Kids aren’t the only ones who love the holidays: Hackers, cybercriminals and identity thieves also consider this the most wonderful time of the year. Criminals know that holiday shoppers are making more purchases online and may be more distracted and likely to commit careless security errors. Protecting your financial information from hackers requires extra attention during the holidays.
Hackers and online criminals look for common flaws and errors in how you handle your personal information, financial data and credit or debit card security. To avoid becoming a victim of an online scam or data breach, be sure to follow these best practices for safe online shopping and banking.
Shop only on secure networks
Hackers can easily access your banking or credit card information if you’re shopping or banking over a public Wi-Fi network. Shop or share financial information only on a trusted, secure network, one associated with a home or business and requiring a password for logging on. A public Wi-Fi network at a coffee shop or an airport is not a secure network, and even a password-protected hotel network may be insecure.
Use strong passwords and PINs
Your passwords for every website and online account you use should be different. Use a strong and unique password, or even consider using a password manager or “password vault” program that creates and manages passwords for you. PC Magazine has a roundup of the best password managers of 2015.
Your personal identification number for your bank account or mobile payment account should be unique and very difficult for someone else to guess. Never write down your PIN, and never share it with anyone. You should also never use ‘1234’ or ‘1111’ as a PIN (surprisingly common, according to this study), nor should you use your birthday or last four digits of your Social Security number. Lifehacker has compiled tips for how to create a PIN that’s both secure and easy to remember.
Secure your mobile payment apps
Mobile payments apps such as PayPal, Apple Pay and Google Wallet offer great convenience, but they present some security risks. If you use a mobile payment app on your smartphone or tablet, then it’s critical that you also require a passcode or fingerprint ID on that device. It may take a moment longer to enter a passcode every time you use your phone, but it prevents thieves from being able to log into your payment apps if you lose your phone or tablet. You should also set all of your mobile payment apps to use two-factor authentication, as discussed below.
Set up two-factor authentication
Two-factor authentication is an emerging security practice in which logging into an account from a new computer or smartphone requires not only a password, but also a unique code sent to you via email or text. This makes it exceedingly difficult for a hacker to access your bank account, email account or social media accounts from a phone or computer that is not yours. Two-factor authentication is available for Gmail, Apple ID, Yahoo Mail, PayPal and some social media sites. Additionally, many banks now offer two-factor authentication to protect your online account.
Shop on secure sites and trusted apps
If you’re going to submit your credit card number or personal information to a website, make sure that it is secure or encrypted. You can tell if a website is secure or encrypted by looking at the URL. A secure website’s URL will begin with “https” rather than simply “http,” or it will display a locked padlock icon before the “http.” If the website URL does not display these items, the site is probably not secure enough to be trusted with your credit card details.
Make sure your software and systems are up to date
Your smartphone or computer should also have the most up-to-date versions of operating systems, security software and apps. Many of the updates issued relate specifically to fixing security flaws. If there’s a Web browser you usually use for online shopping, make sure you’re using the most current version of that browser to minimize security risks.
Be cautious about emails requesting personal information
One of the most common schemes is “phishing” — sending legitimate-looking emails to fool you into sharing your Social Security, bank account or credit card numbers. These emails sometimes use the logo of a trusted company or bank, though a close look at the sender’s email address may show that the email is not really from that company or bank. Additionally, clicking on links or opening attachments in these emails may infect your computer with a virus. If you receive an unexpected or unusual email requesting personal or financial information, delete it.
The bottom line
Criminals know that consumers are busy and distracted this time of year, and they’re eager to capitalize on common privacy and security mistakes. Shop on trusted sites, be cautious when submitting credit card information and make sure to enable two-factor authentication on apps or mobile payment services. Shopping online is a fantastic convenience around the holidays, but you don’t want to let hackers turn your credit card or bank balance into a lump of coal.
Image via iStock.