For the past four years, about six in 10 consumers have preferred to make their holiday gift purchases online, according to a 2016 American Express report.

Surfing the web for the perfect gifts and booking holiday travel online should be an enjoyable experience, but too often, consumers find themselves being taken in by identity thieves. When that happens, it brings an abrupt end to that spirit of holiday cheer.

In 2016, 15.4 million Americans went through the stress that comes from various forms of identity fraud, according to data by Javelin Strategy & Research and LifeLock, a provider of identify theft prevention services. That’s up from 13.1 million in 2015.

Adam Levin, a nationally recognized expert on identify theft and author of “Swiped,” says the presence of in-store, card-present fraud has declined with the release of credit and debit cards with chips. However fraudsters are simply doubling down on fraud involving the internet, where so many consumers doing their shopping these days anyway.

“It’s kind of a double-edged sword,” he says. “As we evolve and things are easier, when you get the interplay between privacy and security and convenience, oftentimes convenience wins, which means that somewhere down the road the consumer loses.”

Here are five ID theft tips to help you continue to enjoy the convenience of online holiday shopping without the risks.

1. Use credit cards — not debit cards — for all online shopping

An estimated 64 percent of holiday shoppers use debit cards for purchases, according to the AARP.

But you’re putting yourself at greater risk by using debit cards online. The same liability protections that cover credit card fraud do not always apply to debit cards. Many credit cards come with zero fraud liability offers, which means you aren’t liable for any fraudulent charges. But losses from debit card fraud could be much more extensive.

On top of that, you’re also taking a risk of someone gaining access to your checking account.

“You’re actually without the money you use to meet your basic needs. That can be much harder for people, particularly if it takes a couple of days, or even a week, to get all of that back in line and demonstrate that you were victimized,” says Eva Velasquez, CEO and president of the Identity Theft Resource Center.

She adds that using a debit card as a credit card and signing your name instead of entering a pin number isn’t the same. The protections are still not strong enough if you become the victim of identity theft.

Pro tip: If you don’t want to use credit cards, purchase a Visa or Amex gift card and load the card with just enough funds to do your online shopping. Alternatively, you could make sure only a small sum is in the checking account that you use for online shopping.

2. Don’t buy online while using public Wi-Fi hotspots

Public Wi-Fi seems to be, well, public, available everywhere these days. A good rule to follow is to browse, but never enter your sensitive information on a public network while sipping your gingerbread latte in a crowded coffee shop.

“You have to realize, anytime you’re on public Wi-Fi, if you’re not using a VPN, you really are making all of your behavior available to anyone who wants to see it,” Velasquez says. “It doesn’t mean that anytime you log into public WI-FI someone is watching. It just means that they could be.”

Here are things to look for if you only have access to public Wi-Fi and want an extra measure of comfort using it.

  • Make sure any website you visit is prefaced with https, not just http.
  • Make sure it has a secure lock icon.
  • Make sure you connect to the correct network.

3. Manage your passwords

Passwords are your first line of defense when it comes to protecting your identity.

There are several steps you can take to make an undecipherable password, such as avoiding the use of any information someone could learn about you from social media, online bios or publicly available information.

Lying is typically not the best answer to problems, but in the case of security questions, Levin says it’s the best option. Setting answers that people won’t be able to guess from your publicly available information is a smart move. For example, if your security question is “Where did you and your spouse get married?” You might put a fake location, like ‘the moon,’ as a way to thwart hackers.

Another good idea is to use two-factor authentication options, where an unfamiliar device trying to log into an account will have to confirm through responding to an email or, “better yet,” a cellphone.

Levin says 51 percent of people use the same password across accounts, and while it may be easy to remember, if you’re compromised in one place, it’s that much easier for hackers to compromise your other accounts. His advice? Get a trusted password manager, a single, secure account to help you access all of yours.

4. Slow down the shopping frenzy

While a Department of Justice study says that the majority of victims resolve their issues within a day, paying attention and not rushing into the thick of the holiday bustle can help you spot shady websites or notice if you’re on an insecure site. You also can spend more time researching the shopping app you are tempted to download or the charity you want to support.

So even if time is running out to finish your holiday shopping, slow down. You’ll make better decisions, and that can reduce your chances of being a victim of identity theft.

“I think we make the most mistakes when we’re frantic and in a hurry,” says Velasquez, also former vice president of operations for the San Diego Better Business Bureau.

5. Make your charity list and, as the saying goes — check it twice

Scammers will set up fake charities and spoof actual charities, using similar names to confuse potential donors. In the weeks following Hurricane Katrina in 2005, the FBI identified at least 4,000 fake storm-relief charities, according to CharityNavigator.org.

Levin advises that if a charity calls asking for a donation, you should ask it to send information, including 501(c)(3) documentation, to verify its legitimacy.

Even then, he says, you should research it independently through the IRS, your state attorney general’s office, or one of several reputable third-party sites like Charity Navigator or GuideStar that can show you whom to trust and where the money goes.

Even if a charity checks out, take a look at its numbers. If it’s spending a lot of money on overhead and comparatively little on the people it’s intended to help, you might want to look for another organization to aid.

“Legitimate charities have costs,” Velasquez says. “They have staff that they have to pay. They have rent that they have to pay. So you certainly don’t want to see a large percentage, you don’t want to see like 80 percent goes to our overhead and 20 percent goes to our mission. That’s ridiculous.”

Be mindful of these tips as you shop online and research year-end gifts this holiday season.

“When we first started with shopping online, in some ways I feel like there were more scams than legitimate service offerings,” Velasquez says. “I don’t think that’s the case anymore. However, there still are plenty of scams out there, and they work.”

MagnifyMoney is a price comparison and financial education website, founded by former bankers who use their knowledge of how the system works to help you save money.