As online shopping heats up ahead of the holiday season, consumers should be aware of an increasingly common scam called “e-skimming,” the FBI warns.
That data is then sold to other malicious actors, or used by the scammer to buy things online. Small- and medium-sized retailers are most at risk of being targeted, per the FBI.
While the FBI and security experts make clear it’s primarily the responsibility of merchants to secure their sites and educate employees on the best cybersecurity practices, there are a number of measures anyone can take to help keep their financial information secure. Here are seven things you can do now.
Virtual credit cards are temporary numbers that allow you to use your real credit card without exposing your account information to a retailer’s website. You can use these only once, or however many times you choose.
If your information is skimmed or revealed in a data breach it’s okay; you won’t have to replace your real credit card, only close down the virtual card. You can create these virtual cards on Privacy.com, or on your card issuer’s website.
Never use a debit card when shopping online. Credit cards offer better protections for consumers. Debit cards act essentially as cash, whereas if a thief uses your credit card, no money is actually taken from you.
Rick McElroy, principal security strategist at Carbon Black, a cybersecurity firm, tells CNBC Make It that if you’re not using a separate credit card for online purchases, it’s smart to pay through a third-party processor like PayPal or Venmo if the retailer’s site gives you that option.
If you use PayPal, for example, the online retailer never sees your information, says McElroy. “They see your email address, but other than that PayPal just sends a token that says the payment was made.” There’s no personal information to steal.
Consumers should keep their internet browsers and phone and computer operating systems up-to-date, particularly at this time of year, McElroy says. He suggests everyone turn on the auto-updates on their personal tech.
“The attacks on retailers ramp up between Thanksgiving and the first of the year,” he says. “The vendors are already seeing it, so they are putting out continual updates.”
He also suggests installing secure browser plug-ins. SiteJabber and Web of Trust, for example, provide community-sourced security ratings for websites. HTTPS Everywhere ensures that the sites you visit are automatically encrypted and secure (when you’re browsing, you want site addresses to begin with “https://” as opposed to “http://”).
And if you’re shopping locally, go in person to make a purchase. Small retailers often do not have the resources to completely secure their sites.
“From a consumer perspective, stick to the major retailers. They do a pretty decent job of ensuring that stuff is protected,” says McElroy.
Scammers are now using the same tactics they use to steal credit card information to steal gift card balances, McElroy notes. Whereas you’d likely notice a mysterious credit card transaction or money missing from your checking account right away, that isn’t the case for gift cards.
“Who checks their gift card balances on a daily basis?” McElory says. “Thieves get a lot longer to hide.”
Emails from companies purporting to be Apple and Amazon, among others, abound during the holiday season, McElroy warns. Always double check for spelling and grammatical errors, and be weary of emails asking you to click certain links, which might be a phishing attack that gives scammers access to your financial information.
“Always be weary of incoming communications,” he says.
With all of the sophisticated financial scams that abound these days, consumers are wise is to proactively protect their financial information.
Regularly check bank and credit card statements, and set up credit card and bank account withdrawal alerts. If you receive an alert about a purchase you did not make, immediately alert your bank and credit card issuer.
On top of your bank and credit card statements, you’ll want to regularly check your credit reports, as well. Though legally you can pull your reports from Equifax, Experian and TransUnion just once a year for free from AnnualCreditReport.com, there are a variety of apps and other financial platforms that will now monitor your report for you, like Credit Karma. If you see something that’s amiss, you’ll want to dispute it immediately.
And if you regularly shop online, you may also consider freezing your credit reports to protect against an inevitable data breach at a site you’ve purchased something from. Here’s how to freeze and unfreeze your reports.
This article first appeared on CNBC https://www.cnbc.com/2019/10/29/how-to-protect-your-credit-card-info-from-e-skimmers.html and is republished with its permission.