Industry Trends

Secure Your Holiday Shopping

By Richard Henderson | November 24, 2014


In the United States, families will soon be traveling by plane, train and automobile to be with their loved ones to celebrate the Thanksgiving holiday. Large feasts will be prepared, football games will be viewed, and parades watched.

One other great American pastime that, to many, is just as fun and integral to their holiday is the kickoff to the holiday shopping season, which starts with Black Friday and Cyber Monday.

People are known to line up for hours and hours in the wee hours of the morning all in the hopes of scoring that killer deal on something they’ve had their eyes on for some time; others just enjoy the fervent spectacle of hundreds of other like-minded folk out there to shop ’till they drop.

But with all this exciting deal hunting, both consumers and companies need to be vigilant in making sure they do everything they can to stay safe from fraud and theft. Cyber criminals don’t take a respite from stealing your cash just because it’s a holiday.

If you’re a shopper, whether in a brick and mortar store or shopping on the Internet, there are many things you need to watch for and ways you can help minimize the threat of becoming a victim of fraud:


ATM fraud continues to be a way for criminals to make a fast buck, and there are all sorts of ways to do it. From “jackpotting" cash machines to installing malware directly on the ATM to skimming card data and recording your PIN, it’s difficult to know what to do to stay safe. If you need cash, try to avoid ATM’s that are out of the way and isolated - not only do ATM’s in these locations potentially risk you to theft from crimes like mugging, it allows criminals unrestricted and often unobserved access to the machine itself to install card skimmers and malware. It’s best if you go to a bank branch directly and use their ATMs, but even that’s not a foolproof guarantee. Skimmers have been found on all sorts of machines. Think you can spot a card skimmer? Think again. My friend and colleague Brian Krebs of Krebs on Security has posted many stories of newly-found and much improved ATM skimmers that are virtually indistinguishable from the ATM itself. Get in the habit of completely shielding the keypad from view… even your own. Enter your PIN code by feel instead of by sight. Cameras that watch the PIN pad are literally the size of a pin hole today and you may be hard pressed to notice it.


Breaches at retailers have become a sad reality in today’s world of connected systems and computerized Point of Sale kiosks. A device can become compromised without physical access to the register, and in some cases, it may take a retailer some time to detect and neutralize the breach. What can you do? If you don’t want to pay with cash, you’re going to have to use a card of some sort. Use a credit card if possible instead of your VISA or Mastercard-branded Debit card; your credit card agreement provides a much higher level of protection in case the worst happens and you become a victim of fraud. Using your debit card could very well leave you with an empty checking account for a long time if something happens. If you don’t have a credit card, consider purchasing a reloadable prepaid credit card, available almost anywhere today. Yes, there are higher fees often involved using these cards, but if you look at the cost as self-insurance, it’s not that expensive of a cost. Another idea to consider is using some of the new technologies out there that can obscure your credit card information from the retailer itself. Apple’s new and much-hyped Apple Pay system removes the credit card number from the transaction equation entirely, by providing an intermediary between the retailer and your credit card. Other tech out there exists that can help add another layer of security - Google’s Wallet application and Paypal’s in-store payment app both can help prevent you from becoming a victim of fraud.


If you’re shopping online: much like Black Friday, Cyber Monday is another opportunity for retailers, this time of the online variety, to compete for your shopping dollars by offering crazy deals, loss leaders and irresistible bargains. But much like brick and mortar shopping, you have to be careful when making those payments. Malware exists specifically for the purpose of obtaining your credit card information and then cloning your card for thieves and money mules to make a quick buck. Fake online stores that peddle counterfeit goods at too-good-to-be-true prices will just as often steal your cash as they send you that swanky new “Rallex” watch.

There are ways you can protect yourself though:

  • just like shopping at a physical retailer, use a credit card as opposed to a debit card.
  • use a credit card from a financial institution that offers either one-time use, time-limited or virtual credit card numbers.
  • always transmit any information with a retailer over SSL. Look for the https:// in the address bar of your browser and that little padlock that tells you your information is being encrypted as it’s being sent through the Internet’s tubes. It’s not foolproof, but it helps.
  • never click on a link in an email. Ever. Especially from your bank. Malware is often delivered through clicking on a link in an email and visiting a compromised website that can exploit an unmatched vulnerability on your computer. Phishing emails work in a similar fashion: by clicking on a link that takes you to a hard to detect fake site that is specifically built to get you to give up your financial information. If you get an email from your bank and you think it’s important, do one of two things: go directly to the bank’s site yourself and look for an alert or a message from the bank, or call the bank. You’re not wasting the bank’s time if you call them - they’d much rather you protect yourself and err on the side of caution as opposed to having to clean up a much larger mess after the fact.
  • Either use a “Live CD” or dedicated browser: many people may find this a lot of effort or technically outside of their skill set, but if you want to add another layer of protection to your banking and shopping online, consider using a Linux distribution via a Live CD that doesn’t actually install anything on your hard drive and only runs while the computer is turned on. The chances of malware being able to compromise you decreases by many orders of magnitude. If you can’t do that, then consider using an alternative Internet browser specifically for banking and shopping. If you’re a Mac user who typically uses Safari to surf online, download an alternative browser like Google’s Chrome or Mozilla’s Firefox and only shop and bank using that browser. Use private browsing or “incognito” mode to further protect yourself. Refrain from installing any extensions, add-ons or browser modifications on that dedicated browser. Finally, try not to shop or bank on a computer that other members of your family regularly use. When your kids install something or click on a phishing link, or your spouse gets a convincing link to confirm their bank account info, anything can happen to your computer.


Join the Discussion