The rise of mobile apps and online stores has made it easier than ever for consumers to shop from their phones without the need to step into a store. But hackers and digital thieves have taken notice of the pool of mobile data as a growing opportunity for larceny.

Part of the reason for this is poor data practices by app developers — the storage of payment and personal data in apps — which leaves customer details ripe for the picking from devices. The other is the lack of good security practices by consumers. Whatever the cause, it’s an attractive target for fraudsters.

“Shopping apps are close to financial apps in what they store,” said Andrew Hoog, CEO of mobile security testing company NowSecure. “They store user names, passwords, credit cards, geolocation data and even buying habits.”

With that in mind there plenty of steps consumers can take to protect their data this holiday season. One of the steps Hoog recommends is avoiding public Wi-Fi as much as possible when making mobile purchases. The reason for this is by their open nature, public hotspots aren’t secure, and it’s easy for an attacker to either pose as a fake access point and gather data from connected users.

The next step is using a strong PIN or passcode with their device. About 43 percent of smartphone users don’t use any form of PIN, pattern lock or passcode, NowSecure data show. It’s also important to use strong passwords with mixed-case characters, numbers and symbols.

NowSecure Passcode Connecting to an unsecured Wi-Fi connection can leave consumers vulnerable to data theft by hackers. Photo: NowSecure

For extra security, shoppers also should check for and install software and app updates since developers will often send out important security patches on a regular basis.

One area of security that consumers tend to overlook is email links and shortened URLs sent over SMS, Hoog said. A shortened URL, such as those from, can hide the actual linked site. That makes it possible for consumers not to realize a link rather than directing them to an online store such as Amazon, brought them instead to one designed to steal information. “To get around that, shoppers should type the name of the website [to which] they want to go into Google, instead of clicking the link seen in their email,” said Hoog.

This holiday season 91 percent of consumers intend to make purchases through a mobile app, according to the Internet Retailer Mobile 500 report. This already was seen to some effect on Black Friday where more shoppers said they shopped online compared to in-store, according to the National Retail Federation.

Online data theft as a whole has been on the rise globally, with about just under 6,000 breaches that have occurred this year alone, according to Juniper Research. By 2020, that number is expected to rise to over 16,000, and on average, 500,000 consumer records have been exposed by a data breach. Mobile online e-commerce fraud and mobile payment fraud also have been on the rise, costing merchants $3.34 in fees per dollar of fraud losses in 2014, according to Lexis Nexis.