Shopping Safely Online is Important! 

Shopping safely online is more important now than ever before. Since the COVID-19 pandemic began, online sales have been skyrocketing. More and more of us are opting to get our basic necessities via online shopping.

There are dangers lurking anytime you are required to provide personally identifiable information (PII), such as passwords and payment information online.  You need to be cyber smart to reduce the risk of becoming a cyber crime victim.

Shopping Safely Online
Don’t Use Your Debit Card

Credit Cards vs. Debit Cards

When it comes to shopping safely online, one of the best tips I can give you is to use your CREDIT card instead of your debit card. If you have the choice, you should always use your credit card instead of your debit card when making online purchases.

Debit Cards Are Tied to Your Bank Account

We often forget that every time we make a purchase using a debit card, the funds are withdrawn directly from our checking account. When making purchases with a credit card, you’re using the bank’s money. It’s a line of credit, not real money from your checking account.

With a credit card, it’s the bank’s money that’s on the line. Therefore, you’re not going to be held liable for fraud. The bank will need to deal with it.  When it comes to credit card fraud, the most you could be liable for is $50 and the majority of banks waive the fee.

Debit cards however, do not offer the same fraud protections as a credit card. With a debit card you should be able to get your money back when and IF you report fraud promptly, but it could take 10 days or more to get it back. While the bank is investigating the fraud, your account is frozen, so you will have no access to the funds in that account. This could be a huge problem, if you need that money to pay your bills, and even more so, if you have bills that are set up for auto-pay.

There are Different Rules for Debit Cards

If an unauthorized transaction appears on your bank statement (but your card or PIN has NOT been stolen) you won’t be liable for the debit if you report it within 60 days after your account statement is sent to you.  BUT – if the charge goes unreported for more than 60 days, your money could be lost. When you report the theft, the bank will investigate and decide if you they are required to credit the money back to your account.

Alternatively, the time frame is much shorter if your card or PIN was lost or stolen. You only have 2 business days in order to limit your liability to no more than $50 of unauthorized charges. After those 2 business days have passed, you’re liable for $500 of the amount lost, between 3 and 60 days. After 60 days, you are liable for the entire amount of your losses. You must, therefore, be sure to make a report as soon as you learn that your card is missing or that your PIN has been stolen.

How to Report a Suspicious Debit Charge

If you spot a fraudulent transaction, immediately call the card provider’s toll-free number on the back of the card. Ask them if you need to follow up with written correspondence. You can also read your monthly statement or error resolution notice for how and where to report any suspicious transactions. Lastly, if you get a replacement card, with a new number, remember to update any automatic payments that were linked to the original card.

More Tips for Shopping Safely Online

1.) Even when using a credit card, be careful where you shop online. Scammers have already set up millions of bogus online website shops. Especially since the Coronavirus pandemic began, fraudsters are trying to sell everything from COVID-19 DIY testing kits, to cleaning disinfectants and medical supplies.

2.) Only shop on websites that you know and trust and type the URL of the website yourself, instead of clicking on any links or attachments in emails. Be careful of your spelling too! Scammers often set up websites with incorrectly spelled names of common websites.

3.) When logging on to a website, utilize two-factor authentication (2FA) to ensure that the only person who has access to your account is you.

4.) Use long strong, stealth passwords or use a password manager. Always, use a separate stealth password for important sites you log on to. For example, be sure to use a separate password when logging into your online banking account than the one you will use to log on to your Facebook or Amazon account.

5.) Never use your debit card for recurring charges on the internet. Use a prepaid card with a limited amount of money available on it.

6.) Do not use public Wi-Fi at an airport, a hotel, a restaurant, etc. for online purchases. If you have no choice, then be sure to confirm the exact name of the network and login procedures to ensure that the network is legitimate.

7.) Use only websites that begin with “https://” when shopping online.  Watch out for website extensions.  Most online shopping website addresses end in “.com”

8.) Privacy is important too. Here’s a link to your privacy settings on Google.

You can read a prior article I wrote about shopping safely online here




Security experts say that skimming devices, could be netting crooks as much as $3 billion a year in the US.  YES, you read that right – $3 billion!

Skimming devices are tiny electronic devices, installed by crooks, that read the personal information from a credit or debit card’s magnetic strip. The ones installed at a bank ATM machine, may also have a hidden camera that picks up the keypad clicks to steal debit card PIN numbers. The stolen information is then transmitted wirelessly to the thieves.

Most skimming devices are placed inside bank ATMs, where crooks insert the tiny devices to steal card data. Investigators are presently seeing a dramatic spike in skimmers being inserted into pay-at-the-pump panels at gas stations. A major contributing factor to this problem is that most gas stations apparently use the same master key codes on their pumps, making them easy prey for skimmer thieves.

In the past, crooks had to return to the ATM or gas pump to retrieve the skimming devices. Now they use Bluetooth technology. Known as blue-snarfing or blue skimming, crooks can sit 100 yards away while card info is transmitted right to their laptop. A single compromised pump can capture data from 30-100 cards a day.

Skimming Devices


Many of the compromised stations are those without proper security cameras and/or tamper-evident seals on their pumps. Off-brand filling stations and pumps closest to major streets or highways are the most targeted. Be on the lookout for an area wrapped in black or gray electrical tape. This type of electrical tape seems to be found in nearly all of the pay-at-the-pump skimming attacks. Some stations are placing security seals with a message saying “Please Report If Seal Is Broken”.


Skimming Devices are detected with a new app
This app will help detect them

The app is called “Skimmer Scammer”. It’s currently available for Android. You can download it on Google Play by clicking here:

The “Skimmer Scammer” app is a FREE open source gas pump skimmer detection app developed by SparkX. It detects common Bluetooth based skimmers – found mostly in gas pumps.  According to SparkX, “This app does not obtain or download data from a given skimmer, nor does it report any information to local authorities”.

Google Play’s description of the app says, “This app uses your phone’s Bluetooth radio to detect a common radio component in modern fuel pump skimmers (HC-05) and warn you if you’re about to get scammed”.


You should never use your debit card at a pay-at-the-pump panel at a gas station. Here’s why. If you use your credit card to buy gas and the credit card gets skimmed, the issuer will make good on most fraudulent purchases. However, if you use your debit card to buy gas and your debit card gets skimmed, the thief will use that information to gain access to your checking account.

Remember, your debit card is directly tied to the money in your checking account. Therefore, each transaction made, via your debit card, is withdrawn from the funds in your checking account.

Skimming thieves will use stolen debit card data and load that data onto a ‘white’ card (a counterfeit copy of the card). Then the ‘white’ card is used at bank ATMs to drain cash from the victim’s checking account.

You could suffer large losses if your card is skimmed and you fail to report the incident to your bank promptly. Additionally, while the bank is investigating your issue, you will not have access to any of the money in your checking account.

So, I repeat: Never ever use your debit card at a pay-at-the-pump panel at a gas station. It’s definitely not worth the risk of having your checking account completely cleaned out!


Originally, new credit and debit card rules required all retailers to install EMV smart chip equipment to process card transactions by October, 2015, in order to avoid liability. Unfortunately, that requirement has been delayed until October 2020, for gas station pumps. That gives skimmer thieves almost 3 more years to steal card data from their victims.


If you intend to do any gift shopping online, here’s some suggestions to help you shop safely on Cyber Monday.

Cyber Monday is a marketing term for the Monday after Thanksgiving. Wikipedia defines the term Cyber Monday as a day created by marketing companies to persuade consumers to stay home and shop online instead of having to brave the large crowds on Black Friday.

Cyber Monday shopping online

Cyber Monday is quickly becoming one of the most lucrative shopping days of the year for retailers. They will be promoting great deals through their websites and social media channels. But, consumers need to know how to shop safely on Cyber Monday and beyond…

First, you must make sure you are on a trusted legitimate website from a well-known retailer. Be careful not to misspell the website name. Imposters intentionally create fake websites using a misspelled name of a legitimate merchant or a name that is very similar to a legitimate retailer.

Next, you should be sure that the website address begins with HTTPS. The ‘S’ in HTTPS means that the website is using encryption to safeguard the personal information you enter when making your purchase. You can also use a browser plug-in called “HTTPS Everywhere”, for a more secure internet experience.

Once you decide to make a purchase, the merchant will ask you to begin by setting up an account. People mistakenly believe that if they use the “check out as a guest” feature, it means the merchant won’t store their information or add them to their email marketing list. Yes – they will!

There are 3 steps required in the process of shopping online and tips on how to safely navigate them:
  • You need to provide an email address. The retailer needs an email address so they can contact you if there’s a problem with your order. Instead of providing your usual regular email address, create a throwaway email address. You should just use this throwaway email address whenever you’re shopping online.
  • You need to create a Password. This is the single biggest security step consumers need to take to protect themselves online. It’s extremely important to create a stealth password. Preferably one that a cybercriminal can’t crack! A good password can mean the difference between keeping your personal info secure or handing it over to a hacker. Always use a unique separate password for each of your online accounts. Make your password long and nonsensical. Make up a sentence or silly phrase using upper and lower case letters and mix in numbers and symbols.
  • You need to pay for your purchase. There are various methods you can use to pay, such as a credit or debit card, gift card or mobile payment. But the safest recommended way to pay is by using a low-limit prepaid card for all of your online purchases. When you use a low-limit card, crooks won’t be able to make additional charges on it. This is especially important for any purchase that involves free trial offers or recurring charges. Never use your debit card online because it is tied to the money in your checking account. You will have very little recourse if your debit card gets compromised. Keep these tips in mind, so you can shop safely on Cyber-Monday! I hope you find some really good holiday bargains!


Tis the Season…For Holiday Scams

The holiday shopping season is underway and Scammers are already gearing up to exploit innocent victims with holiday scams. They love this time of year, when they have even more opportunities to separate you from your money.

Holiday Scams Warning

Here’s a list of Holiday Scams to help  keep you safer & smarter!

Spam Phishing Emails will be finding their way into your inbox. These emails have urgent messages or will contain offers for bargain prices or discount coupons. They will always include a clickable link or an attachment to open. If you click on the provided link or attachment, you will infect your device with Malware. It is advisable to never click on email links or attachments.

Package Delivery Scams are a Fraudster’s favorite trick. They know that most of you are either sending or expecting to receive a package during the holidays. Many millions of spam emails, pretending to be from known shippers (like the Post Office, FedEx or UPS) will be sent out to unsuspecting victims. The emails will include a link to click on that lets you “track” a problem with a package you recently mailed or “track” a package that’s on its way to your house.

E-cards are a fun, easy & inexpensive way to send holiday cheer to family and friends. Make sure any e-card you receive comes from a well-known reputable e-card company. Do NOT open it if the sender is unknown to you.  Many fake e-cards contain spyware and viruses.

Gift cards make popular holiday gifts. Be sure to only purchase them from official retail stores or websites that you know and trust. Beware of websites or ads offering steep discounts for gift cards. Chances are the cards are fraudulent or stolen cards from third-party vendors.

Fake websites will pop up all over the internet offering fantastic bargains. Beware of copy-cat websites or sites that use similar or misspelled names of legitimate retailers. You may not realize that you’re on a fake website and enter your password or credit card information. You think you actually made a purchase, but your merchandise will never arrive and your credit card information will now be used to make illegal purchases.

A good place to evaluate websites selling retail goods is  where you can find reviews about merchants and see if they’re legitimate. If they’re not listed there, chances are it’s a holiday scams website.

Fake online Ads will appear on social media sites and even on legitimate News websites. They exist to entice you to click on links that will either contain keystroke-logging Malware or lure you into providing personal information that will make you a victim of Identity Theft.

Public WiFi is neither private nor secure. You can never be sure whether you’re using the authorized WiFi of the retailer or actually the WiFi of the thief, sitting a few tables away. Use a Virtual Private Network (VPN) when using WiFi, for better online security. Make sure to NEVER use your debit card while shopping online. Your debit card is tied to the money in your checking account. You have better consumer protection when using your credit card. Better yet, use a gift card or prepaid debit card for all your online purchases.

SONIC Breach- 5 Million Debit & Credit Card Info Stolen

The recent Sonic Breach reported by the fast food chain was a breach of their card processing system. The Sonic Breach resulted in the theft of 5 million credit and debit card information. The chain has more than 3,500 locations in 44 states. At the time of this writing, Sonic did not disclose the number of its restaurants that were potentially affected.

The stolen card data included the zip codes of the card holders!

The fact that zip codes were included as part of the stolen information, makes the resale of this information more valuable.

The zip codes allow a criminal to know exactly which geographical area the card originated from. This in turn, helps the criminal avoid making their purchases look suspicious; by only using the card to make purchases in the cardholder’s local geographical area.

Sonic Breach of Card Info

The information from the Sonic breach is already being sold on the Dark Web, which is the part of the Internet where criminals go to purchase stolen data. The card data will fetch a price of about $25 to $50 each, depending on the type of card (debit or credit) and the card limits available.

It seems like almost every week we hear news of another data breach. Your personal information is only as safe as the companies entrusted to protect it.

The Sonic Breach could have been totally avoided had Sonic updated their processing equipment to accept the more secure EMV chip cards. Instead, they’re still using the old style magnetic-strip for their card processing.

  • Avoid making purchases at retailers who have not yet switched to the new EMV system.
  • If you used a credit or a debit card at a Sonic restaurant in the last 6 months, be sure to carefully monitor your accounts for any sign of fraudulent purchases.
  • If you discover any fraudulent purchases on your credit card bill, notify your credit card company. In the case of a DEBIT card, be sure to notify your bank immediately, to prevent the money in your checking account from getting completely wiped out.
  • Debit cards do NOT have the same consumer protections as credit cards. Therefore, in the future, refrain from using your debit card except at an ATM. If your debit card gets stolen or skimmed, you could lose all the money in your checking account if it is not timely reported to your bank. Also, the funds in your checking account will be frozen while the bank investigates, denying you access to your account during the process.

Until all businesses switch to the newer and safer EMV chip cards, we will unfortunately see more and more breaches like this one.

It is up to you to remain ever vigilant!