Black Friday and Cyber Monday are less than a week away and the sales have already begun. As people are hunting for the best deal on that new TV, they often forget about security entirely. So what should we all be worried about when buying items this holiday season and what can we do to stay safe?
Most people will buy items from physical stores as well as shop online. Here’s a few tips people can remember when shopping this holiday season.
Brick & Mortar Shopping
At physical retail locations, the safest method of payment by far is cash. Cash can’t be hacked; people can’t steal your physical cash using a phone. Walking around with thousands of dollars of cash can be impractical for a variety of reasons and might pose some personal safety concerns however. The good news is there are two great ways to pay for things at retail locations and still stay safe.
- First: use your chipped credit card. Mag stripe cards are notorious for being breached. Your credit card info is stored on the mag stripe, so if anyone can see that transaction or swipe your card they could potentially steal your card info. The chip on your card eliminates that risk by setting up a one-time token between the point of sale machine and your credit company. This token can only be used once, so if anyone is looking at the transaction along the way, that token is useless to them. Consumers need to make sure they’re using the chip reader though, as cards still have a mag stripe as well as the chip. Some retail locations are still behind the times and are only accepting mag stripe transactions. Be absolutely sure you’re only using the chip reader, which requires that you physically have to insert your card into the terminal.
- The second safe method of payment is to use a service like Samsung Pay, Android Pay or Apple Pay. These work very much the same way as the chip, by setting up a one-time token which is only valid for that transaction.
I’d also recommend people only use a credit card for purchases if possible. If for whatever reason you credit card info is stolen, it’s much easier to dispute charges on a credit card. Debit cards take out your real money, which means you’ll be out those funds until you can prove those transactions weren’t yours.
When it comes to purchases online, there’s even more risk to purchasing items. First, you need to make sure the site is sending your credit information over an encrypted connection. Always ensure https is being used on any transaction. Once you ensure the connection is encrypted, we need to think about which payment option is the safest. Traditionally retailers have asked for credit card numbers, expiration dates and CSV number. This is just like swiping your mag stripe at a retail location. Your card information is now stored and if a breach occurs, hackers can obtain this info and purchase items on your cards. The far safer way is to use a service like PayPal or Venmo. These services pay for items on your behalf, so instead of paying the retailer, you’re basically paying PayPal who pays the retailer. This way the retailer never sees your credit card info. Only PayPal has your credit information. You’re taking the risk down from many online retailers who have your credit information, to just PayPal. It’s far safer and more secure to pay using services like these then typing in your credit card info.
Additionally, there are services like Verified by Visa, which allow you to setup a password for transactions. Any online retailer that supports Verified by Visa will take your payment, and then ask for your password to confirm the payment. The drawback here is that not all sites support Verified by Visa which means you’re still put at risk on a lot of websites.
I hope everyone found this advice helpful and I wish everyone a great holiday week and a safe shopping experience!
The post Tips for Safe Shopping in Stores or Online During the Holiday Season appeared first on WhiteHat Security.
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteHat Security authored by Ryan O'Leary. Read the original post at: http://feedproxy.google.com/~r/WhitehatSecurityBlog/~3/A6-YOh8zdac/