Right on schedule, holiday shopping mania is setting in. Soon just about everyone will either be standing in long lines at the mall, or more likely, shopping from home for friends and loved ones, possibly in their comfiest Snuggie.
That online ecommerce only continues to grow is no surprise. According to Adobe Digital Insights, Cyber Monday shopping hit a new high in 2016 of $3.45 billion in sales. Of that, mobile shopping had one of its biggest years ever with consumers spending $1.07 billion shopping via their tablets and smartphones.
2017 could be another banner year for the ecommerce shopping holiday. More than 56% of consumers recently surveyed by RetailMeNot said that they plan to make a purchase on Cyber Monday this year, compared with 39% last year.
The predicted activity is terrific news for online retailers. However, the reality is that security continues to be an ongoing issue for them, especially with regard to shopping scams such as credit card fraud, fake sites and more.
For example, in its March report on ecommerce fraud that took place in 2016, credit report provider Experian found an increase of 33%. While the report did not specifically focus on the holidays, it’s worth acknowledging as one of the major drivers in the increase was attributed to the introduction on chip-and-pin cards, which drove fraudsters online. It’s also become easier for them to get their hands on identity data.
If you’re not careful, hackers will take the holly jolly spirit right out of the holiday. All of which means consumers (and businesses) need to remain diligent in protecting themselves.
That being said, UK-based Sainsbury's Bank is offering 10 steps for safe online shopping this holiday season, some of which are highlighted below.
Make Sure the Site Is Secure
For years, one of the core recommendations for safe online shopping has been to look for the padlock and HTTPS in browser address bars because this indicates a website is using SSL/TLS – an encryption technology ensuring that the data sent to the retailer is encrypted and secure. This mentality has been further reinforced by Chrome’s recent UI changes to mark HTTP (i.e. not using SSL) sites as “Not secure".
While the padlock and HTTPS are still important indicators to look for, it’s important to know that these don’t necessarily mean a website is safe. Many phishing sites have started using free, low assurance SSL to look more trustworthy, so you shouldn’t automatically trust a website just because it has the padlock and HTTPS. Instead you should:
- Look for the company name in the address bar, a sign that the site is using higher assurance SSL and has had their company details and domain ownership verified by a trusted third party.
- If the company name isn’t there, take a second to double check the URL and look for any signs that it’s a phishing site (e.g. extra letters, small misspellings like the number 1 for the letter l, extra strings of numbers or letters at the end).
- You can also dive into the certificate details, if you’re curious, which can contain more information about the company operating the site. We have tips for how to do that here.
Be on Guard for Fake Websites, and Don't Buy From Spam or Phishing Emails
As mentioned above, it’s worth taking a minute to look for signs that the site you’re on is an impostor or phishing attempt. Actually, you should always check and study the URL before you even click it. Whenever someone sends you a link via email or social media, or in any platform for that matter, take time to study the URL before you click. You don’t have to be an expert in spotting a suspicious URL. Just look for some red flags on the link, like those I mentioned above, such as unnecessary words or domains. We have more detailed suggestions here. Also investigate reviews by other customers and whether those seem authentic as well.
When it comes to phishing messages, be aware that they are designed to appear from trusted retailers to trick consumers into entering personal details and the perpetrators will stop at nothing to steal information. In 2016 alone, phishing attacks increased by a staggering 400% and this year, the trend likely continued. Some tips for spotting phishing emails include:
- Investigating the email address - similar to phishing websites, look for misspelled words, nonsensical stings of text, display names that don’t match the mailto.
- Studying the contents of the email for grammar mistakes, lack or personalization, lack of details, email signature doesn’t match sender address.
Find more tips for identifying phishing emails here.
- Pay by credit card – most credit cards offer protection on purchases, so use them wherever possible. Debit cards and other methods of payment usually offer a lower level of protection and may leave the consumer out-of-pocket while a claim is processed. If the merchant does not accept credit cards, or you do not have one, look for other methods of safe payment such as PayPal.
- Avoid shopping on public Wi-Fi - data sent through public networks can be easily intercepted and therefore extremely unsafe, so avoid making any financial transactions on public Wi-Fi and use a password protected network. It’s better to wait until you get home to make your purchase. Remember, if it seems like a bad idea, it probably is.
- Add an extra layer of security - in addition to all the other security steps, consumer’s should be taking, another important one is to register your credit card with Verified by Visa, Mastercard’s SecureCode, Discover’s Identity Theft Protection program, or American Express’ SafeKey for small businesses.
We hope you’ve found these tips useful, as it is GlobalSign’s aim to help reduce ecommerce fraud and other security challenges. By following these steps, hopefully you’ll enjoy an incident-free holiday season. Happy shopping, everybody!!