How to avoid holiday online shopping scams
Never save your credit card information on a retailer's website, one expert says
The holidays have become a perfect time for cybercriminals to try and swindle victims out of their money through phishing scams, fake promotions and even fake or unsecured websites.
Now, as the ecommerce trend continues to surge with consumers already spending $35.27 billion during Cyber Week alone, shoppers need to be even more vigilant.
Beware of phishing attempts
Dimitri Shelest, CEO of software company OneRep, told FOX Business there has been a "precipitous rise in fraud and phishing attempts around the holiday season" over the past several years.
As a result, shoppers need to ensure that links take them to anticipated websites and to exercise discretion when engaging with online content, according to Shelest.
Do not save credit card information
JPMORGAN, OTHER BANKS IN TALKS TO REIMBURSE SCAMMED ZELLE CUSTOMERS
Another "undeniable threat to online shoppers" is credit card skimming. As a result, Shelest urges customers not to save credit card information on retail websites.
According to the FBI, criminals can use the data taken from a user's card to create fake debit or credit cards and then steal from their accounts.
"As online shopping becomes increasingly popular, cybercriminals are targeting digital checkouts to steal personal and financial data," he said, adding that it's important to enable purchase alerts on payment cards.
Make sure a website is Payment Card Industry (PCI) compliant
ZELLE FRAUD ON RISE, ACCORDING TO MASSACHUSETTS SENATOR
Another way to make sure your information is safe on a website is to check if it is Payment Card Industry (PCI) compliant, according to Stephanie Benoit-Kurtz, lead cybersecurity faculty of the College of Business and Information Technology at University of Phoenix.
According to Benoit-Kurtz, PCI compliance, which is directed by credit card companies to protect consumers, "mandates that a variety of standards be upheld to ensure secure credit card transactions."
If a website is not PCI-compliant then "personally identifiable information is potentially at risk, either through a third-party seller or through the consumer’s computer or device because the end-point security necessary to shield the transaction is absent or inadequate," she added.
If a warning appears on a website showing that a PCI certificate is not secure or is even expired, personal information is again at risk, according to Benoit-Kurtz.
Make sure you see a lock in the URL
CUSTOMERS CONNED ON ZELLE APP LOSE THOUSANDS: HOW TO PROTECT YOURSELF FROM BEING SCAMMED
Companies should be ensuring that data is encrypted when consumers make a purchase. The lock symbol in the browser will help shoppers determine if the organization is using encryption.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
"This symbol indicates the website uses SSL, a data-transfer security standard that encrypts your data and ensures the server in use is authentic and secure," she said.
Companies can also utilize tokenization, "which means they do not store, manage, maintain or transmit any credit card numbers in their completion anywhere," she added.
This information should be published on the organization's website. A company's website should notify customers what they are doing to protect their information from vulnerabilities.
For an added layer of protection, consumers can also install a firewall software application. Although they are generally used to prevent outside malicious cyberattacks, there is software that can protect your data in both directions, according to Benoit-Kurtz.