Safe Holiday Shopping Using Public Wi-Fi

Mobile Commerce

Thanksgiving and Black Friday are behind us, which means the holiday season is in full swing—and so is holiday shopping. Since the introduction of the iPhone in 2007, more and more of that shopping takes place using smartphones and tablets every year. I’ve already talked about how global mobile data traffic has been growing at a speed worthy of a Formula 1 racecar, but an ever increasing number of people are also shopping via their mobile device. With the proliferation of public Wi-Fi access and the new Wi-Fi Hotspot 2.0 technology, consumers are increasingly connecting their devices to public access points, and many of them are doing so to shop.

Let’s look at a few of the numbers. Mobile commerce, sometimes referred to as m-commerce, (purchases made via mobile technology like smartphones and tablets) accounted for almost 33% of 2013 holiday purchases.1  In fact, 53% of the 400 million pages viewed on Walmart’s website on Black Friday in 2013 came from mobile devices.2  And, if the growth in recent years is any indication, those numbers will again increase substantially this year.

Wi-Fi Security Risks

Unfortunately, many public Wi-Fi access points don’t offer any form of link-layer security and leave you vulnerable to various types of cyber attacks,3
including:Unlock Wifi

Evil Twin Attacks

This type of attack is performed using a rogue Wi-Fi access point with the same name (or a similar name) as that of a trusted access point and is generally used for identity theft.

Session Hi-Jacking

This type of attack is performed by mimicking the access point to which you are connected, causing your device to disassociate from the network. The attacker then assumes your session, resulting in theft of service.

Session Side-Jacking

This type of attack is performed by an attacker snooping on your unencrypted Wi-Fi communications in order to intercept your session cookie. They then have access to your personal, private web pages (e.g. Facebook pages).


This type of attack is performed by an attacker intercepting your unencrypted Wi-Fi communications. This can put your personal information like passwords, credit card numbers, email, and photographs at risk of exploitation.

Stay Safe on Public Wi-Fi

There are a number of industry leaders working on safer, more secure Wi-Fi technology, but in the meantime, there are some best practices you can employ in order to make your shopping experiences safer and more secure when using public Wi-Fi access points.

Choose Your Wi-Fi Network Carefully

It’s worth the extra time to make sure you are connecting to the right network and not a scammers look-alike network. As an example: when you’re accessing a public Wi-Fi network like those offered in many restaurants, coffee shops, and public libraries, make sure you verify the name of the network with staff or on posted signs before connecting.

Check for the HTTPS

You may not have noticed, but most of the big e-commerce sites (and many other sites) don’t have the standard http:// at the beginning of their URLs. Instead they have https:// in its place. That “s” literally stands for secure and is a good indication that you’re working with a website that cares about security. There are extensions available for browsers like Chrome, Firefox and Opera that will force your browser to implement HTTPS on any page of a site that has it in place. One of these extensions is called HTTPS Everywhere.

Use a Virtual Private Network (VPN)

One of the best ways to secure your browsing sessions is to use a VPN. These virtual networks encrypt the traffic between your device and the VPN server, making it more difficult for a potential intruder to gain access to your data. There are many paid and free options, but you’ll want to do some research to find the VPN that best fits your needs.

Only Update Your Apps on a Trusted Home or Work Network

It’s important to keep your software and apps up to date. These updates frequently include new security features. However, don’t use public Wi-Fi to update your apps or other software. This can be an access point used by hackers to install malware on your device.

Use Unique Passwords

I know it’s a pain to remember all of your usernames and passwords, but it can be vital to security. If one of your accounts gets hacked or compromised, you don’t want the attacker to have access to all of your accounts. That’s why it’s important to make sure you are using unique passwords on every site. It’s also important to change your passwords periodically.

Enable Two-Factor Authentication

Services like Gmail, Facebook and Twitter offer two-factor authentication. When it is enabled, you have an added layer of protection if someone does sniff out your password when you’re using public Wi-Fi Access points.

Forget the Network

You should be in the habit of logging off of any services you were signed into before ending your session. Also, you should not allow your mobile device to log onto these networks automatically. Learn how to make your device “forget” a network and then do so consistently when using public Wi-Fi access points.

Be Careful What You Access

When accessing the Internet via public Wi-Fi access points, it is important to limit the activities you do. Generally speaking, any financial transactions (especially Internet banking sessions) should be performed when you’re connected via cellular data or on a secure, trusted network.

This holiday season, I hope you’ll keep mobile security in mind. Getting a great deal on your shopping won’t mean much if your phone or information is compromised.