The holiday shopping season is ripe for good sales, which are multiplying like rabbits in the online world.  That also gives rise to the seasonal worry of holiday shopping scams, fraud and other misleading pitfalls, which shoppers will need to familiarize themselves with as e-commerce becomes more relevant.

Did you see that woman on the TODAY show that got suckered into a shopping scam by a guy that pushed his store through search engines, riding a massive wave of negative reviews?  Education becomes a mighty necessity for consumers of all sorts, eventually needing to understand their security options across several facets, from social networking to online shopping.

That’s before we even get going on the mobile sector.  With more on-site payment options, consumers are presented with more point-of-purchase features through the use of their individual mobile phones.  There are a number of concerns around this space as well, especially as larger companies like Google become involved in what seems like an early stage for this aspect of the industry.

Kurt Roemer, Chief Security Strategist with tech company Citrix Systems and member of the Board of Advisors to the Payment Card Industry can discuss these latest scams to be aware of, as the holiday shopping season pushes through in full swing. More importantly he discusses how consumers can protect themselves.  As a company involved in securities, Citrix has been making some notable strides this year, including the acquisition of VMLogix.

Additionally, we have a look at Citrix’s partnership with Cisco, which has been a critical step for many companies in the cloud.  Security in particular has been of rising relevance, bringing a wealth of partnership opportunities for the likes of Citrix.  Read below for Roemer’s insight to remaining a protected consumer this holiday season.

What ways can Citrix help consumers avoid scams this holiday shopping season?

Large online retailers use the Web Application Firewall features of Citrix NetScaler to protect consumers from web attacks that lead to fraudulent transactions.  By using a web application firewall, consumer web sessions with online shopping and banking are protected for desktop, laptop and mobile users.  Using a web application firewall is a Payment Card Industry recommendation (6.6) and protects where personal firewalls, network firewalls and antivirus are ineffective.  Smaller retailers can take advantage of the web application firewall and other web optimization features in NetScaler VPX, the virtual (software-based) version of NetScaler.

Additionally, enterprises that use Citrix virtualization technologies can allow their employees to use Citrix Receiver to access applications for online shopping.  Citrix Receiver enables datacenter-grade security for all transactions – even on mobile devices such as tablets and phones.

Here are some recent stats and tips:

–        PC World wrote that “Banks reported 5,743 attacks in the first six months of this year, according to the European ATM Security Team (EAST).” This a record high number of attacks since the bureau first began keeping statistic on these attacks in 2004

–        FTC – www.ftc.gov

o   New rules to protect your credit card issued by the FTC:

• Money on a gift card cannot expire for at least five years from the date the card was purchased, or from the last date any additional money was loaded onto the card. If the expiration date listed on the card is earlier than these dates, the money can be transferred to a replacement card at no cost.
• Inactivity fees can be charged only after a card hasn’t been used for at least one year, and then only once per month. But fees may be charged to buy the card or to replace a lost or stolen card.
• The card must clearly disclose its expiration date, and the card or packaging must clearly disclose any fees. There is one exception: Some cards produced before April 1, 2010, that list a short expiration time or inactivity fees in the first year may be sold through January 31, 2011. However, no matter what a card says, consumers still are protected by the new rules.

For mobile security in particular, what are some trends you’re seeing beyond the holiday season?

The biggest trend is the proliferation of mobile devices themselves.  With more people using more mobile devices, attackers and scammers will increasingly focus on hacking mobile platforms.  Users of mobile devices, such as smartphones and tablets need to ensure that they turn on security features and keep their device and applications up to date.  Apple continues to add security features to iOS – the operating system that powers iPhones, iPads and iPods – and provides great information on implementing security measures.

Another key trend is the rise of mobile payments.  Paying via a mobile devices is already a reality outside the US, where transactions from vending machines and point of sale terminals accept payment credentials from mobile devices.  Mobile devices are becoming the swiss army knife of computing, with ePayments being the next big thing.

(If you want to use your mobile device at the point of sale today, try a program such as CardScan that imports all of your reward card data and presents a barcode that can be scanned at the register – no more carrying all those reward cards around with you!)

Additional points

Practice good computer hygiene.  Don’t do online shopping, banking or other financial transactions on a computer that you don’t trust.  Ensure that software is up to date, security patches are applied, the browser is hardened against attack, and that a professional-grade security suite is running that has at least antivirus and antispyware.  It’s a lot of work on a desktop or laptop, but its worth it to ensure security.

Mobile platforms often make the job of securing the device much easier, as they are easier to keep up to date.

During the holidays, be especially vigilant in monitoring your cards for fraudulent transactions.  Thieves and scammers can easily get your card number as you hand your card from clerk to clerk in an increasingly hectic environment.  And, remember that cameras are everywhere these days, and even the camera in a phone has enough resolution to record your card number from several feet away!

To make it easier to monitor your cards, there are mobile applications that report balances, recent transactions, can alert on new transactions and can even authorize transactions.  Those without smartphones can often take advantage of a limited set of these features through SMS/texting.  Ask the bank that issued your card what security measures are available to you on-the-go.

It’s also a good time to ensure you have a strong password on all accounts that are tied to financial systems.

With many families sharing cards, bank accounts and online shopping sites, inform your family members (and especially kids) that they have a responsibility to protect online data and passwords.  For example, if your kids have your AppleID and password, they can buy songs, gift cards – maybe even a new MacBook Air, depending on your account settings.  A thief can also buy the same things if they get ahold of the password.  Have the kids keep any account credentials from prying eyes and educate them on the scams available and never to give account information in response to a text message or a call.  They probably already know this and more (and can tell you a few things) because of computer security eduction they receive in school. Share this info with all family members and be secure this holiday season.

(And for those of you with shared accounts, remember that your family members can look at purchase histories – use a separate account if you want to keep their gifts a secret!)

For any gift card purchase, give both the card and a gift receipt.  This way, if a card stripper drained the card balance, there’s a record of purchase and a way for the gift recipient to challenge any fraudulent transactions.

Card Skimmers are in widespread use and continue to be a favorite way for thieves to steal card data.  Keep an eye on your card, monitor transactions, and know how your card issuer reacts to fraud.  The use of credit cards is preferred over debit cards, as a debit card is tied directly to a checking or savings account, which results in immediate loss.  With a credit card, suspected fraud can be reported and investigated without directly affecting your checking or savings accounts.

Use public and well-lit terminals, such as the ATMs within a bank – not one on the street.