Your guide to safe and secure post-holiday shopping

In search of hot online deals? A few simple steps can reduce your risk as you boost the economy through extravagant e-commerce

Page 2 of 2

Use websites that double-check when you ship to a new address
My favorite e-commerce sites require additional verification if I try to ship to a nonstandard mailing address. Hackers often buy stuff using your credit card and ship to a temporary address where they can get away with the goods. Most e-commerce sites know this and flag any purchase to be sent to a nonstandard address -- and ask a couple of questions only you know the answers to.

Try alternate payment systems
If you're worried about someone stealing your credit card number, don't use your credit card; alternatively, use a credit card with a low maximum balance. Even better, use an online payment service, like PayPal, that you trust. PayPal is often the subject of spammers and phishers, but I've never been burned when using PayPal in a legitimate transaction. PayPal and services like it have their problems and critics, but their biggest benefit is that you'll never be out more money than what you've allocated to the service. In addition, many services offer virtual or one-time credit cards that are good for only a single use. If you have lingering doubts about a site, don't use your credit card.

Use strong passwords
I wrote on about this topic recently. Remember, it's easier than you think to create a long password that's easy to remember, particularly if you use a variation of my strong password creation trick.

Regularly change your passwords
Many hacked e-commerce sites have been found to contain user passwords that were never changed since the first user transaction. Don't be one of those people. Instead, change all your passwords at least once per year, if not more frequently. That way, if bad guys hack into a site, there's less time for them to be able to use your password.

Don't share passwords among sites
This is a big one. When you share passwords among websites, the security of your most important transaction is limited by the lowest security of the most insecure site. Hackers frequently break into seemingly inconsequential websites, grab users' email addresses, log-on names, and passwords, and use them to log on to more popular websites. And they're often successful.

Don't answer your password reset questions accurately
Recently, as part a password reset routine, a website asked my grandfather's occupation. I entered "tiredtired." Never answer password questions accurately. It's far easier for a hacker to guess legitimate answers to password reset questions than it is to guess your password. Instead, make up some nonsense. For greater protection, and as a memory aid, vary your password reset answers based on the website name: for example, tiredtiredamazon, tiredtiredfidelity, tiredtireditunes, and so on.

Check your accounts frequently
Examine your checking and credit card balances online no less than once a week. If a suspicious transaction appears, you're on top of it rather than waiting for the bank to call.

Set up monitoring thresholds
These days, many banks and credit card services enable you to setup transaction thresholds, which, if exceeded, generate an email or a request for an approval. Others send you an alert if the transaction occurs overseas or exhibits an unusual pattern not indicative of your normal behavior.

Follow all these recommendations all the time and you'll reduce your online security risk significantly. Nothing will guarantee that you'll never be exploited, but it decreases the odds that you'll be a victim.

This story, "Your guide to safe and secure post-holiday shopping," was originally published at Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at For the latest business technology news, follow on Twitter.

| 1 2 Page 2
Cybersecurity market research: Top 15 statistics for 2017