Q. When shopping online, you’re providing a lot of personal information. Does that increase the risk of vulnerability to identity theft?
A. At most major reputable retailers, it shouldn’t significantly increase the risk. They have adequate controls in place to encrypt that information. But that’s all assuming you’re not communicating this over unencrypted public Wi-Fi channels. That can increase the risk of bad actors intercepting some of that information wirelessly.
But a lot of the major retailers really do a pretty good job of processing those transactions. The one thing that does occasionally add to your risk profile is when you save and store your credit card information with major retailers. The reason that would potentially increase the risk profile is not that someone could be intercepting that transaction and stealing your identity and credit card information, but if there’s a breach at that company. So, Walmart or Amazon, if they suffer a data breach in some other capacity, then having your credit card information on file obviously increases the risk that a malicious actor could gain access to that information.
One thing you can do to better your digital hygiene practices is just to not save credit card information with retailers. It’s a bit of a pain to type it in every time, but that certainly can be one way of reducing your risk overall.
Q. You mention the major retailers being secure with customer information, but what about the start-up companies selling specialty products? These companies seem to pop up often on social media, especially during the holidays, presenting gift ideas.
A. Yeah, I see them on Instagram. With those, there’s always risk of them having that start-up mentality. “Hey, we have an idea, let’s get a product out there, let’s start promoting it, let’s try to drive a whole bunch of traffic.” And for those types of companies, security’s not always their first thought. Growth is their first thought. They want attention, they want people there, so a lot of times they’re going to use off-the-shelf software to process those credit card transactions.
And there’s reasonably free or cheap software to process online transactions and it’s generally pretty good. There’s not any major risk or vulnerabilities with using those types of platforms, such as Shopify. So your credit card information may be safe, but really, it’s a matter of what other data they are collecting about the transaction. What might they be doing in addition to just processing that credit card number? So, there’s definitely some additional risks with those types of companies with someone gaining access to a credit card number that shouldn’t have it.
Q. What are the best ways to check the legitimacy of those start-up retail companies?
A. There are websites that will aggregate reviews. Obviously, through Google, you can search for the company name and look for reviews that way, but there’s also sites like Trustpilot.com and ResellerRatings.com that report aggregated customer experiences with various e-commerce sites. Consumers will report things like, “Hey, I ordered this item and …….