$content.source -- $content.source.name -- $content.altguid

5 Reasons It's Riskier to Shop In Person Than Online

Shopping online may not be inherently safer than going to the mall, but at least you have a little more control

By

December 18, 2007 — With the number of online shoppers growing each year and the biggest shopping days of the year in our midst, the safety of online shopping is often called into question. But what about security when it comes to shopping at your local mall? Which is actually safer--shopping online or in person?

The answer, of course, is it depends. But experts point out one big difference in how you load up your shopping cart: The biggest risks from online shopping come from factors you can, for the most part, control, while the threat from in-store transactions is largely out of your hands--and in those of the retailer.

The biggest online threat stems from falling victim to ads that take you to illegitimate sites, says Avivah Litan, a vice president at Gartner. There are many ways criminals can lure you to these sites, but the most common are through phishing or by high-jacking your browser through malware downloaded onto your machine. “Online, you run the risk of giving your money to an illegal business where someone is capturing your information as you enter it,” Litan says. In other words, it’s up to you to make sure you’re spending your money in the right places.

In-store risks, on the other hand, stem largely from how merchants handle data. And so, amidst the usual holiday hand-wringing over risks with online shopping, we offer five ways that going to a store actually presents a bigger risk.

1. Stores may have wireless networks that aren’t secured.
Perhaps the best-known risk of in-store shopping is the possibility of an insecure wireless network. Sensitive customer information can be accessed through a store’s wireless network if it has a weak encryption key. According to a November study by wireless security product vendor AirDefense, half of the 3,045 retailers surveyed use wireless data systems that are susceptible to hacking. Of the wireless access points studied, 25 percent didn’t have any encryption at all, and 25 percent were using the Wireless Equivalent Privacy encryption method (WEP), which is outdated and easily cracked.   

At the time of one of the largest security breaches in history, TJX  was using WEP; the breaches that occurred at DSW, OfficeMax and BJ’s also resulted from a cracked WEP key. Barak Engel, former director of security at WebEx and co-creator of Hackademia.com, says that when TJX implemented the encryption key, WEP was standard and recommended. While more merchants are starting to switch to newer methods of encryption, such as Wi-Fi Protected Access (WPA), he says that it is an “often costly and resource intensive affair.” And if the store where you’re shopping hasn’t made the switch? There’s little way for you to do much about it, or even know.

RESOURCE CENTER