Road Warriors Shop Online – So Do Hackers

Many people who love to travel turn to online shopping portals to earn extra points and miles. For a road warrior, online shopping isn’t just a way to rack up the miles, it’s a way of life. The more time you spend on the road, away from home, the less time you want to spend on chores – like shopping. Now, don’t get me wrong, I love to shop, but I think there are two different types of shopping. The shopping you have to do – grocery shopping, shopping for travel necessities, shopping for beauty supplies and other essentials and then there’s the shopping you want to do – window shopping, shopping for new toys (TV, electronics, etc…) shopping for clothes (and even that can be tedious.)

For most of my shopping, I turn to the internet. You can buy almost anything online today and it’s usually very simple. This year, I’ve only spent 13 weeks in the US at so that’s pushed me towards online shopping more and more. One thing you always have to be mindful of is identity theft and credit card fraud. Using very strong unique passwords is essential. Using different passwords for you email accounts than you use for all other accounts is critical and linking accounts together – well, that’s a no-no. For all the caution you take in creating strong passwords, there’s only so much that can do for you (just check out this article on hacking.) We also need to rely on the companies we shop with to maintain their own security protocols and at the same time, count on our credit card companies to detect fraudulent behavior.

I work in an industry where talk about security and terms like PCI compliancy, SSAE 16 and SOC 2 every day. While I’m hyper aware of security on-the-job, I – like so many others – am way to lenient in my personal life. I was reminded of this today when I got an interesting phone call, from The Gap – parent company of Old Navy. Almost simultaneously I got an email about the order I had placed earlier that day. I was a bit suspicious of the call and will never validate any personal information when receiving an unexpected inquiry. The woman on the phone gave me a number to call back. I looked at the email and the same number was in that email. Hackers are getting much more sophisticated, so I was still a bit suspicious.

I went to the Old Navy website and called the main customer service number listed there. I spoke to an agent and told her about the call and email I had received. She took my order number and verified that the call had in fact come from The Gap. They were concerned that the order might be fraudulent. She transferred me directly to the appropriate department and I spoke to someone who asked me a few simple questions. She said the order was being shipped to an address they didn’t have on file for me previously and asked me to confirm what address the order was to be shipped to she also asked me to tell her what the previous shipping address had been. She asked me to tell her what one of the items was in the purchase. Then she told me that they had already called my bank and verified that the card information was correct. Once I did that, she asked me to confirm that I had made the purchase and I did. She said that was all I needed to do and the order would be held up no longer.

It was interesting to me because I’ve never gotten a call like that directly from a store/company that I’ve shopped with. I’ve gotten that call plenty of times from my credit card company or bank – but this was a first. At first I was a little annoyed with the inconvenience, but as I thought about it more, I was relieved that the Gap, and its subsidiaries, are taking this step. The more protection I have from credit card fraud and identity theft, the better!

About 15 years ago my identity was stolen and it took years and years to recover from that. I would get calls out of the blue from creditors, banks and other companies informing me of new accounts that had been opened, things that had been purchased and more. The strangest – and now funniest – incident came when I got a call from a car Insurance company asking me if I wanted to renew my insurance policy. I was surprised at the call because I had never used that company before. When I asked them what type of car the policy was for, I discovered it was for a car that I had never owned. It took an unbelievable number of calls with police, FBI and credit bureaus to resolve the issues that resulted from the fraud and identity theft.

About 3 years ago I was in Singapore and used an American Express card. I only used that card one time in Singapore and remember the exact shop I was in when I used it. Several hours later I got a call from Amex asking me if I had made a $2 purchase followed by a $10,000 purchase. Nope, definitely not me! Amex is great about taking care of problems like this, but it was a stark reminder of how easy it is to have your information stolen.

So today’s call from the Gap, during one of the busiest shopping periods of the year, to remain vigilant and protect your personal information.

Tips to protecting your information:

  • Never use the same password for your email address and other online accounts
  • Use passwords that are not easily identifiable and are complex – don’t use short passwords (most websites require passwords that are longer than 6 characters these days, but many experts say that’s not even long enough!)
  • Commit your passwords to memory – putting them on paper or storing them in an unencrypted manner is inviting trouble
  • Change your passwords frequently and if you think you’ve been hacked change all your passwords right away.
  • Make sure you have unique passwords for platforms that are frequently hacked – like Facebook and Twitter.
  • Never give your password out
  • Don’t answer security questions with easily identifiable information – for example if your secret question or security question is “What city were you born in” and you answer with the city you were actually born in, a hacker could figure that out. Your birth place is public information. Use questions like “what is your favorite food” or “what is your favorite pet” or “what is your favorite color” things that hackers can’t easily figure out.

5 Comments on "Road Warriors Shop Online – So Do Hackers"

  1. You’ve brought up a really interesting point about the security questions. These “favorites” questions don’t make any sense to me. My favorite restaurant/city/singer/food/color is by no means constant over time, and pets pass on. I understand avoiding the public records info, but it seems the questions should have factual answers (elementary school name, grandfather’s middle name, etc.).

  2. I have frozen my credit reports which helps from thieves opening an account or purchasing a loan. I check my credit card activity almost daily for fraud activities

  3. @colleen
    sometimes if it works for you just pretend all security questions are a secondary password. Make one and use it only for the security question.

  4. @Colleen – the thought behind not using publicly identifiable info is that it makes it harder for someone who may already have gotten some of your passwords to hack other accounts you have by using the secret questions to reset them. If your facebook account is hacked, lets say, they would have access to your email address and other info you provide facebook. It’s an easy jump from there to using your email and your facebook password to try and hack all your other accounts. Lets say they get lucky and w/your email and FB password they can hack your credit card or bank account. The cc company or bank may not recognize that computer and ask for answers to the secondary questions. If the questions are easy to answer, the hacker will be in right away. If they’re not, it will be a good barrier to them getting access to your account. Now, that assumes that the bank/credit card company has such security in place. For example, Bank of America, Chase and Wells Fargo do. I’m sure there are many others that don’t. It’s all about taking as many steps as you can to make it harder for the hackers.

    Bottom line is that if they really want access, they’ll find a way.

  5. Walmart recently had me complete their three page Identity Theft form when my online account was accessed. I had to file a police report, and the officer was required to sign the Walmart form as well. In reply, Walmart sent me a screen shot that told me nothing. Hours of work for me; Thief moved on in seconds to his next victim.

Leave a comment

Your email address will not be published.