6 Security Tips for Staying Safe While Holiday Shopping

6 Security Tips for Staying Safe While Holiday Shopping
6 Security Tips Blog Header

Noth­ing beats being able to shop from the com­fort of your own home! But with the hol­i­day sea­son in full swing, keep­ing your infor­ma­tion secure may be hard­er than you think. The increased num­ber of trans­ac­tions dur­ing this time could leave you as a prime tar­get for a mali­cious hack­er. Have no fear, we are here to help! Read on to dis­cov­er 6 secu­ri­ty tips for hol­i­day shopping.

Group on Mobile

Why Secu­ri­ty Mat­ters

Con­sumers are shop­ping more online than ever before, and mobile shop­ping is grow­ing. Accord­ing to a study con­duct­ed in 2018 by Ibot​ta​.com, near­ly 50% of con­sumers shop more on their mobile devices than in stores. The ease of this process might serve as a per­fect dis­guise for hack­ers to steal your trans­ac­tion data, espe­cial­ly infor­ma­tion from pay­ment pro­cess­ing. In most cas­es, the pay­ment process con­tains cred­it card data, name, address, email and phone infor­ma­tion which is like a pot of gold for a cyber thief. Your infor­ma­tion falling into the wrong hands could lead to iden­ti­ty theft, fraud or phish­ing attacks.

Keep in mind that secu­ri­ty mat­ters on both sides of online trans­ac­tions (as dis­cussed in our Secu­ri­ty Back to Basics webi­nar). Whether you’re a ski area or a per­form­ing arts cen­ter, your patrons will like­ly be look­ing for these indi­ca­tors, so be sure you are offer­ing them a safe and trust­ed shop­ping expe­ri­ence.

Here are some tips to help pro­tect your­self while shop­ping online: 

1. Patch Your Sys­tem
Cyber­Shark defines a patch as a small adjust­ment to the code of the soft­ware you’re using. A patch updates one com­po­nent of the soft­ware.” Unpatched com­put­er soft­ware is a com­mon cause of mal­ware infec­tions. Online shop­pers are at increased risk because of this, due to the sen­si­tive infor­ma­tion involved. Always update anti-virus and mal­ware pro­tec­tion soft­ware and ensure your brows­er is up to date before shop­ping online. 

2. Shop at Web­sites You Trust
Shop on rep­utable sites that use a secure con­nec­tion. Secure sites will have a small lock icon in the left cor­ner of the URL bar which tells you that the web­site you are on is pro­tect­ing your data in tran­sit. If you do not see the lock or https” in the URL then the web­page is inse­cure, and you should avoid using it. Even after con­firm­ing your site has a lock”, you should also make sure the URL for the site you are shop­ping on is a rep­utable one. Mali­cious hack­ers some­times set up their own fake shop­ping web­sites to lure unsus­pect­ing indi­vid­u­als into buy­ing fake products.

3. Avoid Using Deb­it Cards
Avoid mak­ing online pay­ments with your deb­it card. Since deb­it cards are linked to your bank account, you are at a high­er risk if an attack­er is able to hack your data. Cred­it cards offer increased pro­tec­tion and low­er lia­bil­i­ty if a num­ber gets stolen.

4. Use a Dig­i­tal Wal­let
Con­sid­er using Apple Pay or Google Pay to make pay­ments where avail­able as they offer bet­ter pro­tec­tion against cred­it card fraud. These dig­i­tal wal­lets obscure your pay­ment infor­ma­tion so that all the mer­chant receives is a unique, one-time code good only for that trans­ac­tion. If a hack­er gets their hands on this infor­ma­tion, they won’t have access to your real cred­it card details. 

Woman Outside of Store Looking at Mobile

5. Use your device’s data plan or a VPN
Always use cau­tion when con­nect­ing to Pub­lic Wi-Fi. Thieves can some­times cre­ate Wi-Fi hotspots to trick you into con­nect­ing to it. Once you’re con­nect­ed, they can inter­cept the data from your device and even from the web­sites you are vis­it­ing. In many cas­es, infor­ma­tion that an iden­ti­ty thief would love to have is trans­mit­ted while shop­ping online, includ­ing name, address, email and cred­it card num­bers.

One major way to cut down on mali­cious access to your phone through a pub­lic Wi-Fi net­work is to avoid them alto­geth­er. Stick­ing to your device’s data plan when in pub­lic could be your best bet. If you are using a tablet, cre­ate a Wi-Fi hotspot from your per­son­al mobile phone. Con­sid­er using a vir­tu­al pri­vate net­work or VPN.” A VPN is high­ly rec­om­mend­ed to pro­tect your data on pub­lic Wi-Fi net­works. There are numer­ous VPN providers for mobile users. In most cas­es, it is as sim­ple as down­load­ing the app on your device, allow­ing VPN access to the appli­ca­tion and click­ing a but­ton to start the VPN ser­vice. From there, data is pro­tect­ed in tran­sit pre­vent­ing eaves­drop­pers from get­ting to your data. 

Couple Looking at Mobile

6. Be very cau­tious about click­ing on links in your email
The hol­i­days are a prime time for email scams. Scam­mers send out virus­es and mal­ware to a user’s inbox under the guise of a great deal or offer. Do not open emails from peo­ple you don’t know, or sites you haven’t vis­it­ed. Some­times, these emails will appear to be com­ing from your bank or anoth­er finan­cial insti­tu­tion and state there is an alert or prob­lem with your account. Always ver­i­fy these mes­sages by call­ing the bank/​financial insti­tu­tion to ver­i­fy any poten­tial prob­lems, and nev­er enter your account infor­ma­tion in response to an email like this. Beware of links to offers or deals that sound too good to be true. If you are tempt­ed by a deal, do some research to find out if any­one else has tak­en advan­tage of the deal before click­ing, as the mes­sage could be mali­cious and infect your sys­tem with a virus or mal­ware.

As a venue, you can also help guests avoid untrust­wor­thy web­sites by train­ing them to go to your secure web­site direct­ly. (Read our blog on how to help your patrons avoid tick­et­ing scams for more infor­ma­tion). Whether you are a per­form­ing arts cen­ter, water park or local fes­ti­val, don’t be afraid of being proac­tive and edu­cat­ing the gen­er­al pop­u­la­tion on how impor­tant it is for your patrons to pur­chase tick­ets from your box office and not any third-par­ty resellers. This can great­ly cut down on fraud­u­lent activ­i­ty. The hol­i­days are sup­posed to be a time to enjoy fam­i­ly and friends. Do not let these times be ruined by falling vic­tim to some of these attacks. Stay vig­i­lant and enjoy your hol­i­day season. 

Does your tick­et­ing sys­tem give you the tools you need to pro­tect your guests’ trans­ac­tion data? Con­tact us today to learn how you can secure your sys­tem and sell more tick­ets and increase rev­enue with our accesso suite of solutions. 


William Quinones
Infor­ma­tion Secu­ri­ty Ana­lyst
William Quinones leads the Gov­er­nance, Risk and Secu­ri­ty Com­pli­ance pro­grams at acces­so, William spe­cial­izes in vul­ner­a­bil­i­ty man­age­ment, secu­ri­ty edu­ca­tion, pro­gram design and archi­tec­ture, com­pli­ance, pri­va­cy, and enter­prise risk. William has 17 years of Infor­ma­tion Secu­ri­ty expe­ri­ence, holds a B.S. in Infor­ma­tion Sys­tems Tech­nol­o­gy (cyber­se­cu­ri­ty spe­cial­iza­tion) and main­tains the CIS­SP, CEH, CPT, CASP and PCIP cer­ti­fi­ca­tions. William is also list­ed by Comp­TIA as a sub­ject mat­ter expert for his assis­tance in the devel­op­ment of the Comp­TIA Pen­Test+ cer­ti­fi­ca­tion exam.