Lazy trips to Target aren’t an option in 2020 — this year, holiday shopping is all about finding the perfect gift on the World Wide Web. And although digital payment systems like Apple Pay and Shop Pay have made the payment process almost seamless, there is still a huge risk of fraud.
According to Adam Levin, President and Founder of the Identity Protection Company CyberScoutit’s a “cat and mouse” situation between the bad guys and the retail industry.
“When you’re dealing with hackers, you’re dealing with sophisticated, creative, and extremely persistent people,” adds Levin. “The protections available to most retailers and financial institutions are advanced, robust and constantly evolving to meet the highest standards, but there is a lot of money on the evil side.”
In physical stores, the main financial threat is at the point of sale. Think: physical devices that skim your debit card and steal the information when you swipe it at an ATM.
But Levin says that with online shopping, there are two major considerations. First, how does a system secure your data as it moves from you to the business, and second, how does a system store your data once it reaches the business?
Luckily, this isn’t the Wild West; there are strict rules. Card issuers like American Express and Visa came together in 2006 to form the Payment Card Industry Security Standards Council, which establishes policies to ensure that companies that process credit card information do so securely. The details of this so-called PCI compliance are super complicated and not worth going into here, but the broad outline is that the systems are supposed to use hardware and software to reduce fraud.
“The goal is that as a business, you can do what you do and know that your customers’ data is protected from insider and outsider compromise,” adds Levin.
These details are also very complex, but most use data encryption, tokenization and masking. They ensure that your real credit card information doesn’t float around after a purchase – just a disguised version of it.
Apple Pay, for example, “does not store or have access to the original credit, debit, or prepaid card numbers” that customers use, according to its website. Information is initially encrypted when someone enters it. Then Apple “decrypts the data, determines your card’s payment network, and re-encrypts the data with a key that only your payment network (or any provider authorized by your card issuer for provisioning and token services ) can unlock”. Google Pay and Shop Pay have a similar configuration.
This type of encryption generally makes systems safe to use, explains the National Retail Federation Leon Buck.
So how do you play Santa Claus safely?
Levin advises people never to shop on a shared computer or public Wi-Fi network because they are easy for strangers to exploit. You can even set up a VPN to make things ultra-secure.
It also says to avoid ordering items by clicking on links – if there’s something you want in a store, it’s safest for you to (carefully) enter the URL myself so that you know exactly where you are going.
“Some people say, ‘Well, that’s a pain in the ass,'” Levin adds. “It’s painless compared to the level of pain you’ll face if you have to go through the agony of identity theft or credit card compromise.”
When you’re ready to pay, it’s best to use a credit card – not a debit card – because most credit card companies offer $0 liability for fraud. Many debit card companies also limit liability, but credit card lenders tend to be more urgent in locating stolen money.
At the end of the line ? Coin-operated systems like Google Pay, Shop Pay, and Apple Pay are pretty secure, but there are a few steps you can take to give yourself an extra layer of security. Security.
After all, you need to search for #1.
“The consumer’s ultimate guardian is, has been, and always will be the consumer,” says Levin. “No one is more interested in our financial security than we are.”