As consumers head to stores and online for what NRF forecasts to be a record-setting holiday shopping season, retailers are working to prevent cyber threats and ensure their customers’ transactions are safe.
In-store transactions have become more secure as retailers and other partners have invested in payment technology that makes it more difficult for credit card data to be stolen and used fraudulently. But as these point-of-sale system risks have declined, cyber criminals have focused their attention online.
Retailers of all sizes continue to make new investments to improve their cybersecurity, recognizing that it's necessary both for retaining consumer trust and their own financial bottom line. But new threats continue to emerge, many of which exploit vulnerabilities on customers’ computers and mobile devices.
Consumers and retailers must work together to have a safe and secure holiday shopping season. You can take the following simple steps to prevent cyber threats when shopping online.
Don’t use simple passwords, and don’t reuse passwords across sites.
Cyber criminals can find old, previously compromised email addresses and passwords on the dark web and use automated tools to attempt to log into customers’ accounts on other sites — and then use this access to facilitate fraudulent purchases. While many retailers have tools in place to detect and prevent these “account takeover” attacks, the best way to prevent them is by avoiding the use of simple passwords and the reuse of passwords across multiple accounts.
Make sure you’re shopping at the right website.
Cyber criminals increasingly try to fool shoppers with false web domains that look like real ecommerce websites. Be careful that you are on the actual website for the retailer you are trying to shop at — not a “domain squatting” site with a misspelled or incorrect URL.
If you mistype a URL by one character, you can inadvertently end up at a site that looks legitimate, but whose purpose is to steal information or get shoppers to engage in a fraudulent transaction. Retailers maintain efforts to get these sites taken down, but consumers also need to be aware. Don’t enter personal or financial information unless you’re certain you are on the verified and correct website.
Be careful with online shopping browser extensions or third-party shopping apps.
While many are reputable and can provide additional savings to consumers, other online shopping browser extensions could exploit customer information for malicious purposes. Do research on these browser extensions and third-party apps before installing them, and make sure you understand the risks both in terms of security and personal privacy.
Join us this summer at NRF PROTECT 2022 and learn more about cybersecurity in the retail industry.
Use multi-factor authentication.
Multi-factor authentication is a tool that requires customers to provide an extra piece of information, beyond a login or password, to access an account or complete a transaction — typically a short passcode sent by text message. This extra layer of security is a significant deterrent to potential misuse of accounts, and large and medium-sized online retailers are increasingly making MFA available for customers’ online accounts.
Maintain your devices.
Keep your computers and mobile devices updated and patched. By taking basic steps to install upgrades and patches to devices, you reduce the risk that your personal information will be compromised by malware when shopping online.
For more information on cybersecurity and the holiday shopping season, check out these resources:
- Holiday Online Shopping Guide, Cybersecurity and Infrastructure Security Agency
- Holiday Scams guidance, FBI
- “Stay Cyber Safe this Holiday Season”, New Jersey Cybersecurity Communications & Integration Cell
- “Stay Safe from Online Threats when Holiday Shopping”, Consumer Reports