15 Online Shopping and Banking Security Tips In Time for The Holidays

The experts weigh in with 15 tips on how to stay safe while banking and shopping online during the holidays.
Financial Expert
Managing Editor

Halloween has come and gone, and now it’s Christmas everywhere. Retailers are setting up displays and getting ready roll out their best sales. Unfortunately, hackers and thieves are also gearing up to do big business this time of year.

“Fraudsters definitely increase efforts around the holidays,” says David Ackley, senior vice president of the senior information and corporate security office for Camden National Bank. “People can be more susceptible to phishing scams, especially emails with malicious links for things like checking the status of an online purchase [or] tracking shipping of a package.”

MoneyRates talked to Ackley and online security experts Tony Anscombe, senior security evangelist for AVG Technologies, and Assad Lazarus, senior vice president of product and customer experience at Equifax, for their suggestions on how consumers can keep their finances safe.

Here are 15 expert tips for online shopping and banking this holiday season:

1. Use a strong password for every account

Passwords are on the front lines when it comes to protecting accounts against hackers, and a strong password is one that includes both capital and lower case letters as well as numbers and special characters.

Many banks and retailers insist their users have strong passwords, but even if one isn’t required, it’s in your best interest to use one. One simple way to create a strong password is to use a sentence, with capitalization and punctuation, rather than a word or phrase.

2. Don’t use the same password everywhere

Even strong passwords can be compromised so you want to be sure to use different passwords for all your accounts.

“That way, if one account gets breached, fraudsters don’t get the keys to the rest of your online profiles,” Ackley says.

Rather than memorizing all those passwords, you could record them offline in a notebook kept in a secure location, or you could use an online password manager such as RoboForm or LastPass.

3. Install anti-virus protection on your computer and phone

Anscombe says anti-virus and malware protection is essential for both phones and computers nowadays, particularly because users typically have no idea their device has been compromised.

“Now, [viruses] get on devices and hide in the background,” Anscombe says. “If your phone is infected, chances are you’ll never know.”

Unfortunately, some anti-virus apps are actually created by scammers to give them access to your phone. It’s a problem so prevalent that Apple eliminated the anti-virus category from its app store.

Do your research before downloading anything and stick to reputable companies such as AVG or Avast! Mobile Security.

4. Avoid public computers for banking and shopping

Who knows who’s been on the computer at the library or the Internet café before you? They could have installed a program to log keystrokes and transmit your log-in information.

Rather than risk having your accounts compromised, limit your use of public, shared computers to activities such as surfing the Web, reading the news or catching up on your favorite blogs.

5. Set up a VPN if you use public WiFi

Using your own device on a public wifi system can also be a risky proposition.

“A WiFi connection, especially in a public domain, increases your risk of identity theft,” Lazarus says.

You can reduce your risk by installing a VPN – short for virtual private network – to encrypt data sent over a public system. Some VPNs are free, but many have a monthly charge. They include options such as AVG’s cheekily named Hide My Ass! as well as services with names, like PureVPN and Hotspot Shield Elite, which won’t make your grandmother blush.

6. Skip the banking and shopping entirely until you get home

Your safest bet may to simply skip shopping and banking until you get home.

Consider that researchers at Syracuse University found attackers don’t even need to see your phone screen to figure out what you’re typing. By discretely recording people logging into their phones, Professor Vir Phoha and his team were able to analyze people’s finger movements and correctly guess a PIN on the first try 50 percent of the time. After three tries, their success rate jumped to 85 percent.

7. Only shop at reputable online stores

You don’t have to buy everything from Amazon, but you should exercise caution before buying from unknown websites. Do your research to determine whether the site is legitimate and has a history of happy customers.

8. Think twice about buying from overseas

Shoppers may want to reconsider buying from an overseas seller.

“Your legal rights might change if the seller is outside the country,” Lazarus says.

That may not pose too much of a problem if you buy a $20 stocking stuffer, but it could be an issue if you buy a big ticket item that ends up being defective.

9. Look for a secure connection before sending data

Regardless of whether you’re banking or shopping, look for a secure connection before entering your log-in or credit card information.

You’ll know a site is secure and your information is encrypted if the URL starts with an “https” instead of “http.” In addition, many browsers will display a lock by the Web address to indicate a site has been verified as secure.

10. Always pay with a credit card

While debit cards offer fraud protection, credit cards are the better choice for online shopping. That’s because fraudulent charges made to a credit card don’t come out of your pocket.

A thief could wipe out your checking account if they gain access to your debit card. That could leave you penniless while you sort out the mess with your financial institution.

11. Look into tokenized payment methods

Even better than a credit card is a tokenized payment, says Anscombe. Currently, most tokenized payments are made through mobile payment methods such as Apple Pay or Google Wallet. Currently, these services are mainly used in stores, but some websites accept them as well.

“It never sends your transaction data,” Anscombe says.

Instead, these systems give merchants a token code they can use to release the payment from your financial institution. As a result, the retailer never sees your card number or other payment data.

“That’s actually safer than walking into a shop and using your card,” Anscombe says.

12. Never store your information on a retailer’s site

Both Anscombe and Lazarus say it’s a mistake to allow companies to record your credit card number for future use. While it may be inconvenient to type in your number every time you check out, it keeps your data safe in case the retailer’s server is compromised in the future.

“When you check out as a guest, you still get the emails with the deals and coupons so you’re not missing out,” Anscombe says to reassure those who may think creating an account is the only way to be notified of sales.

13. Be wary of phishing scams in your inbox

Phishing often involves emails that appear to come from a bank or retailer and they may say your account has been limited or fraudulent activity has been detected. Recipients are directed to click a link and enter their account data to confirm their order or unblock their account. However, the link actually takes people to a fake website where their personal information is collected.

“The best prevention is to avoid clicking links in emails that are not expected or seem out of character,” Ackley says.

If you are concerned your account may actually need attention, don’t click the link in the email. Instead, type the URL for the website directly into your browser address.

14. Use fraud protection tools available

Banks and card issuers are typically on the hook for absorbing the cost of fraud so they are understandably interested in keeping their customer’s data safe.

Ackley says people can ask their banks about using secure tokens to authenticate their account log-ins. Meanwhile, card issuers may have a number of notification options available to let their customers know when a card has been used. For example, American Express has five different fraud alert options that will notify people when their cards have been used for an online or phone purchase or a foreign transaction, among other things.

Finally, credit bureaus such as Equifax and companies such as LifeLock offer credit monitoring services that can detect fraud. These come at a price but offer additional peace of mind.

15. Keep gift searches off a family computer

Anscombe has one final, bonus tip to share. It’s not one that will prevent hackers from accessing your account, but it may help keep a wrap on holiday surprises. He advises people avoid using the family computer for gift searches.

Online advertising often uses your browsing history to customize the ads you see. That’s why the item you were just looking at on Amazon suddenly appears in an ad box on Facebook.

“If you’re searching for a PlayStation for Christmas, then your kids will know they’re getting a PlayStation for Christmas [thanks to the ads],” Anscombe says.

And ruining a holiday surprise may be the biggest crime of all.

Frequently Asked Questions

Q: I’m interested in using my iPhone so I can access my bank account anytime, anywhere. However, before I start looking into specific banks and apps which best facilitate mobile banking, I have a fundamental question to ask: are there security issues with mobile banking?

A: Mobile banking is a hot new development in the banking world, with more banks providing mobile services, more apps becoming available, and more customers participating. Unfortunately, with all this rapid adoption comes a less desirable development — more security breaches.

According to a recent report by Javelin Strategy & Research, the proliferation of smartphones like the iPhone has sparked a rise in mobile banking. Smartphone users are the most likely users of mobile banking services, and they currently represent one-third of all mobile phone users. 

Already, large banks represent tempting targets for cyber criminals. According to the Javelin report, 65% of national banks have been the target of some form of online attack. These attacks can range from the introduction of malicious software to disable banking systems, to misappropriation of sensitive financial data.

Smartphones can create a new area of vulnerability, especially when the user accesses banking services via a WiFi network. This makes information susceptible to interception by third parties. One possible solution is device-specific encoding, which would verify whether a call was coming from the bank customer’s phone. This would be harder to falsify than passwords and other traditional security measures — unless, of course, someone gets their hands on your phone.

In summary, security should at least be part of the conversation before you dive into mobile banking. Along with researching nifty apps and mobile-friendly services, compare the security measures different banks would take to protect your information and your money.


More from MoneyRates.com:

7 holiday budget tips to avoid a spending hangover in January

5 ways to holiday-proof your budget today

5 reasons you’ll blow your holiday budget again

Maryalene LaPonsie is a Michigan-based freelance writer specializing in education, personal finance and retirement topics. She is a weekly contributor to U.S. News & World Report, and her work has been featured on MoneyTalksNews, MSN, FOX Business, CBS News and elsewhere online. Prior to writing full-time, Maryalene spent 13 years working in the Michigan Legislature as a legislative staff member.