4 ways consumers can securely shop online this holiday season

Simple steps to prevent cyber threats when shopping online
VP, Retail Technology & Cybersecurity; Executive Director, Center for Digital Risk & Innovation
November 22, 2021

As consumers head to stores and online for what NRF forecasts to be a record-setting holiday shopping season, retailers are working to prevent cyber threats and ensure their customers’ transactions are safe.

In-store transactions have become more secure as retailers and other partners have invested in payment technology that makes it more difficult for credit card data to be stolen and used fraudulently. But as these point-of-sale system risks have declined, cyber criminals have focused their attention online.

Big Show 2022
Register now to attend NRF 2022: Retail's Big Show, Jan. 16 – 18, in New York City.

Retailers of all sizes continue to make new investments to improve their cybersecurity, recognizing that it's necessary both for retaining consumer trust and their own financial bottom line. But new threats continue to emerge, many of which exploit vulnerabilities on customers’ computers and mobile devices.

Consumers and retailers must work together to have a safe and secure holiday shopping season. You can take the following simple steps to prevent cyber threats when shopping online.

Don’t use simple passwords, and don’t reuse passwords across sites.

Cyber criminals can find old, previously compromised email addresses and passwords on the dark web and use automated tools to attempt to log into customers’ accounts on other sites — and then use this access to facilitate fraudulent purchases. While many retailers have tools in place to detect and prevent these “account takeover” attacks, the best way to prevent them is by avoiding the use of simple passwords and the reuse of passwords across multiple accounts.

Make sure you’re shopping at the right website.

Cyber criminals increasingly try to fool shoppers with false web domains that look like real ecommerce websites. Be careful that you are on the actual website for the retailer you are trying to shop at — not a “domain squatting” site with a misspelled or incorrect URL.

If you mistype a URL by one character, you can inadvertently end up at a site that looks legitimate, but whose purpose is to steal information or get shoppers to engage in a fraudulent transaction. Retailers maintain efforts to get these sites taken down, but consumers also need to be aware. Don’t enter personal or financial information unless you’re certain you are on the verified and correct website.

Be careful with online shopping browser extensions or third-party shopping apps.

While many are reputable and can provide additional savings to consumers, other online shopping browser extensions could exploit customer information for malicious purposes. Do research on these browser extensions and third-party apps before installing them, and make sure you understand the risks both in terms of security and personal privacy.


Join us this summer at NRF PROTECT 2022 and learn more about cybersecurity in the retail industry.

Use multi-factor authentication.

Multi-factor authentication is a tool that requires customers to provide an extra piece of information, beyond a login or password, to access an account or complete a transaction — typically a short passcode sent by text message. This extra layer of security is a significant deterrent to potential misuse of accounts, and large and medium-sized online retailers are increasingly making MFA available for customers’ online accounts.

Maintain your devices.

Keep your computers and mobile devices updated and patched. By taking basic steps to install upgrades and patches to devices, you reduce the risk that your personal information will be compromised by malware when shopping online.

For more information on cybersecurity and the holiday shopping season, check out these resources:

Related content

protect 21
NRF PROTECT is where seasoned and fresh faces meet to discover insights and tools to tackle any security threat.
Read more
5 key questions for Cybersecurity Awareness Month
Individual working on a laptop.
Take this opportunity to reassess cyber preparedness and address new retail cyber risks.
Read more
NRF tackles AI, cybersecurity and fraud prevention
NRF Center for Digital Risk and Innovation
NRF's Center for Digital Risk & Innovation will help develop guidelines to inform retailers’ technology strategies.
Read more