Protecting electronic payments

interfacing mobile device and credit card
Credit: Andrey Suslov / Shutterstock.com © 2020

Online sales in the United States grew to a record high of nearly 19 percent during the 2019 holiday season.1 At the same time, the convenience of using credit cards and other electronic payment services is compelling consumers to rapidly reduce their use of cash. The 2019 Diary of Consumer Payment Choice report shows that cash is used about 50 percent of the time for in-person transactions under $10 (for things like lunch or coffee).2 For larger purchases of $25 or more, cash is used only 10 percent of the time. Cybercriminals are taking advantage of the increase in electronic payments. According to the 2020 Cybersecurity Report from Check Point Research, mobile banking malware attacks increased 50 percent from 2018 to 2019.3 Here are some tips to help you safely use electronic payment sites.

  • Verify websites before entering important information. Clicking on a link may not take you where you expect to go. When shopping, banking, or making payments online, manually type in the website name (e.g., chase.com) instead of clicking on links in an email, social network post, or text message.
  • Look for deceptive emails and texts. Your bank or electronic payment processor won’t ask you to provide personal information or passwords via email, but scammers will. Watch this Consumer Reports video for examples.
  • Ignore phone calls from unknown and unfamiliar numbers. If you receive a phone call from someone who is urgently asking for money, there’s a good chance it’s a scam. Most of these calls can be safely ignored, but if you want to check, search for the organization’s website and find out for yourself. Don’t be rattled by threats over the phone.
  • Look for the lock icon in your browser. The lock icon in the address bar of your web browser shows that the website you’re visiting sends data in encrypted form. Never send money or pay for goods on a site without this important safeguard.
  • Public computers aren’t for private information. The computers in a hotel lobby or a public library may have a virus that records your activity, including any passwords you enter. Shop and make electronic payments only on a computer that you control.
  • Don’t use free Wi-Fi when making an electronic payment. The open nature of free Wi-Fi at cafes, airports, and other public venues makes it possible for others who are on the same Wi-Fi network to spy on your activities. If you cannot wait for another time to do your banking, use a VPN when using free Wi-Fi.
  • Consider getting a credit card just for electronic payments. If you decide to get a credit card or online account just for electronic payments, make sure the credit limit or available balance is low. This can protect you from a large loss due to online fraud.
  • Review your transactions regularly. Online banking allows you to check your account quickly and easily. Take time each day or each week to quickly review electronic payments. If you see charges you don’t recognize, notify your bank or payment application vendor (e.g., Venmo, PayPal, or Apple Pay) as soon as possible.
  • Check your credit reports to help spot fraud. Credit reporting services Experian, Equifax, and TransUnion are required to provide you with a free credit report once per year, so try to check one report every four months.4

Notes

  1. William Tsang, “Mastercard SpendingPulse: U.S. Retail Sales Grew 3.4% This Holiday Season,” Mastercard Communications, December 26, 2019. 
  2. Raynil Kumar and Shaun O’Brien, 2019 Findings from the Diary of Consumer Payment Choice,research report (San Francisco, CA: Federal Reserve Bank of San Francisco, June 2019). 
  3. Check Point Research, 2020 Cyber Security Report,research report (San Carlos, CA: Check Point Research, January 2020). 
  4. Central Source LLC, AnnualCreditReport.com (website), n.d., accessed January 22, 2020. 

Campus Security Awareness Campaign 2019

This content is from a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC). 


Making the upgrade to Catalina

If you are considering upgrading an off-domain computer to Catalina, you should check the compatibility of any additional software you have installed. Please refer to Apple’s support article How to find 32-bit apps on your Mac

If all of your applications are compatible, you may proceed with the Catalina update. You can upgrade to Catalina by doing the following:

Apple Menu > System Preferences > Software Update.

As with all OS updates, we recommend that you back up your files before updating.


Take ownership of your privacy

Learn more at staysafeonline.org/stay-safe-online/manage-privacy-settings

Social media and mobile apps allow people to stay connected with friends and family, organize their work and personal lives, learn new things, explore new interests or activities, make travel plans, play games, or binge-watch the latest shows. However, these technologies also introduce a plethora of ways for personal information to be tracked, shared, or exposed. Here are some tips you can follow to protect your online information and keep your personal information private.

  • Limit the amount of personal information that you share online by updating your privacy settings on websites, apps, and mobile devices at least one or two times per year. Not sure where to begin? The National Cyber Security Alliance (NCSA) website provides direct links to update individual account privacy settings on popular devices and online services.
  • Working in a public space? People can easily overhear phone conversations, so make sure you move to a private area when discussing personal or confidential information. People can also unintentionally—or intentionally—see what’s on your laptop or mobile device. Consider investing in a privacy screen to prevent shoulder surfing and to help protect sensitive work information or details about your personal life.
  • Turn on two-step verification or multifactor authentication (MFA) whenever it’s offered to help prevent unauthorized access to your mobile devices or online accounts. The National Institute of Standards and Technology (NIST) provides more details about MFA and why it’s important. The Two Factor Auth (2FA) website provides a list of websites that support 2FA.
  • Use a virtual private network (VPN) while working from home or using public Wi-Fi networks, especially when using a banking app or conducting other important personal or professional business. VPNs create a secure, encrypted connection (like a tunnel) between your device and the network. You can also use incognito or private web browsing windows to limit the information collected in your browsing history, cookies, or online forms.
  • Don’t overshare! Limit the kinds of personal information you share on social networking sites. And before you post those vacation pictures, remember that the same data used to help sort and store your photos by date and location can also (unintentionally) reveal where you live, work, or vacation.1
  • Online quizzes and games can be fun, but before taking that quiz to find out which Hogwarts house you belong in, think about how the personal details from your social media profiles might be sold to or shared with data collection companies.2 (Look for a privacy policy whenever you play a game or take a quiz to see how social media or affiliate sites may capture and use your personal data.)
  • Learn more about why privacy matters. It’s important to understand the different aspects of privacy (e.g., personal privacy, autonomy, secrecy, limited access, and the “right to be let alone”), as well as how the two distinct concepts of privacy and security differ.3

Notes

  1. Thomas Germain, “How a Photo’s Hidden ‘Exif’ Data Exposes Your Personal Information,” Consumer Reports (website), December 6, 2019. 
  2. “Scam Alert: That Facebook Quiz Might Be a Big Data Company Mining Your Personal Information,” Better Business Bureau (website), March 21, 2018. 
  3. Valerie Vogel and Joanna Grama, “The Yin and Yang of Security and Privacy,” EDUCAUSE Review, January 28, 2019. 

For more information about information security governance, compliance, data protection, and privacy programs, please visit the EDUCAUSE Review Security Matters blog as well as the Cybersecurity Program page. Access additional security and privacy awareness resources through the Awareness Campaigns page.