This is the second of twelve EDUCAUSE Awareness Campaign blog posts featuring ready-made content designed to enhance security and privacy awareness. Use these tips and resources to help faculty, staff, and students protect their electronic payments.
Campus Security Awareness Campaign 2020
This post is part of a larger campaign designed to support privacy, security, and IT professionals as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Community Group sponsored by the EDUCAUSE Higher Education Information Security Council (HEISC). View the other monthly blog posts with ready-made content on the awareness campaigns resource page.
Your campus constituents are using electronic payments more than ever before. As the use of credit cards to make purchases and payments replaces the use of cash, and online merchants supplant brick-and-mortar stores, protecting electronic payments becomes more important. Whether you are making payments for your own personal consumption or on behalf of your institution, electronic payments need to be protected. Use the content below in your security awareness campaign to provide faculty, staff, and students with resources to help them protect their money—and the institution's money.
Get the Word Out
Newsletter or Website Content
Online sales in the United States grew to a record high of nearly 19 percent during the 2019 holiday season.1 At the same time, the convenience of using credit cards and other electronic payment services is compelling consumers to rapidly reduce their use of cash. The 2019 Diary of Consumer Payment Choice report shows that cash is used about 50 percent of the time for in-person transactions under $10 (for things like lunch or coffee).2 For larger purchases of $25 or more, cash is used only 10 percent of the time. Cybercriminals are taking advantage of the increase in electronic payments. According to the 2020 Cybersecurity Report from Check Point Research, mobile banking malware attacks increased 50 percent from 2018 to 2019.3 Here are some tips to help you safely use electronic payment sites.
- Verify websites before entering important information. Clicking on a link may not take you where you expect to go. When shopping, banking, or making payments online, manually type in the website name (e.g., chase.com) instead of clicking on links in an email, social network post, or text message.
- Look for deceptive emails and texts. Your bank or electronic payment processor won't ask you to provide personal information or passwords via email, but scammers will. Watch this Consumer Reports video for examples.
- Ignore phone calls from unknown and unfamiliar numbers. If you receive a phone call from someone who is urgently asking for money, there's a good chance it's a scam. Most of these calls can be safely ignored, but if you want to check, search for the organization's website and find out for yourself. Don't be rattled by threats over the phone.
- Look for the lock icon in your browser. The lock icon in the address bar of your web browser shows that the website you're visiting sends data in encrypted form. Never send money or pay for goods on a site without this important safeguard.
- Public computers aren't for private information. The computers in a hotel lobby or a public library may have a virus that records your activity, including any passwords you enter. Shop and make electronic payments only on a computer that you control.
- Don't use free Wi-Fi when making an electronic payment. The open nature of free Wi-Fi at cafes, airports, and other public venues makes it possible for others who are on the same Wi-Fi network to spy on your activities. If you cannot wait for another time to do your banking, use a VPN when using free Wi-Fi.
- Consider getting a credit card just for electronic payments. If you decide to get a credit card or online account just for electronic payments, make sure the credit limit or available balance is low. This can protect you from a large loss due to online fraud.
- Review your transactions regularly. Online banking allows you to check your account quickly and easily. Take time each day or each week to quickly review electronic payments. If you see charges you don't recognize, notify your bank or payment application vendor (e.g., Venmo, PayPal, or Apple Pay) as soon as possible.
- Check your credit reports to help spot fraud. Credit reporting services Experian, Equifax, and TransUnion are required to provide you with a free credit report once per year, so try to check one report every four months.4
Social Posts
- Don't transfer money using a shared work machine, public computer, or a device that does not belong to you. #CyberAware
- Protect your e-payment applications. Use a strong password, or better yet, create a two-step login. #CyberAware
- Debit or credit? Credit cards usually have better fraud protection. Choose a credit card for payments when you can. #CyberAware
- Banking online? Not at the coffee shop, please! Use only trusted Wi-Fi for important transactions. #CyberAware
Email Signature
Ask staff to add a tip to their email signature block, as well as a link to your institution's information security page.
Example:
Jane or John Doe
Chief Information Security Officer
XYZ College or UniversityDo you buy or transfer money online? Learn how to keep your money safe with these tips. [Link to your institution's information security page or link to FTC's Phone Scams page, which includes information about common phone scams.]
Embed or Share Videos
Resources
- Federal Trade Commission (FTC): Consumer Information on Phone Scams
- NBC News: 6 Things You Should Do to Protect Your Financial Information
- SiteLock: How Can I Tell If a Website Is Safe? Look for These 5 Signs
- Better Business Bureau: Avoid Peer-to-Peer Payment Scams on PayPal, Zelle, Venmo, and Others
- PC Mag: What Is a VPN, and Why You Need One
For more information and resources, you can also reference previous EDUCAUSE Review Security Matters Campus Security Awareness Campaign blog posts.
- "April 2019: Whaling, SMiShing, and Vishing…Oh My!"
- "May 2019: 2FA—Control in the Palm of Your Hand"
- "October 2018: Don't Let a Phishing Scam Reel You In"
For more information about information security governance, compliance, data protection, and privacy programs, please visit the EDUCAUSE Review Security Matters blog as well as the Cybersecurity Program page. Access additional security and privacy awareness resources through the Awareness Campaigns page.
Notes
- William Tsang, "Mastercard SpendingPulse: U.S. Retail Sales Grew 3.4% This Holiday Season," Mastercard Communications, December 26, 2019. ↩
- Raynil Kumar and Shaun O'Brien, 2019 Findings from the Diary of Consumer Payment Choice, research report (San Francisco, CA: Federal Reserve Bank of San Francisco, June 2019). ↩
- Check Point Research, 2020 Cyber Security Report, research report (San Carlos, CA: Check Point Research, January 2020). ↩
- Central Source LLC, AnnualCreditReport.com (website), n.d., accessed January 22, 2020. ↩
Kolin Hodgson is a Senior Information Security Analyst at the University of Notre Dame.
© 2020 Kolin Hodgson. The text of this work is licensed under a Creative Commons BY-ND 4.0 International License.