10 Tips for Shopping Online Safely
In This Article
• Understanding the risks
• Browsing securely
• Using safe WiFi
• Creating strong passwords
• More simple precautions
(No time to read right now? Just want to see the list of things to know? Here you go.)
Online shopping is great — who wants to deal with parking and crowds at the mall when you just could sit in front of your computer in your pajamas and buy things?
But with that convenience comes risks. The most obvious is that your credit card information gets stolen. You may not discover this until your next bill arrives and you see purchases you did not make. Your info might leak due to issues on your end or the online merchant could have a data breach. Either way, it’s a situation you really don’t want to find yourself in.
Another risk is identity theft. For most online transactions, you have to provide payment information and also your name, address, phone number, etc. A hacker who’s able to grab that info is on his way to stealing your identity.
You also don’t want to be the victim of a “bait-and-switch”. Since you can’t actually see or touch the actual product you’re ordering online, there is a risk that what you get is not what you thought you bought.
To enjoy the convenience of online shopping, while minimizing the risks, we offer the following advice…
Tips for Safe Online Shopping
1 Browse Securely — Make sure you have a secure connection to the website you’re shopping on. You must see an “s” at the beginning of the web address so it looks like “https” and not just “http”. Some web browsers show the word “secure” near the web address and/or display a “padlock” icon which, when clicked, should show something like “connection is secure”.
A secure connection means that information coming into and going out of your web browser is encrypted (“scrambled”) so that if a hacker somehow sees the info, it'll just look like a bunch of random characters. But your browser and the website know how to understand the info.
2 Pay Attention to Browser Warnings — When your web browser establishes a connection to a website, it checks the security certificate of the site. If the browser sees something wrong – maybe an expired certificate or one issued to a different site – it will display a warning message. Do not ignore this! Your browser is trying to protect you, so let it do so.
A security certificate is a type of electronic document that proves the ownership of a website.
3 Avoid Keyloggers — A keylogger is a physical devices attached to your computer (without your knowledge or permission) or software installed via malware. It watches what you type and sends it to hackers. Make sure there are no unknown devices connected to your computer. And make sure to periodically run anti-malware scans.
Malware is any type of malicious software secretly installed by hackers to do bad things. Sometimes it's detectable and removable, but sometimes it's not.
4 Only Use Secure WiFi — It’s best to do your online shopping when you're on your home network. Don't trust public WiFi networks (like at Starbucks, McDonald's, or the airport). Even if they require a password to connect, everyone else on the same network (including hackers) has the potential to see the information leaving your computer. If you really need to use a public WiFi network, read our advice first.
Secure WiFi is a wireless connection network provided by your own home network or by someone you trust.
5 Use a VPN — For the best security, use a virtual private network (VPN). This is software that helps encrypt (scramble) the data that goes between your computer and remote websites. There are free and paid versions available, with various pros and cons.
We're preparing a detailed article to help you decide which VPN is best for you, so check back later (or sign up for our free newsletter to be notified when the article is ready.)
6 Use Credit, Not Debit — Consumer protection laws in the United States limit your responsibility for fraudulent purchases made with credit cards. But debit cards are linked directly to your bank account and no such protection. You might be able to get your money back from a fraudulent purchase, but it could take a while and be quite a hassle. So stick to credit cards for online purchases.
7 Use a Credit Card with Features — Some credit cards offer “buyer protection” and/or “fraud alert” features, so try to use cards that have them. These features help make your online shopping safer because they catch potential fraud faster and help protect you if something slips through.
It's also a good idea to set up “spending amount” alerts — either per purchase or per day. That way, if someone tries to use your credit card info for a large purchase, you'll get an email alert and can contact your credit card company.
8 Use a Strong Password — If you create an account at an online merchant's website, it's critical to use a strong password. (Weak passwords are like a bank having the door to its vault made of paper.) A strong password is at least 12-18 characters long, uses a variety of characters (lowercase letters, UPPERCASE letters, numb3r5, and speci@l symb@ls), and is easy for you to remember but hard to guess.
It's safest to never write down passwords anywhere, but if you must, do something clever like putting them on recipe cards in your kitchen. Never put them anywhere near your computer.
9 Choose Credit Cards that Offer 2FA — When selecting a credit card, choose one that offers “two-factor authentication” (2FA) on its website. (Sometimes it's called “MFA” for “multi-factor authentication”.) This means that in addition to your username and password to gain access, you'll need to provide a code typically texted or emailed to you. This extra layer of security makes it harder for hackers to get into your account.
Yes, this extra step is annoying and, unfortunately, it's not foolproof. But it will cause hackers to go after easier targets instead of you.
10 Restrict Shopping to Trusted Merchants — Bigger and better-known online merchants tend to have much better online security than smaller ones. Even if a small or local merchant uses secure connections (“https”) to their website, they may be using third party services to manage payment and customer data that aren't as secure. It's safer to stick with Amazon and other familiar merchants.
Even when using trusted merchants, pay attention to tips 1 and 2 above.
BONUS TIP: Go Directly to a Merchant's website — Instead of clicking a link in an email to get to a merchant's website, enter their web address directly in your web browser. Sometimes hackers will send out emails that look like they're coming from a well-known merchant, and the link goes to a website that looks legitimate, but it's actually the hacker's site and set up to steal your credit card and other information.
Are these tips useful? Do you have questions?
We hope you found these tips useful! If you have any question about shopping online safely, please let us know.
Want More Info Like This?
Get our Free Newsletter