NEW YORK -- Retailers expect nearly half of all shoppers to make at least one online purchase this holiday season, and more than a third to use the Internet to compare prices or research products.
But those who wouldn't think of leaving their wallet or purse unattended while in a brick-and-mortar store are often far less careful when searching for bargains on the Web.
Whether you're using a computer or a smartphone, before you enter your credit card information, make sure you're shopping safely.
Here are five P's to keep in mind.
Strong passwords are the first line of defense against hackers, but most people don't go the extra mile. If your password contains a simple combination like "abc123," or word like "password" or something similarly easy, you're at risk, and you're not alone. The cybersecurity firm Imperva examined 32 million passwords exposed in a breach last year and found that the most commonly used password was "123456," followed by "12345."
A strong password should include at least five letters, numbers and punctuation marks. It's best to avoid using your address, birth date, phone number or your pet's name when creating a password. And, it's not safe to use the same one for multiple sites or devices.
One place to test the strength of a password is Microsoft's password checker: http://bit.ly/fvaesw.
Before placing an online order, look for a padlock symbol or "https" in the address line on your browser. That indicates that the website uses technology that encrypts your data.
It's especially important to check the security of a site if you've never shopped there before, or if it's not a widely known merchant. Data thieves have been known to create sites that mimic legitimate shopping venues and use them to snatch information.
If you receive an email that appears to be from a store you've shopped at, or your bank or credit card company, be wary about clicking on any links it contains. You could be the target of an identity thief. The link could lead you to a mocked-up site that looks official but is really aiming to get you to provide information that can be used to access your accounts. More details on this scam, known as "phishing," can be found at www.antiphishing.org and http://onguardonline.gov. Banks and credit card companies never send emails asking for updates on account or personal information. If you receive something that appears to be a phishing email, report it to the Internet Crime Complaint Center, a joint project of the Federal Bureau of Investigation and the National White Collar Crime Center, at www.ic3.gov . It may also be helpful to call your bank or card company using the phone number on your statement or the back of your card, and confirm your accounts are secure.
4. Personal assistance
Online retailers frequently offer shoppers the option of chatting "live" with a customer service representative, but that little pop-up window could be a hacker looking to steal your financial information. Never place an order or enter an account number or other personal details in a live chat. If you realize you've given up information in this manner, contact your bank or card company as soon as possible.
5. Prepaid cards
If you're concerned about identity theft, it might be worthwhile to purchase a prepaid card to use online instead of a credit or debit card. These reloadable cards may be used just like credit and debit cards, but spending is limited to the amount loaded onto them. Designating a prepaid card to use online can protect your identity, as well as your holiday budget.