02:28 - Source: CNN
Online shopping versus in-store shopping

Story highlights

Check your address bar for "https" before entering payment information

When shopping from mobile devices, use trusted apps and WiFi networks

Always turn on the passcode protection for your mobile devices

If an online deal sounds too good to be true, it probably is

CNN  — 

Doing your holiday shopping online is generally preferable to braving the season’s frantic mall crowds, slow moving checkout lines and tiresome holiday background music. But don’t get too relaxed. There are still some security precautions everyone should take before sharing payment information online.

Increasingly, people are using their smartphones and tablets for online shopping. There was a 190% in mobile purchases this year on Cyber Monday, and 193% jump on Black Friday, according to mobile payments company PayPal. The shift to mobile presents its own unique security challenges, including malware apps and text phishing scams.

Here are online shopping security tips to keep in mind all year round, on all your devices.

Check for “HTTPS”

Not all webpages are equally secure. Before entering any personal or payment information, make sure to look up at your browser bar. The URL should start with HTTPS, not HTTP. That one letter on the end, S, is the difference between a secure site and an unsecured site.

Bing takes on Google in fight for holiday shoppers

A secondary thing to look for is the small lock icon in your address bar. This lock indicates that you have an SSL (secure sockets layer) connection. The icon is standard for most popular browsers, including Internet Explorer, Chrome, Safari and Firefox.

On mobile devices, the address bar is tinier and easier to overlook. Do a little pinch-and-zoom to locate the S before sharing your payment information.

Watch your WiFi

Shopping from mobile devices means an increased chance you’ll be on an unfamiliar WiFi network.

“Only window shop on public WiFi,” recommends Derek Halliday, lead security product manager at Lookout, a mobile security company.

Holiday shoppers share tips for buying American

Avoid entering your credit card number or other private information when you’re on an unsecured, public WiFi connection where people could snoop. Wait until you are back at home or work.

Vet the vendors and apps

The Internet is packed with stores, some reputable and others downright shady. While bargain hunting, it can be tempting to make your purchase from the site offering the lowest price, but take a moment to research any vendors you’re not familiar with.

“If something seems to good to be true, it probably is,” says Claudia Lombana, a PayPal shopping specialist.

Before you hand over your payment information, do a quick search for reviews of the vendor. Calculate the total cost of an item, including shipping and tax, when determining the lowest price.

The same tips apply when you’re using a mobile app. Only download apps for your smartphones and tablets through official stores, like the App Store for iOS or Google Play for Android.

The occasional unsavory app has been known to slip through these proper channels. Always check the reviews in the app stores to see what other users have to say. If there are bunch of one star reviews or warnings, don’t download the software. Another option is to download a mobile security app to scan new software and links.

Beware of phishing, SMiShing and other scams

By now most people know to keep an eye out for phishing scams – e-mails disguised as legitimate companies or organizations that ask for payment or password information. But every now and then, one comes along that looks incredibly convincing. To be safe, copy and paste all links into a fresh browser window instead of clicking on the hyperlink, check the originating email address and when in doubt, contact the company to verify the e-mail.

SMiShing (a lovely portmanteau of “SMS” and “Phishing”) has taken off recently, catching people off-guard who don’t expect to receive this type of spam as a text message. Earlier this year, scammers sent texts telling people they had won a $1,000 gift card from Walmart. The texts linked to a page that asked for credit card information to cover the cost of shipping the prize.

As a general rule, legitimate companies will never ask for your private information over email or text message, including payment information, usernames, passwords, mother’s maiden name or social security number.

Password protect mobile devices

This was the number one mobile tip from the experts we talked to: turn on the passcode on your phone or tablet.

It’s an easy and important precaution, but only 54% of Americans do it. Yes, it will take a few more seconds to access your email or open an app, but smartphones often contain more valuable information than what’s in your wallet.

“Many shopping apps archive your credit card information after your make a first purchase, and many apps don’t require that you enter your password every time you use it,” explained Halliday.

If your phone or tablet is lost or stolen, anyone can access the wealth of data you have stored on your device. Even if individual apps require passwords, someone can use your email and phone number to try and reset them.

Update often

Many operating system and application updates address security issues, plugging holes and fixing errors that could be exploited by hackers.

On your computer, update the operating system when prompted, and make sure you’re running the latest version of your browser.

For mobile devices, the routine is easier because the apps come through a central app store. You can see exactly what mobile apps need updating at a glance.

Use a credit card instead of a debit card

Credit cards are a more secure online payment option than your debit card. The majority of credit cards offer purchase protection in case your card number is stolen, or if you make a payment at an online store that delivers a bad product, or no product at all.

We know you’re very busy this time of year, but also take an extra moment to comb over your statements. Should any of these security precautions fail, you’ll want to catch suspicious charges as soon as possible.