5 tips for safe shopping on Black Friday and Cyber Monday

Big retailers aren't the only stores susceptible to data breaches during this week's holiday sale spree. Shopping online is a risk too. Consumers can protect their information while they shop online with a few simple tricks.
(Jeff Chiu / Associated Press)

Shoppers descend on malls and Best Buys on Black Friday each year, hungry for outrageous markdowns and incredible deals. But beware. This is the last holiday shopping season before Americans will switch over to the chip-and-pin technology popular in Europe, ditching the old magnetic strip credit and debit cards.

Until then, the majority of American retailers will continue to use the magnetic strip system at their registers, leaving them susceptible to data breaches. Hackers can siphon credit card data from those systems and sell it on the black market.

After breaches at major retailers, such as Target and Home Depot, it may seem like online shopping during Black Friday and Cyber Monday is the safest bet. But a digital “swipe” of the credit card poses risks of its own.

“We expect a rampant amount of intrusion attempts,” said Yaron Samid, chief executive of the financial security app BillGuard. “You should assume that your data will be compromised going in.”


But these breaches don’t mean Americans should stay home this year; shoppers should simply keep the risks in mind and make purchases carefully. Below are five tips shoppers can use while hunting for bargains -- in-store or online.

HTTPS is your friend

Hackers create myriad websites that can pass as real retailers. Thieves send emails that look like legitimate deals or discounts to reel shoppers in and steal their email addresses and account information. When making an online purchase, buyers should make sure they are accessing a secure website by checking for “https” in the browser.

Certain programs can help consumers check whether a website is secure. HTTPS Everywhere is a free Web extension for Firefox, Chrome and Opera that encrypts communications with many major websites, making browsing more secure. It helps prevent attacks, especially on public networks such as coffee shops.


Beware of micro charges

Shoppers should check their credit card and bank statements regularly, says Los Angeles-based financial specialist Michael Eisenberg. Most Americans won’t pay attention to a $2.50 charge, but hackers use small charges as a validation test. Those micro charges, which allow thieves to charge a premium for the card on the black market, are a telltale sign that a card has been compromised, Samid added.

A separate credit card for online shopping

If retail giants such as Staples and Neiman Marcus are susceptible to breaches, it can easily happen online. Eisenberg suggests setting up a separate credit card for online shopping. That way, if hackers get their hands on the information for one card, the rest of a shopper’s credit line -- and bank information -- is safe.


Use the ATM at your bank

Hackers can steal information from ATM cards by reading data off the magnetic strip. If the ATM is external, such as those at gas stations or malls, hackers have unlimited access and can compromise the machine. It’s much safer for shoppers to go inside a branch of their bank and use the ATM there. Many people believe their banks will catch any fraud for them, but it’s impossible to catch it all, Samid said.

“The reality is banks catch less than half of all card fraud. The majority is caught by cardholders and reported to the bank,” he said.

Vet your charities


Shoppers may be in a giving mood during the holidays, but those after your personal information won’t be. Digital thieves often exploit the generous holiday spirit by creating sham charities online -- and it’s not always easy to spot a fake. Hackers make these sites go viral so people share them on Facebook and Twitter, Samid said. He recommends reading the fine print on any charity site or brochure to track where donations truly go.

“Our hearts open and we think it’s legit if our friends pass them around,” he said. “If you don’t read the fine print, you can get scammed.”

Follow me on Twitter: @ParviniParlance