Yukon Information and Privacy Commissioner
Take care to protect personal information during busy holiday shopping season
Wed, Nov 27, 2019
Information and Privacy Commissioner provides suggestions on how to safeguard your privacy online and in the shopping mall
WHITEHORSE – When the holiday shopping season approaches, “you better watch out”, as the familiar Christmas carol advises, but not just because Santa Claus is coming to town.
Instead, shoppers have other reasons to take special care. In the excitement and rush of the season, it is easy to forget to ensure your personal information is well-protected.
“It’s often required that individuals share a significant amount of personal information while shopping,” said Diane McLeod-McKay, the Yukon Information and Privacy Commissioner. “This means that there can be a high risk of identity theft and fraud. Yukoners can lessen the risks by educating themselves about how to actively protect their personal information.”
There are many sources of guidance on this topic on a variety of websites. To assist Yukoners, McLeod-McKay has compiled a list of ideas and tips, which is attached below and can also be found on her website here.
The Ombudsman, Information and Privacy Commissioner, and Public Interest Disclosure Commissioner is an independent officer of the Yukon Legislative Assembly.
For more information, please go to www.ombudsman.yk.ca.
See below to read Privacy Tips for Holiday Shoppers.
Office of the Yukon Ombudsman, Information and Privacy Commissioner & Public Interest Disclosure Commissioner
Follow us on Twitter
Privacy Tips for Holiday Shoppers
When shopping at a store…
· Cover up your Personal Identification Number (PIN) when using debit or credit cards. PIN codes have been compromised when others watch while people enter their PIN and record it. Watchers could include the store clerk, other shoppers, or video surveillance, including someone recording with their smart phone.
· Ensure automated cash machines have not been compromised. A machine that has been tampered with may allow your bank information to be stolen. Some helpful tips to prevent this are outlined here.
· Don’t let your debit or credit card out of your sight. Credit card information has been stolen by people who take a card when the owner isn’t looking, and then record the information for future use. They may be able to replace the card before you know anything has happened, or may switch your card for one that appears to be the same.
· Be cautious of double-swiping of your debit or credit cards. This technique has been used to send card information someplace other than the bank, such as a personal computer. It has also been used to gain direct access to cash by debiting an account for a cash-back transaction.
· Be wary of personal information being collected. A store should require a minimal amount of personal information, such as your debit or credit card, to complete a purchase. If the clerk asks you for information such as your name, address, phone number, driver’s license number or Social Insurance Number (SIN), ask what the legal authority is for collecting this information. There are very few circumstances that would authorize a store to collect your driver’s license number; this information is often sought by identity thieves or fraudsters. Any request for your SIN should be refused.
· Keep an eye out for suspicious portable payment devices in restaurants and shops. Identity thieves and fraudsters have been known to switch a portable debit/credit card machine with a fake one that allows them to directly collect the payment and card information. If you have any suspicions regarding a device, report it to the store manager.
When shopping online…
· Ensure your computer security is up-to-date. When shopping online, one of the ways that criminals obtain identity or payment information is by exploiting outdated computer security. Make sure that you use an up-to-date web browser (the program you use to surf the Internet), have an active and up-to-date virus scanner, and ensure your computer is receiving updates for its operating system.
· Don’t online shop while using a non-secure wireless Internet connection. Identity thieves or fraudsters can easily capture your personal information, including card payment information, while it is being entered using public or shared WIFI.
· Take extra measures to ensure the shopping website is real. Identity thieves and fraudsters set up fake websites that look like legitimate online stores, marketplaces, or travel websites, and then collect personal and credit card information. Below are a number of steps that may help verify if the website is legitimate or not.
o Examine the website address. If it is unusual, it may be fake (i.e. amason.com instead of amazon.com). Also, try a Google search such as “Is [website address] a scam?”
o Check if the website has a history on the Internet archive at https://archive.org/web/web.php. Having a bad reputation or no history is an indicator that the website may be fake.
o Be wary of online shops that use international phone numbers, a free email service such as Gmail or Yahoo as their contact information, or have only a “contact us” form instead of a phone number and address.
o After verifying the legitimacy of the site, search online comments or reviews related to the website or online store.
o Be suspicious of great deals on brand items; sometimes it really is too good to be true.
· Be wary of personal information being collected. A website should require a minimal amount of personal information to complete a purchase. When making an online purchase, it is normal to be asked to provide contact and payment information. You should never be asked to provide sensitive personal information such as your Social Insurance Number (SIN) and driver’s license.
· Don’t use the same username and password for various accounts or online stores. If identity thieves and fraudsters are successful in hacking into databases, they can then access other websites where you have used the same log-in information. Check regularly to determine whether any of your accounts have been compromised and if so, stop using similar credentials for other accounts.
· Don’t share your username and passwords with others. Sharing this information for your debit and credit cards may eliminate your ability to recover losses on these cards. Also, others may not take adequate precautions to protect your personal information.
General shopping and privacy tips…
· Check your bank and credit card accounts often. Immediately report to your bank (or credit card company) any transactions that you did not make. Fraudsters have been known to make small purchases or withdraw small amounts daily to avoid detection.
· Use a low limit credit card to make online purchases. This eliminates the possibility of a fraudster racking up large purchases.
· Don’t provide personal information in response to an email or telephone call. Identity thieves or fraudsters will use a technique known as phishing to obtain personal information from you, which can be used later to steal your identity and commit fraud. No legitimate company or government should request personal information directly via email or phone. If you are asked, do not provide the information via phone or email, because there is no way for you to confirm the real source of the call or email. In general, bodies such as Revenue Canada, Kijiji, Ebay or Microsoft will not call you. If you get a call from someone claiming to be from these entities, it is most likely a scam.
· Don’t open emails from individuals you don’t recognize. Just opening an email can launch malware or a virus onto your computer. Malware makes it possible for personal information stored on your computer to be stolen. A virus can corrupt your computer files, making them inaccessible. Even if you do recognize the sender, their account could be compromised. Always be wary of emails that look suspicious and contain links or attachments.
Although these tips should be helpful, nothing is guaranteed, and new scams are being developed all the time. Shoppers should continue to use their own discretion and be vigilant when sharing personal or financial information.