Billions of dollars are spent shopping online ever year. While most transactions will be uneventful, security on those purchases is not a given. These tips can help.
Updated May 18, 2020
There’s every reason in the world to shop online. The bargains are there. The selection is mind-boggling. The shopping is secure. Shipping is fast. Even returns are easy, with the right e-tailers. Shopping has never been easier or more convenient for consumers. And in the age of COVID, it’s safer than going out even if you’re fully masked and gloved.
But what about the bad guys? It happens. The FBI’s own Internet Crime Complaint Center (IC3) says the number one cybercrime of 2019 in half the 50 states was related to online shopping: non-payment for or non-deliver of goods purchased.
Stay calm. While somewhat alarming, these stats should not keep you from shopping online. You simply need to use some common sense and follow practical advice. Here are basic guidelines; use them and you can shop with confidence.
Use Familiar Websites
Start at a trusted site. Search results can be rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it’s less likely to be a rip-off. We all know Amazon.com carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, sales on these sites might look enticing, but that’s how they trick you into giving up your info. (Photo by Quinn Rooney/Getty Images)
Look for the Lock
Never buy anything online using your credit card from a site that doesn’t have SSL (secure sockets layer) encryption installed—at the very least. You’ll know if the site has SSL because the URL for the site will start with HTTPS—instead of just HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below; it depends on your browser. HTTPS is standard now even on non-shopping sites, enough that Google Chrome flags any page without the extra S as “not secure.” So a site without it should stand out even more.
Blur Yourself Online
Abine’s Blur is a browser add-on that acts as a basic password manager and oh so much more. For $39 a year, it’ll let you shop without revealing anything about your actual self—no emails, phone numbers, or even credit card numbers. It’s one of the most impressive online privacy solutions we’ve ever seen. Read our full review.
Create Strong Passwords
We once asked PCMag readers if they frequently changed their passwords. Eleven percent claimed they did it every day, but those people are either paranoid, liars, or paranoid liars. The vast majority only change a password to protect privacy a few times a year (27 percent) or more likely, never (35 percent).
If you’re going to be like the latter group, we will again beat this dead horse about making sure that you utilize uncrackable passwords. It’s never more important than when banking and shopping online. Our old tips for creating a unique password can come in handy during a time of year when shopping around probably means creating new accounts on e-commerce sites.
Even your perfect password isn’t perfect. The smarter move: use a password manager to create uncrackable passwords for you. It will keep track of them and enter them, so you don’t have to think about it.
Inoculate Your Computer
Swindlers don’t sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against malware with regular updates to your antivirus program. Better yet, pay for a full-blown security suite, which will have antivirus software, but also will fight spam, spear-phishing emails, and phishing attacks from websites (the latter two try and steal your personal info by mimicking a message or site that looks legit). Remember, it’s not enough to have it installed. Make sure your anti-malware tools are always up to date. Otherwise, they can let in any new threats—and there are always new threats.
Privatize Your Wi-Fi
There’s no real need to be any more nervous about shopping on a mobile device than online. Simply use apps provided directly by the retailers, like Amazon and Target, even McDonalds or Chipotle. Use the apps to find what you want and then make the purchase directly, without going to the store or the website.
Skip the Card, Use the Phone
Paying for items using your smartphone is pretty standard these days in brick-and-mortar stores, and is actually even more secure than using your credit card. Using a mobile payment app like Apple Pay generates a one-time-use authentication code for the purchase that no one else could ever steal and use. Plus, you’re avoiding card skimmers—hell, you don’t even need to take your credit card with you if you only go places that accept phone-based payments. How does that matter if you’re online shopping? Many a phone app will now accept payment using Apple Pay and Google Pay. You just need your fingerprint, face, or passcode to make it happen instantly.
Count the Cards
When it comes to gift cards, stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them. There are many gift card “exchanges” out there that are a great idea—letting you trade away cards you don’t want for the cards that you do—but you can’t trust everyone else using such a service. You might get a card and find it’s already been used. Make sure the site you’re using has a rock-solid guarantee policy. Better yet, simply go directly to a retail brick-and-mortar store to get the physical card.
Check the Seller
If you’re wary of a site, perform your due diligence. The Better Business Bureau has an online directory and a scam tracker. Yelp and Google are full of retailer reviews. Put companies through the wringer before you plunk down your credit card number. There’s a reason that non-delivery/non-payment is the most common cybercrime complaint: it hurts when that happens, financially and emotionally.
That said—online reviews can be gamed. If you see nothing but positive feedback and can’t tell if the writers are legitimate customers, follow your instincts.
If nothing else, make absolutely sure you’ve got a concrete address and a working phone number for the seller. If things go bad, you have a place to take your complaint. In fact, call them before you order so you can clarify a return policy and where to go with any issues after the purchase.
Complain Loud and Proud
Don’t be embarrassed if you get taken for a ride while online shopping. Instead, get very, very mad. Complain to the seller. If you don’t get satisfaction, report it to the Federal Trade Commission, your state’s attorney general, even the FBI. That’s probably going to work best if you buy in the US, rather than with foreign sites. If you’re going to get scammed, try to get scammed locally… or at least domestically.
Shopping Best Picks
- WFH Livesavers: 14 Things We Bought to Boost Our Home Offices
- How to Buy Everything Apple Announced at WWDC
About Eric Griffith
Eric has been writing about tech for 28 years. He was on the founding staff of Windows Sources, FamilyPC, and Access Internet Magazine (all defunct, and it’s not his fault). He’s the author of two novels, BETA TEST (“an unusually lighthearted apocalyptic tale”–Publishers’ Weekly) and KALI: THE GHOSTING OF SEPULCHER BAY. He works from his home in Ithaca, New York.