Happy Hacking-Oops! Holidays!

It’s THAT time of year again!

Shopping season has begun, and cybercriminals know it.  What can you do to protect yourself (and your money) this holiday season?

Brick and Mortar Stores

We all remember the dreaded Target breach.  Everyone and their mother had shopped for the holiday season at Target that year, and over 40 million of us had our credit card information compromised, not to mention the 70 million of us who had other personal information stolen.  Point-of-Sale malware has been everywhere since then.  Short of using cash for every transaction, what can we do?

For starters, use a service like Paypal, GoogleWallet, or Prepaid Debit cards.  These services only allow money that has been transferred in to an account to be spent.  (It’s not a bad way to budget either!)  This way, if someone gets a hold of the card numbers, it isn’t going to drain your bank account. Some of these services, like Paypal and GoogleWallet, are still connected directly to your bank account, but can be set up to not pull any more money than what you’ve specified can be taken.  It provides an extra layer of protection.

If you happen to be using a Debit/Credit card, when the cashier asks you if you want it to be run as Debit or Credit, pick Credit!  Most debit cards can be run as either, but when you run it as a debit card, you have to put in your PIN number.  Not only are there a lot of people around you, but if the point-of-sale system you’re using has malware on it, it now has your PIN.  This makes it easier to get into your bank account.  Plus, when you make a debit transaction, money is pulled from your bank immediately.  When you make a credit transaction, it takes a day or two.  If an attacker uses your card as credit after they’ve stolen it, the bank has time to stop the transaction before it pulls your money out.

Shopping Online

Using payment services like Paypal and Google Wallet apply here as well, for the same reasons you should use them in actual stores.  There is an additional security option online: Some credit card companies offer one time use numbers for online shopping.  You should definitely take advantage of that protection! Check with your provider to see if it’s available.

Another important tip: Shop at home. Do not shop on public wifi.  It may seem festive to go to your local coffee shop and spend a couple of hours surfing the web for gifts, but don’t do it!  If you suddenly remember that you forgot to buy little So-and-so a gift, do not hop on your phone while in line for lunch to buy it.  Wait until you’re home!  Public wifi is notoriously unsafe.  The fact that you can hop on to it so easily means that anyone can.  Not everyone has the best intentions.  Some of them are just waiting for you to hop on, so that they can steal your information or take over your device. BIG no-no.

When shopping online, make sure to only shop at sites that use “HTTPS”.  HTTPS signals that the pages, and transactions on them, are encrypted.  If they aren’t marked with that S, do not ever give them any information.

Also, make sure that you only shop on sites that you know and trust, or are at least large companies that you recognize.  A lot of sites pop up around the holidays claiming to have great deals at this random shop that you’ve never heard of.  How do you know this isn’t a fake site set up to steal your information?  You don’t, and this is hunting season for malicious people.  Just avoid it.

If you think your credit card information has been compromised, contact your company immediately and have them freeze your card.  It’s not worth waiting around to see if you’re right or not.  

While we can’t possibly guarantee that your shopping experience this year will be 100% safe, hopefully our tips can at least help ease your mind to some degree.

Happy Shopping Season!


For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.


Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *