An end of the month bank statement can hold an unpleasant surprise: unauthorized charges stemming from a hacked or stolen card number.
"Identity theft is big business," said Michael Bachmann, an associate professor of criminal justice at Texas Christian University.. "We are facing a thriving global online shadow economy with highly organized structures and roles similar to those in the international drug trade."
The process begins with a simple card number theft. Thefts can occur in many different ways, ranging from specialized teams conducting large-scale, coordinated hacking attacks on financial databases to common "carders," small-time criminals with no specialized computer skills who use simple tools to capture credit card numbers, Bachmann said.
Once personal information is stolen, it is sold to criminals through secret online marketplaces. The buyers use the financial data in many ways, from fraudulent purchases to credit scams. By the time victims are aware of the trouble, it can be too late.
"The victim may not become aware of what is happening before the criminal has already inflicted substantial damage to the victim's assets, credit and reputation," Bachmann said.
At TCU, Bachmann teaches courses about cybercrimes, hackers and information warfare. He attends hacker and IT security conferences all over the globe, including the annual Department of Defense cybercrime conference.
Ultimately, Bachmann hopes to help people protect themselves online. He has several common-sense suggestions.
First, conduct basic research on any website used for a purchase. "Review its ratings from other shoppers and look up the Better Business Bureau rating of the business," Bachmann said. Always ensure the website address is secure and starts with "https://" before checking out.
"When you do have doubts regarding the integrity of the site or offer, walk away, especially if the offer is in an email, post or text message."
Be wary of information requested for the transaction. "Provide only essential information and call the retailer if the form requires more information than you are comfortable providing," Bachmann said.
Use security-enhanced credit cards, PayPal or a one-time card number for transactions to benefit from better dispute options in case something goes wrong with your purchase. "Read the policies regarding return and restocking fees and all other relevant policies," Bachmann advised.
The security of your network is also something to consider. Cyber attacks happen frequently on public networks, since the software to conduct them is readily available. "When you shop on-the-go from your phone, do not use Wi-Fi. It's best to turn it off. Use your broadband uplink instead. It is much safer than public Wi-Fi networks," he said.
Also, make sure your computer is not infected by malicious software. One way to ensure this is by using online scanning from reputable websites like Norton or Intel Security. Also, when available, use two-step authentication, where the user enters a password and links it to a mobile device number to sign in.
"Use strong passwords, or even better, use a password manager across all your devices to manage and create strong passwords for all your accounts," Bachmann said. A strong password typically features a combination of letters and numbers, upper and lower cases and special characters, if allowed. It should be special to you and not related to public information, like an address or a birthday.
Variety is also important. "Never use your email or banking passwords for any other accounts," he said.
While Bachmann said there is no way to be completely secure online, taking these steps to protect your information will prevent your being an easy target for cyber criminals.