As consumers proceed full force into the online shopping season, it’s important to remember that good-hearted, upstanding citizens won’t be the only ones filling their shopping cart. As cybercriminals prepare to trade massive scores of PII (personally identifiable information) for cash in the “Underground Economy”, it’s important you recognize the risks and take steps necessary to protect your identity.
Symantec’s report on cybercrime reveals the volume and lucrativeness of identity theft.
- Credit cards, the hottest commodity, account for nearly 33% of all illegal transactions and produce approximately $5.3 billion in revenue each year. Credit card numbers fetch between $0.10 to $25 per card, so compromising as many accounts as possible motivates thieves in this category.
- Stolen financial accounts, the next most lucrative target, produce approximately $1.7 billion in revenue (20% of the total volume). Historically, stolen bank accounts have carried an average balance of $40,000 and sold for $10 and $1,000 each.
Crafty, sneaky, and increasingly sophisticated hacker techniques make it difficult to detect schemes, but (re)educating yourself on the risks and acting on protective measures will help prevent identity theft from ruining your holiday season.
#1 Check Statements Daily and Monitor Credit – Review transactions flowing thru your bank and credit card accounts daily. Detecting and reporting fraud or identify theft fast will “stop the bleeding” and increase the chances for a complete financial recovery. Federal law provides consumers one free copy of their credit report (from each of the reporting bureaus) every year. Toward the end of the middle or end of the holiday shopping season may be a strategic time to exercise your right. Contact Experian, TransUnion, and Equifax annually.
#2 Implement Password Confidentiality and Strength – Stolen passwords contribute a great deal to identity theft and security breaches taking place online. Password security seems so simple and obvious, but the recent incident with Hotmail shows that consumers are not following basic guidelines for safety and much work and education remains to be done. So, here are the top password guidelines (AGAIN!)
- Don’t share your password with anyone.
- Change passwords often.
- Set a different, strong password for every website you visit. For example, Twitter should not have the same PW as your bank account or email, etc.
- Strong passwords include 8 characters and a mix of symbols, numbers and letters.
- Finally, a service like One Password can help make the task of implementing good password safety more manageable.
#3 Use Credit, Not Debit – In general, credit cards provide higher protection against unauthorized charges than debit cards. Also, credit cards are “safer” for online shopping because they are not linked directly to a bank account. Whether you’re using a credit or debit card account to make a purchase, NEVER transmit your credit card number via email. EVER. (Believe it or not, this still happens. We have proof.)
For maximum security forego using personal banking accounts altogether. Use a Single Use Credit Card or instore pickup as a shipping options when available.
#4 Avoid Unfamiliar Sites, Monitor URLs, Keep a Paper Trail – When shopping online, you never really know from whom you’re making a purchase. Sticking with familiar and reputable retailers helps reduce the chance for identity theft. If you’re determined to make a purchase from a less popular site, look for the privacy policy. If it doesn’t make sense or is missing altogether, consider taking your business somewhere else.
- Always enter URLs directly into the browser address bar instead of clicking on an ad link you see online or receive via email.
- Monitor the URL in your browser’s address bar throughout the purchase. If it appears you’ve been redirected to an unfamiliar place, exit immediately.
- Look for https:// (not just http://) EVERY time you are prompted to enter information online.
- Be overly cautious of any form asking for social security numbers.
- Don’t buy from retailers that require you to fax or email payment details.
- Keep a .pdf or hard copy of your purchase receipt. Don’t rely on the retailer to email a copy.
#5 Patch, A Fancy Word for Installing Updates – Keeping your operating system and browser updated with the latest version is critical to protecting your identity online. Installing anti-virus software, anti-spyware software, and a firewall provide an added layer of protection, but having these systems installed is only half the battle. If you don’t take action when the anti-virus monitor flags a suspicious file, you’re missing the point and putting yourself at risk for cybercrime. Follow instructions and delete problem files or take your computer to a repair professional that can help you diagnose and treat the breach.
#6 Properly Dispose of Old Computers and Mobile Devices – Electronics are high atop many holiday wish (and shopping) lists for 2009. If you’re lucky enough to receive an iMac, ASUS Seashell PC, or any of Yahoo!’s top electronic gifts this holiday season, take precautions to properly dispose of any media on the soon-to-be-discarded, already-forgotten, “ancient” model it’s replacing. Utility programs designed to “wipe” your hard drive are readily available and reasonably priced. Data wipes are sufficient for most cases, but if your computer contains confidential, highly sensitive information you may want to consider removing the hard drive and physically destroying it.
#7 Control Data Storage and Backup Offsite Daily - All the tips and recommendations we’ve made are intended to keep you safe from cyber theft this shopping season, but they’re not infallible. Should malware wipe out your hard drive or corrupt important files, you’ll be glad you opted for inexpensive and comprehensive online backup ahead of time. Offsite backup should take place daily (at minimum), and all files should be encrypted and stored offsite.
#8 Report Suspected Fraud or Actual Identity Theft Immediately – There are several resources available to help if your identity is breached or if you suspect fraud has taken place.
- Attorney General’s Office
- Federal Trade Commission / Consumer Protection Agency
- Better Business Bureau
It may feel like you will never find the time to implement these safe cyber shopping recommendations, but when it comes to protecting your PII an ounce of prevention equates to more than a pound of cure. The hour or two you’ll invest in proactively preventing a cyber attack on your identity is nothing compared to the time and frustration you’ll endure recovering from identity fraud.
This entry was posted on Thursday, November 19th, 2009 at 12:01 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
