7 tips to avoid ID theft and fraud when shopping with an iPad

Shopping online with your iPad need be no riskier than shopping online with a computer. Some of the risks may be unique to using a mobile device (including smart phones and Android tablets), while others are similar to those you face when shopping with a desktop or laptop at home.

Here are seven effective ways to minimize the risk of credit card fraud or identity theft when you shop (or bank) using your iPad.

1. Secure the basics

To protect your iPad should it be stolen or out of your sight for a time, set up a passcode lock of at least 8 alphanumeric characters and limit the number of passcode attempts a stranger can make. Also turn on the Auto-Lock (which locks the iPad after it has been inactive for a few minutes). If you want to be extra cautious, disable Bluetooth when you're not using it, as nearby strangers may be able to use it to hack into your iPad.

Smart phones are also often used for shopping. The video below offers valuable advice on how to secure your smart phone. Much of it also applies to the iPad.

More On This...

2. Update your apps and iOS frequently.

Don’t ignore on-screen alerts telling you that there are updates pending for your apps: They could include fixes for security flaws. If you put off updates, especially for apps that involve shopping or banking, you risk exposing your personal information to cyberthieves. It's also best to remove from your iPad any apps you never use. Leaving them on the tablet just increases your exposure.

It's also very important to keep iOS (the iPad's operating system) up to date. In February, for example, Apple issued an unusual update to iOS 7 that fixed a bug which the company said an attacker could use to capture or modify protected data.

3. Use a secure wireless connection.

If you shop at home using a router with encrypted Wi-Fi, you've got a secure connection. But when you're in, say, a coffee shop or airport, you can't always tell how secure the Wi-Fi connection is. If your iPad has 3G/4G capability, turn off Wi-Fi and use 3G/4G to get a more secure connection.

If your iPad is a Wi-Fi-only model, you're better off either going someplace else where you know the Wi-Fi is secure or securing your connection using a personal VPN (virtual private network) similar to the ones businesses use to secure confidential communications. You can find a number of personal VPN apps, such as the free Hotspot Shield, in Apple’s AppStore. We haven’t tested these products yet for security effectiveness against hackers. If you decide to try one, stick with one that has been downloaded by many people and rated highly in the App Store.

4. Shop only at secure websites.

If you shop outside your home and use the iPad's Web browser to visit commercial websites, make sure those websites use a secure connection, as indicated by the prefix "https:" in the browser address window. That means the browser and website will encrypt the data that passes between them, shielding it from criminals. If you use a personal VPN, using a secure connection isn't as critical, because the VPN will encrypt any data before it's transmitted from your iPad to the VPN service.

Apps you've installed on your iPad are different story. It's hard to tell whether a given app encrypts data before it sends it over the Net. Some apps' privacy notices claim they do. But there's no way for you to verify that. So you're better off engaging in financial transactions only when you're sure your wireless connection itself is secure.

For more tips on protecting your security and privacy online, visit our guide to Internet security.

5. Don’t jailbreak your iPad.

Some iPad users tinker with the device's operating system so they can install apps that weren't approved by Apple. If you do so, you may disable the security protections that were designed into the iPad, exposing it to malicious software and hackers. Doing so may also void your warranty and may be illegal.

6. Don't leave your credit card number on file with stores.

If you leave your credit card number permanently on file with a website, it can be used by anyone who breaks into your online account. The card number can also be stolen and misused should the store suffer a data breach such as those that recently affected the major retailers Target  and Neiman Marcus.

Other big online retailers such as Amazon and Apple iTunes let you remove all credit card numbers you keep on file with your existing account and then pay for each transaction individually. Some other stores you shop at may have a similar policy. If you shop at a store frequently, having to enter your card number each time you buy something can be an inconvenience, but it makes sense to do it for stores that you patronize less frequently.

Alternatively, you can obtain single-use credit card numbers from institutions such as Bank of America, Citibank, and Discover, that expire quickly and can only be used by one online store.

7. Watch out for e-mail phishing scams.

It's just as easy to be taken in by an e-mail scam on a tablet as on a regular computer. Beware of any e-mail that appears to come from a friend or a well-known institution (such as a bank, a credit card company, or PayPal) that asks you to click on a link, sign into an online account, or provide personal information, to supposedly rectify a security problem, prove your identity, or unlock a frozen account. The e-mail might be bogus or sent from a hacked account.

If you happen to fall for such a scheme, the criminal can quickly access your account and do business in your name. (If you manage to change the compromised account’s password immediately, you may be able to foil the thief). If you receive such an e-mail, delete it immediately.

This musical video, "Gone Phishing," delivers a serious message about how to avoid becoming a victim of phishing scams.

—Jeff Fox

Copyright © 2005-2014 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.