The vCIO Chronicles - Holiday Shopping

By Kye Grant, vCIO.

It’s that time of year again, another holiday season is upon us and with that comes all the joys and anxieties of shopping for loved ones. This year more than ever however, the majority of us are doing this online due to the current circumstances of COVID-19 and wanting to stay as safe as possible. With all that said, it is easier now to do all that shopping online but it is also easier to unknowingly and knowingly give away personal data. So here are a few tips and tricks to stay as safe as possible online this year.

First and foremost, when making your purchases you’re more than likely going to be asked to make an account for whatever vendor or website you happen to be purchasing from. When doing this there are a few things to take into account – no pun intended.

  • One, what information are you willing to give them? Is this a vendor you purchase from often or is this going to be a one-off purchase for a loved one.
  • Two, is this a reputable vendor? Are they an Amazon? Or are we dealing with a direct vendor purchase and you aren’t so certain about their reputation.
  • Last but not least, how will you be paying? Can you use a secure third-party payment form (i.e. Paypal) or are you giving them your direct credit card information. Once you have these details figured out you can confidently plan your purchase path forward.

When dealing with smaller online vendors or say a purchase you know is going to only be one time, I like to minimize the amount of information I give them for one, I also like to skew the information a bit in my favor. What I mean by this is, when signing up for that one-off account I like to always use my middle name as my first name. There are two reasons for this: one being it allows me to sort the corresponding emails quite easily and maintains a slight amount of anonymity.

Mainly though, this allows me in the future to know when receiving random emails addressed to me as my middle name, that one of these sites has given my personal and or account data away for marketing purposes. Finally, another bonus will be quickly identifying any spam or mailing list emails addressed to you by middle name. Makes it easy to unsubscribe from those mailing lists as we know this is not something we will need or want to purchase again. With the larger vendors or services we use more regularly these practices may not be necessary, but can also be used to help sort regular from irregular, more infrequent purchases.

Another key recommendation is to keep your day-to-day passwords and credentials far away from online shopping. Using the same password or an iteration of your online banking or email login password can only lead down a dark path. We are providing data to guarantee who we are, where we live and so on. So providing a similar password to very important accounts, makes it easier for malicious actors online to identify who you are and attempt to breach your accounts with known information.

A suggestion with not only online shopping but all online transactions, is to keep three sets of passwords. One primary set for your main accounts like banking, email and other similar accounts with highly personal data. The secondary set would be mainly used for lesser accounts with some personal data but nothing that could be used for identify theft or breaching other accounts (for things like news services, music streaming and gaming accounts.) The last set or tertiary set would be used for the discussed one-off purchase accounts and promotional signups. This will guarantee, if a lesser account is breached, and/or a password is gleaned, it will not allow cyber attackers to then leverage that to gain access to other, more important accounts.

Finally when dealing with these purchases online and having to provide a form of payment you should always be mindful of the payment form you’re going to use. It is always best to make purchases online with a third-party protected service if possible: such as Paypal, Apply Pay or Google Pay. This will provide the greatest amount of purchase protection during a transaction. If that’s not possible make sure to use

a protected credit card with some sort of insurance coverage that offers you some protection if the card is then used fraudulently. Using direct payment methods such as Debit Visa or Pre-paid Credit Cards can lead to issues in the event of a transaction not going according to plan. My final thought when it comes to passwords, is another trick that is often not leveraged enough- this being a password manager, such as LastPass, that can help generate and store your secure passwords; meaning you can ditch those spreadsheets and easily misplaced handwritten notes.

Hopefully by following some or all of this advice you can shop online with more confidence and security, and have some peace of mind amidst all the holiday shopping insanity