Money

Follow these 6 steps to keep your payment info safe while online shopping this holiday season

Getty | filadendron

While most of us shudder at the thought of having our personal information compromised, more than six in 10 (64%) of U.S. credit or debit cardholders say they've saved their card numbers online (or in mobile apps), according to a study from Bankrate.com.

Why are people so quick to enter their personal information and hit save when shopping online? Well, aside from the obvious answer, which is that it's convenient, it also seems many online shoppers either don't properly weigh the risk or don't know they're making themselves vulnerable to hackers.

Of those Bankrate surveyed, 44% of respondents say they think saving payment information on a website is "somewhat safe," 31% believe it's "not very safe" and 17% think it's "not safe at all."

Regardless of where you fall on the spectrum, the reality — when it comes to shopping via e-retailers — is that there is always a potential risk of having your payment information stolen, especially since "no website is 100% secure," Adam Levin, founder of cyber technology solutions company CyberScout, tells CNBC Make It.

To defend yourself against what is sometimes referred to as "digital mugging," you must practice caution when shopping online. While there are a lot of different ways internet criminals can get hold of your information, digital mugging refers specifically to "when your payment info, personal info, or passwords are hacked when using an e-commerce site or mobile app," says Tom Kellermann, head cybersecurity strategist at software company VMware.

Now that the holidays are fast approaching, and given that many (if not all) of us will be shopping online, it's important to know the basics about protecting your payment information online.

Follow these six steps to prevent hackers from accessing your personal information.

1. Watch out for red flags

A patient appointment letter from a London NHS hospital, next to a virus and spyware warning message on a laptop screen at a home in London, following a major cyber attack on NHS computer systems.
Yui Mok | PA Images | Getty Images

While no website is 100% secure, some are more secure than others — and experts say there are ways of knowing if the website where you're shopping isn't safe.

First, there are visual cues that can serve as red flags. If a website lacks a padlock icon just before the URL string field on a web page, that's usually signals that a website is unsafe. The padlock icon before the web address looks like this:

Additionally, sites that have "https" at the start of a URL string, instead of just "http," are also supposed to be safer. The added "S" indicates that the site is encrypted, which means that any communication between you and the site's server is kept hidden from online hackers.

If a website frequently crashes or sends you pop-ups, those are also signs that a website may be less guarded, Kellermann explains.

Use your best judgment, but bear in mind companies large and small get hacked.
Adam Levin
Founder of CyberScout

When it comes to where you can shop, Kellermann says larger online retailers tend to be safer than smaller e-retailers, but you should practice the same level of caution no matter where you're browsing and watch out for anything that seems strange.

In addition to checking for the padlock icon and "https" at the start of a web address, you should also be vigilant about checking the spelling of URLs. "Clone sites will often look exactly like the actual site, with a single character difference in the URL. If the site looks off visually, has obvious misspellings or grammatical errors, you may have wandered into a scam," Levin says.

2. Make transactions only after updating your computer

Any time you're shopping online, you should first make sure the device you're using is up to date. If it's not, internet criminals can more easily get at your personal information, Kellermann explains.

"When you update your computer and applications, the security vulnerabilities, which hackers use to sneak into your device, are closed with 'metal plates.' Critical updates are metal plates which seal off open passages into your digital home," Kellermann says.

Nowadays, many mobile devices and computers will alert you when you're due for a software update. So, if you've just recently completed an update, you should be good until the next time one rolls around. And, if you're not positive as to the last time you ran an update, head into your device's settings to see if your computer or phone needs one.

3. Avoid using public Wi-Fi

Jeffrey Coolidge | Photodisc | Getty Images

Using the public Wi-Fi that's offered at airports or in cafes is sometimes all it takes to invite in cyber intruders. That's why Kellermann advises you to "never use public Wi-Fi" if you can help it.

If you've commonly have used free public Wi-Fi in the past, you're not alone: 81% of people still connect to free public Wi-Fi, according to a 2018 study from One World Identity.

Why is using public Wi-Fi a problem? Cyber criminals lurk on the same connection who could gain access to your information and steal your credit card number or other important personal data.

If you find yourself in a bind and need internet access pronto while out and about, it's most ideal to connect to the internet using a hotspot on your smartphone instead. And, if that's not possible, there are several ways to protect yourself while using public networks, such as utilizing a VPN and limiting file sharing via AirDrop.

VIDEO1:3301:33
Telemarketer, security guard and other jobs the stars of 'Sorry To Bother You' worked before making it

4. Use Firefox over other browsers

Experts also recommend using Firefox when shopping online because it has a number of features that make it more secure than other browsers, Kellermann explains.

"Firefox has enhanced tracking protection built-in, as well as, features like the Facebook container, which isolates your web activity from Facebook," Kellermann says. The main benefit of this container feature, especially given that large sites like Facebook have more pull when it comes to online tracking, is that all of your Facebook cookies get deleted each time you log out of your Facebook account.

Additionally, unlike other browsers, such as Google Chrome, which had its extensions compromised and 4.8 million user login credentials stolen back in 2017, Firefox "is not vulnerable" to these kinds of extension attacks, Kellermann says.

When it comes to online shopping specifically, Firefox is a good option since it "does not collect as much private data from the user like other browsers do," Kellermann says. And for the data it does collect, users can use Firefox to "delete your temporary files afterwards much like you would tear up a receipt," he adds.

5. Add another layer of security

Enabling a two-factor authentication code is another way to protect your online accounts.

When you enable a two-factor authentication code, you're simply adding another step (such as being asked a security question that only you'd know the answer to or sending a code via email or text message to yourself as additional verification) so that others attempting to gain access to your account cannot.

In addition to using email and text codes to verify your identity, you can also use authentication apps, such as Authy or Google Authenticator, which are specifically designed to provide you a code at login once you've enabled two-factor authentication within the settings of the online account you're trying to protect.

While Authy and Google Authenticator are considered trustworthy apps, if you choose to use another third-party app, Levin says to "be careful and read the reviews before downloading anything because they can be infected with malware and other digital pitfalls."

And, at the end of the day, if you choose to forgo employing a two-factor authentication code, make sure you "use long and strong passwords that don't repeat across accounts," Levin says. He adds to also "sign up for transaction alerts offered for free by banks and credit card companies, which will allow you to spot suspicious activity in real time."

6. Use a credit card not a debit card

While it's not ideal to have any of your information compromised, it's often considered less of a disaster if your credit card number gets stolen than if your debit card number does. Why? Because any charges made on a stolen credit card can typically be fixed with a phone call since credit card issuers "offer zero-liability and debit cards have varying rules," Levin says.

For that reason, you should never use your debit card to shop online. It's a better idea to pay using your credit card when shopping this holiday season, so long as you're spending responsibly and within your means, or course.

VIDEO2:1802:18
Ex-con artist: Here are the only items you need in your wallet

Now that you have the steps to better protecting your payment information while using e-retailers, it's time to put these tactics to the test. And, once again, it's important to know that there is always a risk, even when employing all of the above six steps. "Use your best judgment, but bear in mind companies large and small get hacked," Levin says.

Don't miss: 8 holiday gifts under $50 for everyone on your list

Like this story? Subscribe to CNBC Make It on YouTube!

make it

Stay in the loop

Sign Up

About Us

Learn More

Follow Us

CNBC.COM