Hacked for the Holidays: Guarding Against the Fraudulent Grinch

WPI cybersecurity experts help shoppers avoid credit card fraud and other risks

On Black Friday, Small Business Saturday, Cyber Monday, and throughout the shopping season that stretches between Thanksgiving and Christmas, millions of Americans will be caught up in the annual gift buying frenzy. 

So this year, before you use your card at the checkout or type in your security code online, Worcester Polytechnic Institute (WPI) cyber security experts have some tips for keeping your information safe.

1. Comfort with credit cards: Many major credit card companies have recently embedded security chips into their cards to deter theft. The chip makes it harder for bad guys to "skim" your card and steal your information. At checkout, you may need to insert your card into a reader instead of swiping it; the process for using a credit card with a chip online is unchanged.

Even if an attacker gets your credit card information, most credit card companies provide protection from fraudulent purchases if you report them in a timely manner. Be sure to check your credit card statements online and review your monthly printouts for any transactions you don’t recognize. Criminals may shop in the same stores you do in hopes of not raising suspicion by making out-of-the-ordinary purchases. If you notice any concerns, report them to your credit card issuer immediately using the phone number on the back of your card. They will likely close your old account and issue you a new card.

2. Double check debit cards: Debit cards pose a greater security risk than credit cards because they don’t usually incorporate the same fraud protections. While some issuers may limit liability, others may ask the customer to cover a portion of any fraudulent purchase. Given these limitations, it is often wiser to simply use a credit card and immediately pay off the balance to avoid paying interest and finance fees.

3. Optimize online purchases: Stick to reputable, recognized online retailers. Top merchants are extremely security focused and protect their transactions. Avoid unknown sellers and trust your gut: if a website seems iffy, shop elsewhere.

4. 'Tis the season for charitable giving: The holidays often inspire people to give to charities, and they inspire fraudsters to prey on your kindness and steal your money. Before you give, verify that the organization is legitimate. The Federal Trade Commission, IRS, and other agencies provide online resources for consumers to check out a charity. Even when you recognize the organization, never give payment information to anyone who calls on the phone. Instead, look up them up yourself and donate directly.

5. Worrisome wire transfers: Avoid providing banking account information or making wire transfers to others. Any fraudulently obtained funds from wire transfers or direct drafts to a banking account may be unrecoverable.

6. Keep your guard up: If you shop and access your credit card accounts online, make sure the computer you use is kept secure by installing security software and keeping it up to date. Otherwise, if a hacker steals your online login credentials and transfers money, you may have no way to recover that money.

"It’s important to simply keep a critical eye on any transaction you make that’s not cash," says Shue. "If you have a feeling something's not right, shop somewhere else."