Why Should You Use a VPN While Shopping Online With a Credit Card?
Travel to any main street in America, and it’s not long before you’ll notice a bit of a trend: retail stores are dying (even monoliths like Walmart are struggling to keep up), and online shopping is king. With Jeff Bezos recently unseating Bill Gates for the title of “richest man in the world” with a net worth of over $140 billion, it’s obvious that websites like Amazon are quickly becoming the sole destination where millions of people around the world do their shopping.
Everything from clothing to groceries can be purchased online these days, which means literally thousands of credit card transactions happening every second, a veritable bounty for anyone who knows how to hack into those transaction tunnels and lift your financial information straight out of the air.
But not all credit card transactions have to be insecure. With the help of a VPN, you can protect your credit card with a stable encryption tool that works across all your devices, and guarantee that every purchase you make online is protected front to back!
Read on in our guide to shopping online with a VPN to find out everything you need to know about how to encrypt your transactions in the future.
Credit card fraud statistics
According to the latest reports covering credit card fraud, in 2016 losses from credit card attacks topped just over $16 billion, and upwards of nearly 50% of all of those thefts happened in the United States alone.
On average victims of credit card fraud reported a loss of $7,761, though oftentimes criminals will only take very small amounts from someone’s account over time in order to remain incognito. By only stealing small amounts from dozens, even hundreds of credit cards at once, hackers can fly under the radar for much longer and usually make out with much larger paydays in the long run.
45% of all these attacks were CNP transactions, or “card not present” (i.e - over the phone or shopping online).
How credit cards are protected
When you shop online, almost all websites that can accept a credit card will use multiple safeguards to guarantee that your connection to their servers is legitimate and unseen by the eyes of any potential hackers.
There are a few key systems in place which help to accomplish this goal, but primarily websites will use an encryption technique known as SSL, or a “Secure Socket Layer”, to verify the true nature of your connection. SSL works through a public-key encryption method that uses three separate “handshakes” between your device, the website, and the trust certificate issuer. You might also see this technique referred to as the more modern implementation of itself, TLS (Transport Layer Security), but since almost all of TLS 1.0 is essentially built off the back of SSL 3.0 the two can pretty much be used interchangeably.
By using a public-key verification system, it makes it next to impossible for a hacker to use something like a phishing hack to trick you into handing over your credit card details without knowing it. But, this doesn’t make it impossible either. Read on to find out how hackers have gotten increasingly inventive in the ways they try and steal your credit card information (sometimes straight out of the air)
How the attacks work
Whenever you read about online shopping security, every site worth its salt will always tell you to never shop online using a public WiFi hotspot like the ones you might find at Starbucks or an airport.
This is because of the potential of what’s known as a “man-in-the-middle” attack. Man-in-the-middle attacks, or MITM, work when a hacker quite literally injects themselves into the middle of a transaction between you and a website in the hopes that they can catch you in the act of online shopping and decrypt your connection en route.
The way MITM attacks are achieved can be as varied as the attack vector itself, but these days many hackers like to use a technique known as “spoofing” to fool unsuspecting users into connecting to fake WiFi hotspots that they own and operate themselves.
It works like this: Let’s say you’re sitting down at a Starbucks with your laptop for a day of scones, lattes, and a little light online shopping. You hit your available WiFi networks looking for a hotspot to connect to, and find one called “Free-Starbucks-WiFi”. Without a second thought you hit “connect” and start shopping to your heart’s content.
Only problem? The official WiFi hotspot for that Starbucks is actually called “Free-StarbucksWiFi”, and that little dash can make all the difference. Turns out the WiFi you’re connected to is actually a fake hotspot being run by a hacker who might be sitting in the same cafe right across from you and you wouldn’t even know it.
Now that you’re connected to their network, they can decrypt all the data that passes through their impromptu hotspot, including your credit card details as soon as they’re entered into the device you’re shopping from.
Not only that, but because they totally own the connection they can also skim just about any information you type in, including your home address, real name, phone number, and anything else they would need to impersonate you online.
The next attack vector for stealing credit cards online uses a technique known as “phishing”. You may have heard of this one before, as it’s almost always in the news thanks to high powered political figures and CEOs falling for it every other day.
Basically phishing works by emailing or messaging a link to you through email or social media, posing as a legitimate shopping site like Amazon and offering mega deals on items you need through fake links. Like MITM spoofing, often all it takes is one character being out of place in the sender’s email address to fool most victims of the scam.
Once on the site (which will look and function identically to the site it’s impersonating), you’ll think you’re shopping for the item you want, but really once you enter your information at checkout the site will simply send a fake confirmation while the perpetrator makes off with your financial data.
This is why it’s important that any time you shop online that you always check for the “secure” HTTPS logo in the top-right of your browser to verify the site you’re shopping on is legitimate, and not just the product of another scam.
This is likely one of the most popular methods that hackers will use to try and skim your credit card information, and the reason we left it for last is right now there aren’t really any VPNs out there that can detect if one has been installed on your device.
The way that keyloggers is pretty simple (and explained basically right in the name): a piece of malware is delivered to your device (usually though a dodgy download), and then runs in the background without you knowing about it. From there the virus will log every keystroke you punch into your device, keeping a special eye out for sequences of numbers that resemble a credit card.
Once the credit card number is recorded, the hacker gets an alert and it’s off to the races.
Though there was a huge kerfuffle made about the threat that RFID-enabled credit cards posed when they were first introduced a few years back, this is one of the least likely ways you could lose your credit card information.
Less than five percent of all credit cards in circulation carry RFID capability, and of that figure even less rely on the non-encrypted first version. Many companies tried to make a quick buck selling snake oil “RFID-blocking” wallets and purses, but as of 2019 there haven’t been any reports of hackers using RFID scanning devices to steal numbers on a wide scale.
How a VPN helps protect credit cards
So where do VPNs fit into all of this? Well, much like the security that an SSL-enabled connection provides, a VPN creates a 256-bit AES encrypted tunnel between your devices and the VPN provider. This means that the only parties who would ever be able to see your information are you and the intended online shopping portal destination.
Even with a spoofed WiFi hotspot, the end-to-end encryption of a VPN guarantees that -- even if captured in transit -- your traffic would never be visible to a potential attacker thanks to the obfuscation layer installed on top of all your data.
VPNs are a surefire method to protect your credit card while shopping online, and should be the first service you turn to whenever you plan to pick up a new pair of boots on Amazon or just want to get a quick bite delivered to where you are on the go.