Unhappy Holidays! Scammers May Be Cleaning Out Your Online Customers' Wallets.
There’s good news and bad news for this year's holiday shoppers flocking online to make gift purchases: While many online retailers are getting savvier about protecting their customers’ personal and payment data, online fraudsters and scammers are also getting better at what they do. The net result, unfortunately, is an ongoing rise in compromised data and stolen money.
A 2018 study about identity fraud released earlier this year by Javelin Strategy & Research found that the number of identity fraud victims had risen by 9 percent over 2017, topping off at 16.7 million U.S. customers. That was the highest number since Javelin started tracking fraud 15 years ago. The total amount stolen from these fraud targets amounted to a whopping $16.8 billion.
Of course no one will be surprised to learn that the holidays are a time when the risks suggested by these record-breaking numbers intensify even more. This is a time of year when scammers are more active than any other time of year.
But even with that in mind, neither online shoppers nor online retailers are willing to forego the convenience of shopping from the couch altogether. And, fortunately, there are steps both shoppers and retailers can take to keep online shopping fraud at bay. As a financial planner and consultant at St. Louis Financial Therapy, I offer tips on this subject to both individuals and startup clients. Here are a number of them divided into the two categories:
Customers should be sure to ...
Know how to vet online shops for trustworthiness. This becomes especially important when you elect to store passwords and/or payment information with online retailers where you frequently shop. So, develop an eye for the signs of a safe site: Look for a badge that indicates a retailer is "E-Verified" or has an SSL (Secure Sockets Layer) certificate, which allows for encrypted interaction between the website and browser.
Always shop over a password-protected internet network. Avoid absentmindedly clicking “buy” when you're on an open network such as at Starbucks, or on your phone’s network.
Keep an eye out for phishing emails. These phony emails are designed to impersonate a trusted individual or business and lure the recipient to click links and insert personal information. Here's an example from my own inbox: an email claiming to be from Pottery Barn informed me that I was locked out of my account and needed to share my password.
By taking a close look at the sender’s email address -- which was a long string of numbers at an unrecognized domain, I could tell this was one that needed to go right to the trash.
Check credit card and bank statements weekly -- perhaps daily during the holiday season. Even if you’re doing everything right in terms of vetting whether you’re shopping, your information can still be compromised, as we’ve seen from headline-grabbing data breeches at eBay, Equifax and Target. Stay on top of your payment records, even if you haven’t seen your favorite online shop in the news. If you see any suspicious activity, contact your payment provider immediately.
Remember to keep track of your credit. Credit Karma is one easy-to-use service that allows you to check in on your credit score. You also have the option to receive notifications if a line of credit is opened in your name or if someone else inquires about your credit history.
Lean on your credit card without going over-budget. I recommend that my clients make heavier use of their credit card than their debit card over the holidays. Credit card companies are typically faster to respond to fraudulent activities than banks are. What’s more, malicious activity involving your debit card can include cleaning out your entire checking account -- which isn’t a risk when you’re wielding your credit card.
Small online retailers should be sure to ...
Never compromise on an ecommerce platform. This may be the most important piece of advice I can offer you. It's one I frequently impress upon startup clients of mine whose business includes online retail element: Enlist a platform built by experts to help keep your customers’ data safe.
For this purpose, for my online beard oil and grooming-products business, I use Shopify, which meets my (and my customers’) needs. Whether it’s Shopify or another ecommerce service, find a provider who is PCI compliant.
Consider protection of customers’ info a central part of your overall business plan. I’ve noticed that some of my startup clients are initially inclined to take this responsibility lightly. It’s certainly more exciting to spend time and money developing a logo, a website and a social media presence for your new business. But remember that an investment in security infrastructure is an investment in your brand’s integrity.
Scale up your protection capabilities as your scale up your business. Think ahead; if you expect sales to rise precipitously in the coming year, consider paying for the next level of the ecommerce service you’re using in preparation for that growth.
Remember that even though you’re a startup personality, you don’t have to build everything yourself. I don’t ever recommend a DIY solution when it comes to protecting data. There’s just no reason to introduce risk by reinventing the wheel when high-quality solutions already exist.
In the event of a data breech, confront the problem head-on. Contact your affected customers immediately and let them know that despite your best efforts, their data has been compromised. Take the additional step of offering an additional level of protection at that point, like a free year of security monitoring.
Though doing everything right in these areas is no guarantee of safety in the increasingly complex world of online retail, these steps can significantly lessen your chances of falling victim to fraudulent behavior. And that’s no small thing. Because making it through this online shopping season unscathed by scammers has become a gift in and of itself.