Many companies featured on Money advertise with us. Opinions are our own, but compensation and
in-depth research determine where and how companies may appear. Learn more about how we make money.

Advertiser Disclosure

The purpose of this disclosure is to explain how we make money without charging you for our content.

Our mission is to help people at any stage of life make smart financial decisions through research, reporting, reviews, recommendations, and tools.

Earning your trust is essential to our success, and we believe transparency is critical to creating that trust. To that end, you should know that many or all of the companies featured here are partners who advertise with us.

Our content is free because our partners pay us a referral fee if you click on links or call any of the phone numbers on our site. If you choose to interact with the content on our site, we will likely receive compensation. If you don't, we will not be compensated. Ultimately the choice is yours.

Opinions are our own and our editors and staff writers are instructed to maintain editorial integrity, but compensation along with in-depth research will determine where, how, and in what order they appear on the page.

To find out more about our editorial process and how we make money, click here.

By Julia Glum
November 13, 2020
Jade Schulz for Money

Lazy trips to Target aren’t an option in 2020 — this year, holiday shopping is all about finding the perfect gift on the World Wide Web. And while digital payment systems like Apple Pay and Shop Pay have made the checkout process nearly seamless, there’s still a huge risk of fraud.

According to Adam Levin, chairman and founder of identity protection firm CyberScout, it’s a “cat-and-mouse” situation between the bad guys and the retail industry.

“When you’re dealing with hackers, you’re dealing with sophisticated, creative and extremely persistent people,” Levin adds. “Protections that most retailers and financial institutions have are advanced, robust and constantly evolving to meet the highest standards — but there’s a lot of money on the side of evil.”

In brick-and-mortar stores, the primary financial threat occurs at the point of sale. Think: Physical devices that skim your debit card and steal the info when you slide it into an ATM.

But Levin says that with online shopping, there are two major considerations. First, how does a system secure your data as it travels from you to the company, and second, how does a system store your data once it’s reached the company?

Ads by Money. We may be compensated when you click on this ad.Ad
While online, your personal information is constantly exposed to bad actors. Protect your identity TODAY.
Don't fall prey to cybercriminals looking to steal your hard-earned dollars. Find the best Identity Theft Protection now by clicking on your state.
HawaiiAlaskaFloridaSouth CarolinaGeorgiaAlabamaNorth CarolinaTennesseeRIRhode IslandCTConnecticutMAMassachusettsMaineNHNew HampshireVTVermontNew YorkNJNew JerseyDEDelawareMDMarylandWest VirginiaOhioMichiganArizonaNevadaUtahColoradoNew MexicoSouth DakotaIowaIndianaIllinoisMinnesotaWisconsinMissouriLouisianaVirginiaDCWashington DCIdahoCaliforniaNorth DakotaWashingtonOregonMontanaWyomingNebraskaKansasOklahomaPennsylvaniaKentuckyMississippiArkansasTexas
Get Started

Luckily, it’s not the wild west; there are some hard rules. Card issuers like American Express and Visa got together in 2006 to form the Payment Card Industry Security Standards Council, which sets policies to ensure companies that deal in credit card info do so safely. The details of this so-called PCI compliance are super complicated and not worth getting into here, but the broad strokes are that systems are supposed to utilize hardware and software to reduce fraud.

“The purpose is so, as a business, you can do what you do and know that your customers’ data is secure against compromise from the inside and outside,” Levin adds.

These details are also very complex, but most use encryption, tokenization and data masking. They make it so your actual credit card info isn’t floating around after a purchase — only a disguised version of it.

Apple Pay, for example, “doesn’t store or have access to the original credit, debit, or prepaid card numbers” customers use, according to its website. The info is initially encrypted when someone enters it. Then Apple “decrypts the data, determines your card’s payment network, and re-encrypts the data with a key that only your payment network (or any providers authorized by your card issuer for provisioning and token services) can unlock.” Google Pay and Shop Pay have a similar setup.

This kind of encryption generally makes the systems safe to use, says the National Retail Federation’s Leon Buck.

So how can you play Santa safely?

Levin advises people to never shop on a shared computer or public wifi because they’re easy for strangers to exploit. You could even set up a VPN to make things uber-secure.

He also says to avoid ordering items by clicking on links — if there’s something you want from a store, it’s safer for you to (carefully) type in the URL myself so you know exactly where you’re going.

“Some people go, ‘Well that’s a pain in the butt,’” Levin adds. “That has no pain in it compared to the level of pain you’ll face if you have to go through the agony of identity theft or credit card compromise.”

When you’re ready to check out, it’s better to use a credit — not debit — card, because most credit card firms offer $0 fraud liability. Many debit card companies limit liability too, but credit card lenders tend to display more urgency in locating stolen money.

Bottom line? Tokenized systems like Google Pay, Shop Pay and Apple Pay are pretty secure, but there are a couple of steps you can take to give yourself an extra layer of security.

After all, you’ve got to look out for No. 1.

“The ultimate guardian of the consumer is, has been and will always be the consumer,” Levin says. “No one has more interest in our financial security than we do.”

Ads by Money. We may be compensated when you click on this ad.Ad
Protect yourself from the threat of Identity Theft.
With comprehensive and affordable Identity Theft Protection software, Identity Guard will secure your personal information. Click below to get the protection you deserve.
Get Started

More from Money:

‘Will That Be Debit or Credit?’ The Answer Is Trickier Than You Think

Covid Scams From A to Z: 26 Ways Fraudsters Are Fooling People During the Pandemic

Are Chip Cards Truly Protecting You? Here’s What Experts Say

Advertiser Disclosure

The purpose of this disclosure is to explain how we make money without charging you for our content.

Our mission is to help people at any stage of life make smart financial decisions through research, reporting, reviews, recommendations, and tools.

Earning your trust is essential to our success, and we believe transparency is critical to creating that trust. To that end, you should know that many or all of the companies featured here are partners who advertise with us.

Our content is free because our partners pay us a referral fee if you click on links or call any of the phone numbers on our site. If you choose to interact with the content on our site, we will likely receive compensation. If you don't, we will not be compensated. Ultimately the choice is yours.

Opinions are our own and our editors and staff writers are instructed to maintain editorial integrity, but compensation along with in-depth research will determine where, how, and in what order they appear on the page.

To find out more about our editorial process and how we make money, click here.

EDIT POST