Chronicle Journal: Finance

Naughty or Nice? PCI Pal Study Identifies ‘Seven Seasonal Security Sins’ That Too Many Consumers Are Making This Holiday Season

In advance of the peak shopping season, a new study from payment compliance provider, PCI Pal shows that millions of Americans continue to over-indulge in risky behaviors - both online and on the phone.

While almost half (49%) of Americans have reportedly been the victims of cybercrime, the study concludes that fears of fraud have not done enough to significantly change consumer behaviors. The data identified the seven seasonal security ‘sins’ more likely to spread misery than merriment during this year’s festive shopping season.

The Seven Seasonal Security Sins ranked:

  1. Using the same password across multiple sites and apps. A stunning 47% of Americans admit using one password when logging in to various accounts. Long identified as one of the major causes of cybercrime, this easy-to-remedy mistake is likely to leave consumers out of pocket before they begin the holiday shopping splurge. To avoid this mistake, check out the various password managers online that can help to ensure all passwords you use are unique and random.
  2. Using public WiFi to make purchases and check financial information. Impulse purchases and in-the-moment sales can be tempting - but for the 45% of consumers that admit to accessing sensitive data such as payment or shipping information over public or free WiFi, the risk could result in that information being stolen ‘in transit’ before the purchase is confirmed. Turn on your cellular data or log on to a secure WiFi network when accessing sensitive data to keep your data safe.
  3. Not checking customer service credentials. While we all tell our kids not to talk to strangers, a lot of people don’t take that advice over the phone. An eye-opening 44% admit that they don’t always check the credentials of the customer service representative they are engaging with - giving information such as name, date of birth and payment data to relative strangers. Stay ahead of cyber criminals by making sure the number you’re calling comes from the company’s website, and if you receive a call, hang-up and call the company back using contact details you’ve verified.
  4. Showing Goodwill to All. Over a third of respondents admitted to an over-friendly attitude online. 35.4% have accepted unsolicited friend requests via social media, gifting relative strangers with access to the kinds of personal data that can fuel multiple credit card applications or spending sprees. Avoid granting access to your data to strangers by vetting every friend request that comes in and deleting the ones you are unsure of.
  5. Clicking first and asking questions later. Despite decades of consumer education, the temptation to click through links or download attachments of unknown origin persists. Phishing attacks are the biggest cause of cyber compromise, yet almost a third (30%) can’t resist clicking links, even if the consequences might prove more naughty than nice. If unsure of a link or attachment, avoid opening it!
  6. Making it a season of (over)sharing. Despite headlines exposing security flaws and malevolent actors across social media, 28% of respondents continue to share a wealth of personal information on profiles, exposing themselves to identity theft and a potentially painful start to the new year. Prevent this by ensuring that your social media setting are locked down so that personal information is only shared with your explicit consent.
  7. Overlooking checks and balances. Two-factor authentication was introduced to provide a relatively frictionless and much improved security safety net but the research shows that it is still not widely used. Only 24% confirmed always using two-factor authentication, 53% offered a non-committal ‘sometimes’ and the remaining 23% have never used it to protect passwords and payments. Google, Facebook, Twitter, WhatsApp, Instagram and others all offer two-factor authentication. Make sure you have it turned on in your settings for an added layer of protection!

This data paints a picture of a nation playing fast and loose with personal information. As we head into Black Friday and Cyber Monday, consumers must remember not just every gift on their shopping lists, but also that every one of these seasonal sins represents an increased risk to their financial security.

“If consumers (and the people who lend to them) aren’t worried about their security, they should be,” said Geoff Forsyth, CISO, PCI Pal. “The U.S Government’s Cybersecurity and Infrastructure Agency (CISA) has urged extra vigilance this holiday season so consumers need to take a greater role in protecting themselves. Good security hygiene is a shared responsibility - one with billions of dollars at stake.”

For more information, you can download the infographic on the findings here.


PCI Pal is the specialist provider of secure payment solutions for contact centers and businesses taking Cardholder Not Present (CNP) payments. PCI Pal’s globally accessible cloud platform empowers organizations to take payments securely without bringing their environments into scope of PCI DSS and other relevant data security rules and regulations.

With the entire product portfolio served from PCI Pal’s cloud environment, integrations with existing telephony, payment, and desktop environments is flexible and proven, ensuring no degradation of service while achieving security and compliance.

PCI Pal has offices in London, Ipswich (UK) and Charlotte NC (USA). For more information visit or follow the team on Twitter @PCIPAL.


Willa Hahn
SourceCode Communications for PCI Pal

Data & News supplied by
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.