‘Tis the season to lose your identity online. As Internet sales become a bigger part of holiday shopping, the risk to your identity and financial information also grows.
Online sales are forecast to increase between 6 percent and 8 percent this holiday season to as much as $105 billion, or almost 17 percent of all holiday sales in November and December. Shoppers say they expect to do half of their holiday shopping, either browsing or buying, online.
But four out of five retailer websites don’t meet the minimum secure password threshold, and almost a third accept the 10 most common passwords, including “password” itself.
That doesn’t mean you should avoid online shopping altogether. Instead, here are five ways to safeguard your identity while you shop, according to Marc Boroditsky, vice president and general manager of Authy, a developer of two-factor authentication methods.
1. Change your passwords on all sites where you regularly shop or bank.
“It’s reasonably likely that your account names and passwords are already in existing databases,” Boroditsky says. More than 176 million records have been exposed already this year through database breaches.
Passwords should include uppercase and lowercase letters, numbers and punctuations. The word should not be in the dictionary or a name of a place. The trendy way to generate a password is to use phrases and swap out letters for numbers and punctuations. “You want one as random and as complex as possible,” he says.
2. Always turn on two-factor authentication.
In addition to username and password, two-factor authentication offers another level of security to complete the sign-on process, such as entering a code sent to your email or phone. Start with Amazon, says Boroditsky, which rolled out two-factor authentication this month. “It’s a great place to start, since Amazon is a big target,” he says.
3. Know who you’re buying from.
When visiting a retailer’s website, type the name into the URL line carefully or select the top result from a Google search. Boroditsky says many spoof versions of popular websites exist to capture your information. These phony sites often have URLs that are one letter or number off from the real version and take advantage of people who enter misspelled names. Also, look for the “https” in the URL, which indicates a secure interaction, he says.
4. Don’t respond to email offers that look too good to be true.
Don’t click on links or fill out forms in emails to get to an once-in-a-lifetime deal. Most likely, it’s just bait for thieves trying to get your data. “It’s one of the biggest attack methods out there,” says Boroditsky. If you think the deal may be legit, visit the store’s website to verify its existence.
5. Monitor your credit card and debit card transactions.
Don’t wait for the statement showing your holiday purchases. Regularly monitor your account for any suspicious transactions, no matter how small they seem. Thieves will first test a stolen card or card information by making a small transaction, Boroditsky says. If it works, they will move onto larger and more damaging purchases.