Jay wants to know if he should keep all apps closed while shopping online. Leo says not really. The real key is to make sure he's using "https" when he's shopping. That means the traffic is encrypted. What we learned from the Target breach is that it's the security afterwards, when they're storing the credit card number. Leo says that it's often possible to set up a one time only credit card that can only be used once or only with a single merchant.
Cross site scripting may be an issue, but only if the site itself has been hacked. Leo says it's far more risky giving a waiter a credit card while paying at a restaurant.