Shopping online this holiday season could leave you with your identity stolen, or at least an expensive surprise when a thief charges a ticket to Fiji on your credit card. Swearing off online shopping isn’t necessary, though. You just need some simple steps to protect yourself from online fraud, which ticks up this time of year as more people shop.
“There’s always a big spike [in fraud] around the holidays,” Paige Hanson, chief of identity education at LifeLock, an identity-protection services firm, told Live Science.
And online seems the place to be for fraudsters: Chris Uriarte, chief strategy and payments officer at Vesta, a fraud-detection firm, said more fraud has moved online because U.S. credit card companies have switched from magnetic strips to chip-equipped cards.
“It used to be you could counterfeit them by copying the magnetic strip,” Uriarte said. “You could get a machine online to do it for $50.” The chips make counterfeiting cards much harder, Uriarte said. This situation gives more incentive for online fraud, which doesn’t require the physical card.
Stealing identities and taking others’ credit cards are the most common types of fraud. The U.S. Department of Justice, via its Bureau of Justice Statistics, reported that in 2014 some 17.6 million people experienced some form of identity theft, and that most of that involved bank accounts (38 percent of the time) or credit card accounts (42 percent).
Two out of three identity theft victims lost money, either directly or indirectly (as when a fraudster opens up an account I their name). The average amount lost was $1,341, with a median of $300. The Department of Justice report notes that most people find out about fraud when their financial institution calls.
Scams called “fast fraud,” which take advantage of shoppers’ desire for speedy delivery, may drive a larger portion of fraudulent transactions, according to a report by Vesta. When Amazon wants to deliver something in hours, there may not be time to vet the accounts or check that someone actually ordered something, the report said. Meanwhile, the fraudster gets the goods delivered, and sells them on the secondary market.
So here are a few common-sense tips to make your online shopping a little safer:
1. Strong passwords and phrases
Using a hack-free password may sound elementary. Many people, however, continue to use passwords that are too easy for attackers to figure out. According to security firm SplashData, which makes password-management software, the most popular passwords in 2014 were “123456,” “password” and “12345.” Guessing those requires no knowledge on the part of the hacker. [The 10 Best Mobile Password Managers]
Hackers guess most passwords, in fact, using dictionary attacks and “rainbow tables.” A dictionary attack just uses words from the dictionary (ordered by how commonly they occur as passwords). A rainbow table is a dictionary that’s been “hashed,” the words run through an algorithm to scramble them. The hacker uses the table of words to guess a password. (Brute-force attacks, which go through the entire set of possibilities on the keyboard, are a lot more sophisticated than what the average thief will try.)
To make a strong password, use some special characters, numbers or, better yet, a phrase. Phrases like “Iamthegr8est” are harder for a dictionary attack to break. Also, using different passwords for different sites is never a bad idea. For some people, this can be daunting, but there are apps that exist to manage the passwords, and as an added bonus, they can generate random passwords that no hacker is likely to hit upon. Morgan Slain, CEO of SplashData, noted that one should never assume the data on any site is safe. “Any site will be hacked,” Slain said. So don’t leave all of your accounts open to a single password, he said.
2. Two keys
Hanson noted another good thing to have is 2-factor authentication. This is when a site sends a text to your phone to verify that it is in fact you logging in, on the assumption that a fraudster is less likely to have both a computer and your phone at once.
Read More: Here