Posts

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.