Recommendations for Consumers
- When possible, use credit cards over debit cards for purchases, as credit cards often have greater consumer protections that limit a victim’s liability if fraudulent purchases are made.
- Enable payment charge notifications for every transaction on an account to be alerted of a fraudulent transaction as soon as it occurs.
- Before you use a POS system or ATM, check to see if there are signs of tampering.
- Use tap to pay or pay with your phone, as contactless or chip payment options are safer than swiping the card’s magnetic strip.
- Navigate directly to known, secure, and encrypted websites and designate or monitor one credit card for purchases, if possible.
- Enable multi-factor authentication (MFA) on every account that offers it, including any online shopping websites.
- Update browsers and use ad blockers.
Recommendations for Website Administrators
- Ensure hardware and software are up to date.
- Use strong, unique passwords for all accounts (admin, SFTP, database) and enable multi-factor authentication (MFA) on all administrative accounts at a minimum.
- Use only vetted first-party code.
- Use a web application firewall (WAF) to block and alert for potential code injection attacks.
- Block unauthorized transmission of personal data by implementing a Content Security Policy (CSP).
- Schedule routine website scans to identify changes in code composition.
