home_banner `

Content Icon

Van Wyk: Take Steps to Protect Yourself as a Consumer

October 22, 2017 | Blog | Data Breaches | By Ken Van Wyk, IANS Faculty

With all the digital threats we face on a daily basis, it’s a miracle we haven’t all been hacked. Or perhaps we have…

So we should all just give up, right? Of course not. However, to ensure the odds are in your favor, there are some informed and well-planned steps you can take to take responsibility for your own safety. And yes, I’ve addressed this issue a few times over the years, but things change both on the threat side as well as the remediation side of things, so it’s a good idea to revisit this topic.

Like many others, I’ve found myself doing much more of my shopping online these days. I don’t care for the big mall experience, and even the big specialty stores give me the willies, so I turn to online transactions whenever I can. I’m also pretty careful about my online security and privacy, so I do my best to minimize my exposure.

But before I list things you should consider doing, let’s discuss the threat landscape. Online, we continue to see major security breaches at big-name companies. Some of these companies are consumer-facing, but others are less so. And no, as consumers, there’s nothing we can do to protect ourselves from those companies. Well, except for the fact that we have the “power of the purse,” as it were. We can shop somewhere else. In any case, I point you to the latest threat reports, such as Verizon’s Data Breaches and Incidents Report (DBIR), if you want to study these trends in detail.

It’s also worthwhile to point out some of the non-online threat trends. The biggest issues we as consumers face are skimming devices and malware on credit card point-of-sale (POS) equipment. These have continued to advance in both their technical capabilities as well as their frequency.

Skimming devices generally snap onto POS devices, especially ATMs and gasoline pumps. ATMs and gas pumps present favorable circumstances for many of the bad guys: they’re often unattended, and they’re out in the open. Skimmers can be attached to these devices, and then \ collect hundreds or thousands of customer account data. Coupled with a video recording device, they can also collect debit card PINs. The most capable skimmers have Bluetooth or other remote access capability, so the bad guys can collect their ill-gotten loot remotely, without ever getting out of their cars. They just pull up to the gas station or ATM, grab their stolen data, and then drive away.

So, what’s a consumer to do? Here are some steps that are most worth the effort.

  • Minimize your exposure. When purchasing online, favor “proceed as guest” without opening a user account on merchant sites. Even if you’re forced to register with a site, do not store your payment information. It might seem convenient, but that is a double-edged sword. The less information you store on a merchant site, the less exposure you have if that site is breached.

  • Favor advanced payment options. More and more merchant sites are supporting payments that do not involve the merchant having access to your payment account information. These include PayPal, Apple Pay and Android Pay. Consider it part of minimizing your exposure, but opting for these types of payment services keeps your exposure down significantly. Apple and Android Pay, in particular, use a tokenization technique that provides payment data that only works for a single transaction, making replay attacks far more difficult. This kind of payment service has a double benefit in many cases: it’s more convenient and it’s more secure.

  • Keep a record. If you do decide to store your payment information on a site, perhaps because they force you to or doing so really makes your life easier, be sure to record that (especially if it’s a merchant where you wish to shop frequently – sometimes storing payment information justifies the risk). I keep a running log of all the sites where I store my payment information. That way, when a credit card gets compromised, I can go to those sites and quickly update my payment information manually.

  • Be selective. This is a tough one at times, but choose your merchants wisely. If you wouldn’t be comfortable walking into their store and handing over your credit card, don’t do it online. Some credit card issuers give consumers the option of setting up temporary or per-merchant credit card “accounts,” so that your real account isn’t directly exposed. For those cases where you might be a bit concerned about a merchant, you can provide them with a one-time account number. You can likely further limit the dollar amount and other attributes of the transaction as well. Ask your card issuer if they support these types of features.

These are just a few pretty basic things you can do. The bottom line remains: proceed, but with caution. Don’t just give out your information because a merchant “requires” it. Take a step back and ask yourself what your risks are, then plan how you can best protect yourself.


Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

Related Research

Cyber Attacks Represent Higher GDP Risk in North America than Globally

In North America, cyber attacks rank second among risks to the country’s gross domestic product. When the risks of 279 cities around the globe are averaged together, cyber attacks fall to seventh on the risk index.

IANS Vulnerability and Breach Update: Q4 2018

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Beyond Chip and PIN: Reducing Credit Card Fraud

Now that most U.S. merchants have adopted EMV-based chip and PIN technology at the point-of-sale, how are fraudsters adapting? In this live Ask-an-Expert interaction, IANS Faculty Aaron Turner details the most common schemes and threats, as well as ways to mitigate them.

Overview of the Financial Consequences of a Cyber Attack

Successful cyber attacks of public companies from 2005-2014 resulted in a loss of 1.1% of the company’s market value on average, and a drop of 3.2 percentage points in sales growth rate.

We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.