Safeguard Your Customers' -- and Your Own -- Online Identity

Entrepreneur.com

Entrepreneur.com

12/20/06 - 08:24 AM EST

'Tis the season for eggnog, mistletoe and ... cybercrooks? It's unfortunate, but as consumers become more comfortable with online shopping, cybercrooks are getting better at finding newer, sneakier ways to trick them into passing on personal information for the crooks' gain.

According to the Electronics Retailing Association, consumers are expected to spend more than $24.3 billion online this holiday season -- that's double-digit growth from last year's numbers. But as Christopher Faulkner, CEO of CI Host, a Dallas-based Web hosting and Web site management company, points out, with the onset of Cyber Monday on Nov. 27 -- the kickoff to the online shopping season -- cybercrooks are more than ready to pounce on online consumers.

Unfortunately, it's simply the nature of the season that has cybercrooks drooling over the increased opportunities for theft. As Todd Davis, CEO of ID theft prevention company LifeLock in Tempe, Arizona, says, there are simply too many large purchases coming through this time of year for credit card companies to be as vigilant as they normally are: "During the holiday season, thieves know they can put more on a card without being caught." According to Davis, 40% of all annual instances of identity theft occur between Nov. 15 and Dec. 31.

So what's a consumer to do? Be proactive. A good first step, Davis says, is to place a fraud alert on your credit report prior to becoming a victim. "Placing a fraud alert with the major credit bureaus -- Equifax, Experian and TransUnion -- is a great front line of defense." By doing this, Davis explains, any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.

The LifeLock CEO is so confident in fraud alerts that he was willing to give us his Social Security number for this article. "I want people to understand, No. 1, your information's out there. The idea that you're going to hide it is impossible." But by placing a fraud alert on your credit report, Davis believes consumers can stop identity theft from occurring altogether. (If you decide to do this, understand that you need to reissue a fraud alert every 90 days, unless you've already reported an identity theft to the credit bureaus, in which case the fraud alert lasts for seven years.)

Avoid Unsafe Transactions

Placing a fraud alert on your credit report is just a first step. Here are four more ways you can avoid unsafe transactions as you spread holiday cheer:

Before you provide any personal information online, always check to see that the padlock at the top or bottom of your browser is closed and locked.

The Web page address you're doing online business with should begin with "https:" -- this means that a secure connection has been established. The main home page of the site may not have "https:", but once you begin entering any personal information on a separate page, it should appear in the browser.

Check the site you're on for any third-party verification devices, such as VeriSign, TRUSTe or the Better Business Bureau. Also check for contact information. Be cautious of any sites that don't offer a phone number.

If a site asks you if you'd like to keep your credit card information on file for future use, say no -- this could be unsafe if a cybercrook hacks into the retailer's database. Instead, provide your card number with each purchase you make.

Help for Victims

If you do happen to fall victim to identity theft this holiday season, here are the top five steps our experts recommend you follow:

Call the three major credit bureaus to place a fraud alert on your credit reports. This will prevent an identity thief from opening any new accounts under your name.

Shut down the credit card account you believe has been tampered with so the credit card company can cancel your card, reverse the charges and get a new card out to you as soon as possible. And don't panic: During the holidays, credit card companies are usually quick to reissue a new card overnight.

File a local police report. You'll need multiple copies of the report to send to creditors to prove you've been a victim of identity theft.

File a complaint with the FTC. It's important that you log any occurrence of identity theft with this agency.

Pull copies of your credit periodically to check for new fraudulent charges. Once your information's out there, it can be resold multiple times, so it's a good idea to regularly check your credit report, especially during the first year after you discover the identity theft. For more detailed information from the FTC on what procedures to follow if you become a victim, visit their identity theft site.

Make Them Secure

As a business owner, you want to do all you can to protect your online customers and make them feel secure when they shop on your site. If you operate a retail Web site, here's some expert advice on how to help make your site safer for your holiday shoppers:

Set up a secure Web site. Set up firewalls and SSL encryption, and get third-party verification from a company like VeriSign or TRUSTe. "VeriSign is probably the best for transaction verification," says Davis, "while Web sites like TRUSTe are extremely good for making sure your site isn't hackable."

Scan your Web site for vulnerabilities. Faulkner recommends using a company like ScanAlert to scan your Web site for intrusion points where people can penetrate your security and get in behind the scenes of your site and into your database.

Post your privacy policy very clearly on your Web site, usually in the footer at the bottom of the page. "Your privacy policy should contain information on what kind of data you're collecting, how you're going to collect it, how you're going to store it, and if you're going to sell it to third parties," Faulkner says. "More importantly, I've seen a lot of merchants now updating those privacy policies with what types of security measures they're taking to store that data."

Visit TheStreet for more great features

TheStreet Premium Services

From the action-oriented investing ideas of Action Alerts PLUS by Jim Cramer to the expert technical trading strategies of Helene Meisler's Top Stocks, TheStreet.com offers a range of premium services to help boost your portfolio's performance. View now.

Expert Advisors Alerts Delivered to your Inbox

Action Alerts PLUS: Cramer's personal portfolio, emails before he acts.

RealMoney: 70+ experts share their top investing ideas and analysis.

Stocks Under $10: Alerts identify undervalued stocks with profit potential.

FREE NEWSLETTERS

Get an edge on the market with the help of free email newsletters like Jim Cramer's Daily Booyah!. Learn about the day's major market events, companies that sizzled or fizzled and lots more that can help you make more profitable investing decisions. Sign up.