We are all shopping online more today, whether we are making purchases or being purchased from. While it is convenient, it can also put you in danger of having personal and financial information stolen. Cyber attackers are always at work. Both consumers and businesses need to ensure they are taking the proper safety precautions.

On the Attack

When it comes to online shopping, the internet gives attackers multiple ways to obtain your personal and financial information. Once they have it, they will use your information to make their own purchases, or sell it to someone else. They may target their potential victims through fraudulent websites and emails, including fake shops and charitable organizations. Just remember the old adage, if a deal looks too good to be true, it probably is.

Another way attackers are able to get your information is through intercepting. If a vendor does not use encryption during a transaction, your information is at risk.

Attackers also prey on vulnerable computers. Consumers and businesses alike need to take steps to protect computers from viruses and other malicious code that attackers may use to access personal and customer information. Keep your devices up to date and protected.

Keep Your Info Safe While Shopping

Perhaps the most important way to protect yourself is by doing your due diligence. Here are some ways to keep private information secure:

• Do business with reputable vendors.
• Ensure a secure website – If you are a consumer, make sure you are purchasing from a secure site, which should have a URL that begins with “https” instead of “http” and a closed padlock icon.
• If you are a business that sells to consumers, ensure that your site has been secured and that you are using the proper web security (i.e. web app firewalls, full blown security commerce suite), and maintain PCI DSS compliance in store or online.
• Do not provide sensitive information through email. No reputable business will ask for private or sensitive information via email.
• Use a credit card or prepaid debit card, which, by law, offers some level of fraud protection.
• Use a Virtual Credit Card – How it works: you own a credit card account with the institution that offers the card. When you make a transaction, your account generates temporary, random numbers in place of your actual credit card number. This offers one more layer between you and attackers. Some cons to this method include difficulty returning or denying a purchase, they’re not accepted by all merchants, and not every purchase offers the same fraud protection as with credit cards. There are three major companies offering virtual credit cards: Bank of America, Citibank, and Capital One.
• Check your app settings – Shopping apps should tell you what they do with your data and how they keep it secure. There is no legal limit on your liability with money stored in a shopping app or gift card. Read the terms of service. The pro to shopping through store apps is that it can help avoid clicking a “bad” link to one of those legitimate-looking, but fake, websites.
• Check your statements and accounts – Compare receipts and purchase copies with bank statements for discrepancies. If you think this is a small point, read your neighborhood cybersecurity guy’s personal fraud experience.
• Check privacy policies – Most of us probably skim these, but before entering any personal or financial information, you should understand how your data will be stored and used by reading through the website’s privacy policy.

Collecting Payment as a Business

The same security rules apply for businesses as with consumers: make sure there is a layer of protection in the transaction. I recommend all businesses that are selling to consumers do the following:

• Be set up to take credit cards and debit cards – Look at services like PayPal, Google Pay, Apple Pay
• Work with your financial institution – They will help support all that goes into conducting electronic transactions and have knowledge of industry policies.
• Set up with reputable companies that will advocate for both the buyer and seller. PayPal, Google Pay, Apple Pay, for example, meet the necessary standards. Check that your organization is PCI DSS compliant. PCI DSS is a stringent set of standards created and policed by the industry itself.

Use Solid Business Accounting Practices

Setting up your transactions for optimum cybersecurity is one step. Another step businesses must take for their added protection is to set up solid accounting practices. Be sure to have a clear “chain of evidence” – a clear process in place about where an invoice came from, how much it is, and what it’s connected to. Accounts should be charted and set up with vendor and accounting codes. And be sure to separate duties; one person should not be responsible for the entire process. Just as you would frequently check your personal bank statements, keep solid records and look through details, understanding that attackers can steal enough information to make it look like an invoice came from a company.

Unless you’re an enterprise level business, don’t attempt to go at this by yourself. Utilize a reputable dealer and make sure to have a discussion with your financial institution.