As Black Friday and Cyber Monday deals pour in from virtually every major retailer, many of us are in heavy-duty shopping mode. According to data from RetailMeNot, we’re set to spend an average of $803 from Thursday through Monday alone, with about half of these transactions done online.
Personally, I’ll probably be doing close to all of my holiday shopping online. It’s easier and more convenient for me on just about every level: I’m less tempted by impulse purchases so I can better stick to my budget, I can easily search coupon codes and cash back bonuses using browser extensions like Wikibuy and EBates, and everything can get shipped directly to New York, where I’ll be spending Christmas, instead of hauling it myself across the country in my cramped suitcase.
Retail data breaches are spiking, happening as often as once a week
Despite all its perks, shopping online has its potential hazards, the most serious of them being data breaches. In such instances, your bank account or credit card information can be exposed and compromised by hackers.
Data breaches in the retail sector occur much more than we might think.
A recent report from Thales eSecurity found that in 2017, 75 percent of U.S retailers experienced a breach (up from 52 percent last year), while only 26 percent reported implementing encryption, which can help prevent breaches.
“I'd say at least once a week a company runs into this problem,” says Brian Johnson, CEO of DivvyCloud, a policy-driven automation of cloud security and compliance company. “But often companies don't even know it's happening.”
Why the surge of breaches? It often comes down to quite innocent mistakes on behalf of retailers using cloud storage to hold consumer data.
“Retailers track so much more data about [consumer activity] to remain more competitive, and these cloud environments have a million different configuration options,” says Johnson. “You can put a file up and tweak it so granularly [with the intention] or just one person on the other side of the world accessing it — but accidentally make it public.”
Even when a breach is repaired, the data remains at risk
This is a mistake that Johnson sees happening more and more, and unfortunately it cannot be undone. Even if a company quickly realizes the error and seals off the data from the public, there are hacker systems perpetually on the prowl, ready to pounce the second they detect a possible leak.
“Attackers can basically build bots to constantly be searching — literally just scanning — for that one mistake,” says Johnson. “When that system finds it, it takes advantage of it. [Past research] of mine shows that unsecured data is discovered [by hacker systems] as soon 20 minutes after it is exposed.”
It’s a frightening problem that Johnson notes can’t be solved from a consumer standpoint. Companies need to be investing more in security software, a point also asserted in Thales’ report.
Still, there are measures we can take to protect our data when making transactions online. We’ve rounded up a list of expert tips consumers should consider all year long.
Get the better newsletter.
Ditch debit cards. Only shop with credit cards secure payment systems.
I learned the hard way to never use my debit account for making purchases online. Once upon a time, I gave my debit info to make a purchase on Zappos. Some three years after making any purchase on the site, I went to check my bank statements and saw hundreds of dollars had been spent at Zappos. After all those years, someone (or some bot) hacked into that antiquated account and went to town.
Though my bank fortunately reimbursed me, I had to wait a couple of weeks and was without a debit card for about the same amount of time. Now I only use PayPal, and link to a single credit card for online shopping (which also helps me stay on budget, since all non-essential spending is done on that card).
Ian McClarty, president & CEO, PhoenixNAP, a Global IT services provider, recommends using ApplePay, AndroidPay or PayPal.
Get a virtual one-time credit card number from your bank
McLarty also recommends getting a one-time credit card number from your bank.“This prevents your primary card from getting compromised, saving you a lot of hassle changing card numbers, moving recurring bills, etc.” says McLarty.
I had no idea such a thing existed until McLarty brought it up, and now I’m absolutely consulting my credit card company about this so I can more confidently go crazy on Cyber Monday.
“Several card issuers offer virtual card numbers which add an additional layer of security for online purchases, keeping your actual credit card numbers safe from any retail data breaches, and especially useful for making purchases from web sites that users don’t 100 percent trust,” says Brittney Mayer, credit strategist at Cardrates.com.
Use a card with a low limit
“Using a low limit credit card for online purchases that’s not typically used for recurring payments is one way to protect yourself this holiday season,” notes Gates Marshall, director, cyber services at CompliancePoint. “[If] the card is compromised, the extent of the damage will be lessened.”
Bonus tip: This can also be helpful if you’re working with a budget and want to ensure you don’t overspend.
Avoid buying on public computers
“As much is it might be tempting to enjoy a hot latte and do all of your holiday shopping from your favorite coffee shop, avoid using public Wi-Fi while doing any shopping,” advises Tom Kellermann, chief cybersecurity officer at Carbon Black. “With public Wi-Fi anyone with some computer acumen can view what you are browsing and steal your personal information.”
Use a VPN
Using a virtual private network (VPN) enhances your privacy by masking your IP address, and essentially, throwing off prospective hackers to your location (you can be in California, for instance, but choose to appear to be in Amsterdam). This is a tool that was traditionally used by corporations to add protection to sensitive data, but they’re now quite popular with consumers.
“Using a VPN for shopping online will secure your connection and encrypt any personal data/financial info you are sharing with the retailer, which is especially important if you’re shopping on the go and using public wifi on a smartphone or other device,” says Harold Li, vice president at ExpressVPN. “A VPN also hides your information from the internet service provider, restricting them from building a profile of your shopping habits.”
You can download VPNs for free, but I recommend using one that you pay for annually (I use PrivateInternetAccess, which costs about $40 a year) so that you have access to customer service and security updates.
Update your software
“If you’re looking to take your cyber self-defense to the next level this holiday shopping season, make updates to all software on your computer [and that you’re] using the latest version of your browser (Firefox is a great option),” adds Kellerman.
Practice ‘good password hygiene’
Richard Bird, chief customer information officer at Ping Identity, reminds all consumers to practice “good password hygiene”. This means changing your passwords often and creating ones that can’t be easily hacked.
“The best password is a series of logical words strung together that also encompass length; for example, ‘horsesfencefieldgrass’,” says Bird. “These make for more complex passwords that are easy to remember, but more difficult to crack. Stay away from using the names of your kids, spouse, pets and birthdates. You may use the same password for Facebook and Instagram, but don’t use that same password for important accounts like your banks or email. Make sure those important accounts have secure and unique passwords.”
HOLIDAY SURVIVAL GUIDE
Want more tips like these? NBC News BETTER is obsessed with finding easier, healthier and smarter ways to live. Sign up for our newsletter and follow us on Facebook, Twitter and Instagram.