Shaun Murphy is an expert on communication security and has focused on online credit card fraud and transaction safety for the holidays. He was kind enough to answer a few questions about how to shop online – and stay safe – during the upcoming shopping frenzy, and his answers are most interesting…
Q: Most people are going to be doing at least some shopping online this holiday season. What are the top dangers?
Hot deals that arrive to you via email and ask you to click a link to claim your savings. – Take a close look at that link and manually type it into your browser, thieves will create real looking websites and have domain names that look very close to a legitimate shopping site (with a few letters swapped or omitted.)
Free public wifi – Connecting to someone’s open network is a dangerous proposition either in a local coffee shop or in an airplane. Consider the following, connecting to someone’s network could allow them to capture your passwords and other financial data BUT they can also modify the data coming back to your device… a retailer, theoretically, could modify the prices coming back from their online competitors to be at a higher price!
Q: Chip-and-Pin credit cards help with physical security, but what can people to do make their online transactions safer?
Use a digital wallet instead of inputting your credit card information on shopping sites. There are many choices including amazon payments and ebay. By checking out of a store with one of these accounts, you’re not trusting them to have any payment details about you – only your shipping address. Another great development in the past year has been the emergence of Apple Pay, Android Pay, and Samsung Pay (did they all have to use the same name?) and the integration within retailer apps. Some online retailers have added the option to checkout using these new options so you never have to input your credit card with them and you get the strength of tokenized transaction/payments.
Q: At least 20% of Americans will be shopping via smartphone. What unique dangers do those present?
Connecting to unknown/unsafe wifi – mentioned above, this opens up so much danger to end users. Upgrade your data plan if you can afford it.
Apps that are not from 1st party retailers and sites – some apps you might find outside of the official app stores may promise great deals, exclusive offerings, and more but will only end up stealing data from your phone.
You mention this below but theft of device is a big one, more on that next.
Q: Your cellphone’s stolen. You have a bunch of ecommerce apps, including Amazon with one-click enabled. Now what?
Well you go back and time and follow these tips:
1.) Lock down your phone with at least a 6-digit PIN, fingerprint, or better a passphrase with numbers and letters.
2.) Make sure the lock screen is enabled when your screen goes black AND when you press the power button
3.) Get in the habit of hitting the power button to lock you screen when you’re done looking at the screen
4.) Make sure your phone is encrypted – new IOS devices are encrypted by default but most Android devices need to be manually encrypted – check out your security settings
5.) Turn on your location tracking – Find my iPhone for IOS devices and Android Device Manager for Android devices. If your device is lost, you login via any webbrowser and remotely wipe the device
6.) If you have a smart watch, chances are you can enable your phone to lock whenever the watch is out range. That way if anyone swipes your phone it will lock a few feet away.
Q: What’s the government doing to help us avoid rampant online fraud, Shaun?
They are doing quite a bit but our economy is so huge and fast that not all online and brick and mortar fraud can be easily stopped.
Chip and pin credit cards, for example, are a great replacement for magnetic swipe cards but they are much slower at the point of sale terminals… meaning checking times are slower, customers get frustrated, and the lines get longer. The tradeoff in the USA has been to just use the chip and forgo the PIN input for now, it’s frustrating to see that but the retailers, banks and credit card companies want to keep things speedy while reducing SOME fraud.
The FBI had something to say about that: FBI Warns New Credit Cards May Be Vulnerable to Exploitation by Fraudsters.
Q: Finally, tell us a bit about your background in online security and what YOU do to secure your own online shopping?
I’ve been in this space for quite a while… I got my start 20 something years ago doing defensive software development for payphones where the big fraud was getting free long distance calls and hacking into telecom sites! Since then I’ve worked as a consultant with many big department of defense contractors working on systems to protect and secure communications, transmit massive amounts of data in near real time, and other cool stuff I can’t ever talk about… but I can talk about why I’m doing what I’m doing now… everyone needs security whether it be shopping online or just simply sharing a picture with their friends. But with today’s big tech giants are out there grabbing as much information about us, storing it and correlating it with other people so they can sell it for top advertising dollars (and other purposes as well) we no longer have any privacy or security.
So I have many ways to secure and protect my online self but I’m choosing to put myself where everyone else is, use social media, use photo sharing sites, and buy stuff online just to see where the pitfalls are and protect real people through education and technology development.
For online shopping I have a single credit card that can generate disposable numbers. I feed that through a digital wallet and only buy from companies that accept that digital wallet. For brick and mortar, I’m using the three-Pays (is that a rapper?) – Apple Pay, Samsung Pay, and Android pay on my different test devices. I’ll have more on that another day.
Great stuff, and thanks for your interesting answers. Now, dear reader, what are you going to do to help ensure your own online safety as you go shopping online more and more?