In the past couple of years we’ve heard announcements from several companies who have had their databases hacked and private customer information compromised. When this happens the data breached isn’t always financial data, but nonetheless you still probably don’t want your personal information floating around out there where it can be used by a malicious hacker.
Just last week Zappos.com, an online shoe retailer announced that they had been the victim of a cyber attack, and although credit card information hadn’t been accessed, there was still plenty of private information compromised. As such they announced to customers that all passwords would be reset, and all users would have to choose a new password. They also suggested changing password information on other sites where similar passwords were used.
Not only is it a headache for the company when something like this happens, but the potential for identity theft and credit card fraud could be a huge liability for us as consumers.
So what can we do to protect ourselves from finding ourselves in a situation like this?
How To Protect Yourself When Shopping Online
There are a variety of ways that you can protect yourself from hackers, criminals and identity thieves when shopping online.
- Limit your exposure: The best way to avoid having your information compromised is to limit where you have it stored. The less places you save your information, the less databases you’ll be in and the less risk you’ll be exposed to.
- If the site looks fishy, stay away: If you’ve gone to a site and it looks a little risky to be shopping there, trust your instincts.
- Make sure you’re checking out on a secure page: When you’re checking out on an e-commerce site, make sure to look for the https:// in the url bar, instead of just http:// on the checkout pages. If the page isn’t secure, avoid entering any personal or financial information.
- Avoid public Wi-Fi or hotspots when shopping or accessing financial data: When shopping online, try to avoid entering passwords, credit card numbers or other personal information when on a public Wi-Fi access point or hotspot. Yes, it’s convenient, but it can also leave your data accessible to hackers in some cases. Also avoid financial sites like bank accounts, mint.com, adaptu.com or other aggregators. If someone gets your password for those accounts you could lose a lot of money, and you may have no recourse.
- Never give your Social Security number online: If you’re shopping on a site and they ask for your social security number, it’s probably a scam. They shouldn’t have a need to use your social. The exception may be sites like TurboTax and other tax preparation software where you need to enter your number to file taxes.
- Check your credit reports and scores: Most people these days will do some shopping online. To make sure your data isn’t being used in a negative way, make sure to check your credit reports regularly. You can get one free credit report from each of the credit agencies once a year through http://www.annualcreditreport.com. You can also check your free credit scores from free websites like Credit Karma or Credit Sesame on a regular basis. A drop in score could mean something is up.
- Use anti-virus and anti-malware software: Make sure to have a regularly updated anti-virus software installed on your computer, and make sure it is set to update on a regular basis. Also make sure that it’s actually set to scan at regular intervals. My in-laws had the anti-virus software, but never updated it or scanned – leaving them vulnerable. When I did update their system we found they had a newer virus that it took me several hours to remove.
- Use a credit or debit card with protection: When shopping online make sure to use a credit or debit card with identity theft protection of some kind – just in case. Some credit cards also offer one time use credit card numbers. Use them!
- Be careful what you click on: When you’re online use some common sense and don’t click on links when you don’t know the source of the email, social media message or e-card. All are ways that viruses are spread, so only open links from known sources.
- Use a third party payment system: Consider using a third party payment system like Paypal when buying things online to add an extra layer of protection – where your credit card information isn’t stored with the retailer.
- Use strong passwords: Make sure to use strong passwords that include random numbers, capitalized letters and symbols. Avoid using family member names, pet names or the word “password”. :)>
When it really comes down to it you just need to use a bit of common sense, follow the guidelines mentioned above and be wary of where you’re putting your personal information.
Note: If the worst case happens despite your best efforts, be prepared to follow through and know who to call in case your identity is stolen. Here’s a identity theft checklist to walk you through what steps to take next.
Have you ever had your personal information stolen or compromised? What would you have done different? What steps do you take to avoid having your information stolen?
Don’t forget that many credit cards offer 1 time use throw away numbers. This works great for shopping online – you never have to put your real number out there.
I was actually going to write about that but forgot to include it. As mentioned some banks like Citi offer one time use credit card numbers that you can use to protect against credit card theft.
Hey Peter – While it is best to use caution when accessing an aggregator in public, Adaptu as well as Mint are simply read-only meaning you can’t move money around and therefore lose it due to access to our services.
Thanks for the clarification Jenna.
Peter,
Great ideas and of course we should all incorporate, but it seems that at some point we’ll all be exposed. Dreamhost was just hacked too!
Always be on the look out for Facebook / Twitter accounts that put some some weird links that they don’t usually post. Clicking any of those can get you in trouble in a hurry.
When shopping online, make sure the site actually allows you to pay with PayPal, and doesn’t have the PayPal added to their home page to make the site seem trustworthy! I’ve seen some sites do this, and eventually try to force you to use WesternUnion, pretty much guaranteeing your loss of money without a chance of a refund.
Also, look for a contact 800 telephone number and an email address for customer feedback. Scam sites usually don’t bother to include either of these – they just want your credit card info.
Peter–Great post and great ideas. I think one of the most important things is to use a credit card for online purchases as opposed to a debit card. With a credit card, you are essentially using the credit card company’s money to make a purchase–because of that, they are much more likely to go to bat for you against any fraudulent charges. However, this is not the case with debit cards.
I’ve never heard of getting a one-time use number from a credit card but will definitely look into it. Great advice.
Citi Platinum MasterCard allows you to create garbage proxy numbers to make purchases. It’s another approach.
I had my paypal and gmail account compromised a year ago. The scammer forwarded all new email to a third party account and deleted the new emails in my inbox. It took me a few days to realize that something was up since I wasn’t getting any new email/spam each day. The scammer ended up buying 2 ‘used’ iphones and next day overnight shipping them to a house. Paypal actually flagged the transaction as suspicious as the seller was sending an item to an unconfirmed address via overnight shipping. In the end I ended up getting all my money back from paypal. It only took 3 weeks for it all to get resolved. And I learned a thing or two about good password habits.
I hate to say this, but most of this advice is general common sense.
“Use a credit or debit card with protection”? Since when have there been cards without chargeback or dispute processes available?
Use PayPal? Really? Have you not heard of the many horror stories involving them?
It is too bad that many commercial websites don’t give you the option to NOT store your data.