In recent years, instances of identity fraud have skyrocketed. According to Javelin Strategy and Research’s Identity Fraud Study released earlier this year, the number of identity fraud victims in the U.S. reached a record high in 2016. Criminals victimized 15.4 million consumers, a 16 percent increase over the previous year.
The study also found that digitally-connected consumers—defined as those who frequently shop online and use social networks—have a 30 percent higher risk of becoming a victim of identity fraud then do those with little online presence.
“There has been much greater attention to shopping online in recent years,” Weisman said. “This kind of crime is profitable. It can be very easy to avoid getting caught. And it can be done from anywhere.
Interpol estimated that there are only about 100 cybercriminal geniuses in the world, but they’re business people. They go on the Dark Web and set up websites where they sell not just stolen credit cards and other personal data but also their malware. They even provide tech support to less sophisticated criminals who want to use it.”
Fortunately, Avoiding Danger is Pretty Simple
“The good news is there is a lot you can do to keep yourself from being an easy target,” Weisman said.
Only shop on legitimate websites. “Sometimes people Google a product and find a great price,” Weisman explained, “but when they go to the website, it’s actually a counterfeit site created to look legitimate.” You can avoid counterfeit websites by paying close attention to the URL in your browser’s address bar. Never enter your personal information into a website with an address that doesn’t begin with https. And if your browser pops up a warning when you try to navigate to a particular website, heed it.
Install antivirus software—and keep it up to date. Sometimes criminals infect legitimate websites with malware. “The website owners may not even know it is there,” Weisman said. “Just by visiting the website, you can end up downloading malware to your computer that can steal your information.”
Don’t shop online using public wi-fi. “Someone might [electronically] eavesdrop on you and steal your information,” Weisman said. Instead, postpone entering any personal information online until you’re at your desktop or connected to your secured home wi-fi.
Don’t store your credit card information with retailers. It might be convenient to let an online vendor save your credit card number or bank account info for your next purchase, but Weisman said doing so significantly increases your vulnerability should the retailer be hacked.
Only use your credit card for online purchases. “With credit cards, there are laws to protect you so that you’re not liable for anything more than $50 in fraudulent charges,” Weisman said. “But with a debit card, the entire balance of your bank account could be stolen.”
Choose complex, unique passwords. Weisman said doing so doesn’t have to be difficult if you start with a base password, such as IDontLikePasswords, and then add a few exclamation points and an extension that corresponds to the particular website on which you are using it. “Maybe your Amazon password would be IDontLikePasswords!!AMA,” he suggested. “That’s a strong password that’s easy to remember.”
Answer security questions dishonestly. Weisman said, “Because the Internet is such a great source of information, cybercriminals can often find out what they need to answer security questions. They can find out your mother’s maiden name or the city you were born in. Don’t answer those security questions honestly. Instead, choose something false that you’ll remember because it’s silly.”