Share this...

This post first appeared in the San Jose Mercury News

This post first appeared in the San Jose Mercury News

By Larry Magid

With the holiday season upon us, a lot of people will be shopping online this year. For the most part, it’s pretty safe but there are some basic precautions worth remembering.

One risk when shopping online is to be sure you’re dealing with a legitimate merchant who is not only honest but also exercising a reasonable amount of security. One option is dealing with merchants you know. But that’s no guarantee when it comes to security.

Big names and trusted small businesses

Big names like Macys, Amazon, Target and Walmart have reputations to maintain and policies in place but — as millions of people who shopped at Target’s brick and mortar stores in 2013 learned, being big doesn’t mean they can’t suffer from data breaches. Amazon, just last week, sent some customers an email admitting “your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.”

Don’t necessarily shy away from smaller and less known merchants, who sometimes offer extraordinary customer service and unique products. Plus, you’re supporting small businesses. But if you are dealing with a business you’ve never heard of, do a little research by typing their name into a search engine or customer review site to see what people are saying about them. If they have a phone number listed, give them a call. A phone conversation gives you a lot more clues than a website.

How you pay matters

Regardless of the size of the business, use a credit card if possible or, if not, use a debit card, PayPal or some other payment service that offers fraud protection. Credit cards are best because if you do dispute a charge, the card issuer will remove it from the bill while it is being investigated. With other payment forms, you may be out-of-pocket immediately until the issue is resolved in your favor.

Be sure you’re on the legitimate website or using the official app of whatever merchant you’re patronizing. If you get an offer via email (or perhaps a “security warning”) don’t click on the link but navigate directly on their site to make sure you’re not being victimized by a “phishing scam” directing you to a rogue site. Be very careful of sites with misspellings of legitimate merchant names.

Unique, long and hard to guess passwords are your biggest protection. The longer the password the better and it should not be a name or a word in the dictionary. One trick is to think of a long phrase that’s easy to remember like I met Sally Jones at Lincoln High School in 1985. Your Yahoo password could be the first letter of each word, upper case when appropriate with a symbol and numbers plus a reminder of what site it is like ImSJaLHSi!85YH. The YH at the end stands for Yahoo. Use different letters for each site that you’ll remember and change the password every six months or so or if you have any reason to believe it may have been compromised.

An even more secure method is to use dual or multi-factor authentication. Many sites, banks and merchants offer an option that allows you to require that you verify your identity with your cell phone whenever you log in from a new device. After you type in your username and password, you’re typically sent a text message with a short code that you have to enter to access the site. It’s slightly inconvenient but adds a big level of extra security and — in most cases — is only necessary when you’re using a new device to log in. This feature is also available for most web-based email services, which is important because email is often used as a way of recovering passwords.

Also be certain the site has SSL (secure sockets layer) installed. You can tell by the presence of httpS (the S stands for secure) in the address bar. You may also see a lock icon in the lower right corner of your browser. SSL sites encrypt your data. It’s no 100 percent guarantee, but it does add an extra layer of security.

Make sure you know the company’s return policy and pay attention to the final price, including shipping and tax. Shipping and handling charges can vary widely.

As always, keep your operating system and any browsers or apps you use up-to- date. That’s helps protect you against known security flaws that have been fixed.

Brick and mortar dangers

There are also dangers associated with brick and mortar shopping. Check your credit card statements online frequently to protect against fraudulent charges and data breaches against merchants and banks. When shopping in person, watch out for pickpockets, drive and park carefully and try to relax and smile at the clerks and your fellow shoppers. In today’s hyper connected world, someone’s “Gonna find out who’s naughty or nice.”


Share this...