Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

3 Tips to Stay Safe Shopping, Online or Off

Written by Thycotic Team

December 16th, 2014

Despite numerous data breaches we have seen among consumer companies like Target and Home Depot, we doubt that breaches will slow down any time soon. No matter where you shop, use these three tips to stay safe.

Use Credit Instead of Debit

This may sound like an irresponsible thing to do at first, but the advice here is not to max out your card– it’s to funnel transactions through your credit card instead of your debit card. Debit cards immediately withdraw funds from your bank account. Although many banks have FDIC insurance that covers fraudulent activity, if the thief uses your debit card to liquidate your account, it could take time to get that money back, which will cause major problems if you have bills that are due.

Credit cards, on the other hand, usually have a wealth of fraud protection options and require transactions to be approved. The bank can decline transactions that don’t seem normal and may freeze the account and call you to verify that you are actually making the purchases that are pending approval. A bit of financial advice, though – if you use this method, watch your credit card balance carefully and make the appropriate payments, as it can be easy to lose track of what you’ve spent. For this reason, and to make sure no one is making suspicious transactions, use online banking to check your account activity regularly.

Avoid Public Wi-Fi for Banking and Shopping

Yes, this dead horse is still being beaten – public Wi-Fi access points should not be trusted, ever. While it’s tempting to shop from the comfort of your local Dunkin Donuts on your laptop, the credit card information you send over the network could potentially be intercepted by attackers. That doesn’t mean you can’t shop with your tablet or smart phone; it is perfectly safe to use 3G/4G data to make a transaction – just be sure the site uses good practices for checkout, such as using https to exchange all sensitive information.

Why are public Wi-Fi networks unsafe? To put it in technical terms, attackers can set up a rogue access point and name the SSID to match the establishment’s public access point name. When a wireless device sees two access points with the same SSID, password, and password encryption (or, in this case, unsecured status), it will connect to the access point with the stronger signal – usually the one that is closer. The attacker is likely to be closer to your device than the access point, so your device will connect to his access point. At this point, he can redirect you to whatever sites you’re visiting, while collecting every username, password, and credit card number you send over the network. Known as a man-in-the-middle attack, this is the most practical example of how it could happen in a normal, everyday life.

Keep Receipts and Email Confirmations

Whether you’re shopping online or in the stores, it’s a good idea to keep your receipts for a few months after holiday shopping. This helps you keep track of what you’ve spent, makes returns easier, and most importantly, will allow you to identify fraudulent credit card charges by comparing your account activity to your receipts.

Note that shopping online isn’t any more or less “secure” than shopping in the store. Target’s breach affected only in-store customers because the Point of Sale (POS) machine itself was compromised. However, many breaches result from a company’s database of customer information being compromised – meaning both in-store and online customers can be at risk. Protecting your information is the company’s responsibility (legally so), and there isn’t much you can do if their database is breached. Instead, focus on the things you can control, such as monitoring your credit card activity and knowing how to contact your bank in case you notice any suspicious charges.

Safe shopping to all!