Americans are doing more of just about everything online these days, and holiday shopping is no exception. More than 70% of Americans plan to make most of their holiday purchases online this year, compared with 51% in 2019, according to a recent survey from CreditCards.com.
And while perusing potential presents in your pajamas may sound more relaxing than braving the crowds at Black Friday doorbusters, online shopping comes with cybersecurity risks that data shows you're likely not prepared for. A recent report from Bankrate.com found that a whopping 91% of U.S. adults are putting their personal data at risk.
If you're planning on doing the bulk of your shopping online this year, follow these steps to make sure you're protecting your data from fraudsters.
Among risky online consumer behaviors, password-related issues are by far the most common: A full 80% of respondents in Bankrate's survey say they reuse online passwords and 45% indicate they've saved passwords on their computer or phone.
Ted Rossman, an industry analyst at Bankrate, cites the 2018 data breach at Marriott, which exposed millions of customers' credit card and passport numbers, as an example of how things can go wrong. "If you're a Marriott customer, you're not happy about the breach," he says. "But if your Marriott password is the same as your bank account password, now you have a bigger problem."
Think you might have trouble remembering passwords for dozens of accounts? "Let technology do it for you," says Rossman. He recommends using a free password manager, such as Dashlane or LastPass to ensure that all of your passwords are unique and secure. Both services will assign encrypted passwords for all of your accounts and securely store your credit card and shipping information. You just have to remember one "master" password.
If you're shopping online at well-known, trusted retailers, there's less of a chance you're compromising your data, says Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse. If you're dealing with an unfamiliar merchant, "it would be a good idea to check the company out using the Better Business Bureau's website, or even on Yelp," he says.
To reduce the risk of your information being stolen, make sure the site you're on is encrypted, he adds. Encrypted websites may appear with a padlock icon in the URL window, depending on your browser and the URL will start with "https:" rather than "http:."
Video by David Fang
Be skeptical if a vendor requests payment in a nontraditional format, such as a peer-to-peer payment service, Stephens says. "Make sure you read the payment platform's terms and conditions," he says. "Many will warn you, in some fashion, to make sure you actually know the recipient of the payment."
That matters because, "once you authorize a payment, it may not be able to be reversed."
Say someone commits fraud with one of your cards. You're better protected with a credit card than with a debit card. If someone makes unauthorized purchases with your credit card, your liability is limited to just $50 under federal regulations. The same is true of debit cards, but only if you notify your bank within two business days of learning of the fraud; otherwise you could be on the hook for $500 or more.
In the case of disputed charges, your credit card company is likely to wipe the charge away immediately, says Rossman. But in the case of a longer dispute, "with a credit card it's the bank's money," he says. "Getting money back on your debit card might take two, three, four weeks."
If numerous data breaches at retailers have you worried about protecting your identity, consider freezing your credit. Doing so makes your credit reports invisible to lenders, who, in turn, won't extend you (or anyone posing as you) a line of credit. "Freezing your credit is something I wish everyone would do," says Rossman. "It prevents bad guys from opening accounts in your name."
You can freeze your credit by logging on to the websites of the three major credit bureaus: Equifax, Experian, and TransUnion. "Freezing my credit at all three took me 10 minutes altogether," Rossman says.
If a full freeze sounds extreme, regularly monitor your credit reports for activity that could potentially damage your credit, such as late payments that you thought you made on time or activity from accounts that don't belong to you.
You can receive a copy of your report from each credit bureau once a year at annualcreditreport.com.
Video by Ian Wolsten
With holiday shopping dollars shifting online, scamsters will want a piece of the action, often through a form of fraud called phishing, in which the victim receives a fake email linking to a site asking their personal information. "People attempting to defraud you will cast a wide net," says Stephens, adding that many of the fake emails will be designed to look like they're coming from a major shipper, such as FedEx or UPS.
"Chances that you purchased something from a specific company are low. But there's a very good chance that you're expecting a delivery," he says.
Major red flags include misspellings or links that reveal long strings of garbled code when you hover your mouse over them, says Rossman, adding that if you're unsure whether an email that looks like it's from a shipper, your bank, or a popular retailer is legit, log in to the website in question using the URL that you know or call their corporate number. "If something doesn't smell right, be suspicious," he says.
More from Grow: