myID.com

We're Here to Help.

EMAIL

Safe Online Shopping

March 2011

Introduction

Shopping online is easy, convenient, and even fun, but having 24/7 access to millions of online retailers has its dangers. Between phishing scams, virus threats, data theft and more, consumers who spend money online could unknowingly expose their personal information on the Internet and become victims of identity theft. In this article, we will examine how to protect your privacy online and how to avoid identity theft while engaging in e-commerce.

Identifying Safe Online Retailers and Websites

One of the easiest ways of determining whether or not a website will keep your personal information private is by looking at the Uniform Resource Locator (URL), or website address. Websites that have an SSL (Secure Sockets Layer) utilize security technology to create a link between your server and browser, thus keeping data private.  [1] If the website you are visiting begins with HTTPS:// (rather than the usual http://), then it is encrypted with an SSL, which is what you want. When you’re using a site with this technology, you’ll see a padlock icon on the bottom right hand corner of your browser window. [2]

A survey conducted by ResearchNow for the security firm Webroot revealed that 52% of online consumers do not check for an HTTPS connection before making purchases and that 23% feel safe when using free, public wireless connections for e-commerce. [3] These figures prove that consumers need more education and awareness about how to protect their personal information online.

Online shoppers should also look for trustworthy seals of approval on shopping sites. To verify the validity of a seal, click on it to make sure you are brought to the security service it displays. [4] Here’s a quick rundown of the three most important seals consumers should look for:

Security Seals – Confirmation that the site has SSL protection.

  • Examples include: Verisign, Comodo, GeoTrust

Vulnerability Seals – Indicate that a third party scans this site regularly to check for weaknesses.

  • Examples include: HackerSafe, SquareTrade
  • Note that some companies perform their own scanning, so a missing vulnerability seal does not necessarily mean the site is dangerous.

Privacy Seals – Convey that your personal information is protected.

  • Examples include: TRUSTe, BBB Online Privacy, ESRB Privacy
  • Privacy seals are the most difficult to obtain because the companies must undergo a long certification process.
  • If you experience any problems with a website that displays a privacy seal, you may file a complaint directly with the agency that issued the seal. [5]

Another useful resource for finding safe online retailers is the Better Business Bureau (BBB). They list safe shopping sites on the BBBOnLine’s Consumer Safe Shopping Site which offers free BBB reports for consumers to view. All companies included in this list each showcase the Accredited Business seal on their website and comply with the BBB Code of Business Practices.

Lastly, online shoppers should try to stick to familiar websites for their e-retail therapy. A highly recognizable online store such as Amazon, or familiar retail stores like Target and BestBuy are likely trusted sites. Make sure you’re not fooled by knock-off sites with the name of a recognizable retailer but whose URL ends in “.net” instead of the usual “.com.” [2]

Beware of Scams

Online scams are prevalent, and hundreds of innocent people fall for scammers’ hijinks every day.  In fact, 57% of more than 2,600 people in Australia, the United Kingdom, and the United States have received phishing scam emails disguised to look like they came from a reliable company. Scams like these are particularly rampant around big shopping holidays like Black Friday and Cyber Monday. [3]

Don’t be fooled. Realize that no reputable online retailer will ever ask for detailed identifiable information like your social security number. [2] Also, if you receive an email from an online retailer that suggests they are having problems with your order and need more financial information from you, watch out. This is most likely a scammer at work. Your best action is to call the contact number listed on the site where you made your purchase to confirm that there was a problem with your transaction. [6]  Do not click the links provided in the email.  Rather, log on to the website by typing the address directly into your browser.

Creating Secure Passwords

A password is your first method of defense against hackers and the easiest way to protect yourself from identity theft. Stay away from using any personal information within your password; this is a hacker’s easiest guess. In fact, avoid using real words all together. Instead, choose a mnemonic based on personal information. These passwords will be the easiest to remember and the most difficult for hackers to crack. Since most passwords are case-sensitive, it is also a good idea to combine various character types—using uppercase, lowercase, some numbers, and special characters—to add complexity. [7] Remember to never share your passwords with anybody and change them at least every three months.

Safest Payment Methods

Although hackers and scammers can and do steal credit card numbers or hack e-retailer sites, using a credit card is still deemed the safest method of payment by experts. [8]

“The strongest protections are when you pay by credit card,” agrees Carole Reynolds, a senior lawyer at the Federal Trade Commission (FTC).

Credit cards often come with extra, built-in protection from identity theft and disputing unauthorized charges on credit cards is far easier than if you use a debit card. If somebody gets a hold of your debit card information they, in essence, have immediate access to your checking account. However, for online purchases made with a credit card, a consumer’s maximum liability for unauthorized use is zero dollars. [4] Also, federal law allows consumers to dispute charges on credit cards for purchases they never received. [6]

Using a single online purchasing service like PayPal, Google Checkout, or BillMeLater is a solid option since shoppers can provide their personal information to just one known company rather than an unfamiliar retailer. Be aware, however, that it may be difficult to get a refund from those accounts if you discover unauthorized usage. [4]

Tips for Safe Online Shopping

Staying safe while shopping online can be challenging. Below is a list of tips to help you protect your privacy and identity theft:

  1. Keep your computer protected. Maintain up-to-date software including anti-virus, anti-spyware spam filters, and a secure firewall. [6]
  2. Stay private. Keep personal and identifiable information to yourself. If an online retailer is requesting private data, consider that a red flag and purchase elsewhere.
  3. Create a secure password. Use mnemonics based on personal information, change your passwords often, and avoid sharing them with anyone.
  4. Beware of phishing schemes. Emails “phishing” for financial data are most likely scams. Report suspicious emails to the retailer’s site administrator immediately.
  5. Shop only on secure sites. Make sure your connection is secure with an SSL Certificate (https vs. http) and look for trustworthy seals of approval.
  6. Do your research. Check the online retailer’s reputation by looking at their consumer rating or checking customer evaluation sites like Epinions.com or BizRate. [9]
  7. Understand privacy policies. Take a moment to read the site’s privacy policy so you know exactly how your information will be processed and stored. If a privacy policy isn’t posted, be aware that your information may be sold to third parties without your awareness or consent. [6]
  8. Opt out of storing personal information. Many online shops offer faster shopping methods if you choose to store your shipping address, credit card number, etc. Keep in mind that if their site has a breach of security, your data could be exposed. [10]
  9. Pay with a credit card. This has been deemed the safest method of payment for online transactions.
  10. Keep receipts. Always print out a receipt of your transaction with your order number and purchase price as confirmation in case any troubles arise. [8]
  11. Demand a refund when necessary. Federal law states that online orders must be shipped by the date promised or delivered within 30 days of purchase. [6]
  12. Stay home. Use your own personal computer rather than shop from public computers at cafes, libraries, or elsewhere. If you use your laptop away from home, avoid shopping on public Wi-Fi connections. [2]
  13. Avoid shopping on your cell phone.  Although one in five adults will most likely be banking on their cell phones by 2015, according to Forrester Research, shopping online is a different story right now. If your phone is lost, stolen, or remotely hacked, your personal and financial information could be exposed. [11]
  14. Avoid purchasing gift cards at auction or on sale. When purchasing a gift card online, avoid auction sites like eBay which could be scams. [2]
  15. Be vigilant. Monitor your bank statements and credit card accounts for unusual activity. Also, take advantage of your right to a free credit report each year to ensure all noted activity is authorized.
  16. Report issues immediately. If you discover suspicious activity on any of your financial statements or online accounts, report the circumstances right away to your financial institutions.
  17. Trust your gut. If an online shopping deal seems too good to be true, it probably is.

Helpful Online Resources

Better Business Bureau (BBB)
Federal Trade Commission (FTC)
Verisign
National Association of Attorneys General
National Cyber Security Alliance
Electronic Privacy Information Center
Connect Safely
Privacy Rights Clearinghouse
Privacy.org
Electronic Frontier Foundation
Center for Digital Democracy
Truste

References

  1. FAQ: What is SSL?SSL.com. Retrieved on March 12, 2011.
  2. Griffith, Eric. (2010, November 29). “11 Tips for Safe Online Shopping.” FoxNews.com. Retrieved on March 6, 2011.
  3. Schwartz, Mathew J. (2010, November 24). “Consumers Ignore Safe Online Shopping Guidance.” Informationweek.com. Retrieved on March 6, 2011.
  4. Richmond, Riva. (2010, March 17). “Reducing the Anxiety of Paying Online.” NYTimes.com. Retrieved on March 12, 2011.
  5. Making Sense of Web Site Privacy and Security Seals.” Truste.com. Retrieved on March 12, 2011.
  6. Wouters, Jorgen. (2010, November 29). “Top 10 Cyber Monday tips for safe online shopping.” MSNBC.com. Retrieved on March 6, 2011.
  7. Bradley, Tony. (2010, January 22). “Creating Secure Passwords You Can Remember.” PCWorld.com. Retrieved on March 13, 2011.
  8. BBB’s Top 10 Tips for Safe Online Shopping.” (2010, November 22). NewJersey.BBB.org. Retrieved on March 6, 2011.
  9. Online Privacy & Safety.Microsoft.com. Retrieved on March 12, 2011.
  10. Nape, Denise. (2011, February 24). “Be sure your identity is secure when shopping online.” NapervilleSun.com. Retrieved on March 6, 2011.
  11. Weston, Liz. (2011, February 25). “Is it safe to bank by cell phone?Money.msn.com. Retrieved on March 13, 2011.

  • Recent Blog Articles

  • RSS Recent Blog Articles

    • Wise Up Your Smartphone April 26, 2012
      Not so long ago, losing your mobile phone meant the additional expense of replacing it and possibly, someone charging up additional minutes on your bill.  Today the stakes are higher.  With the ownership of smartphones on the rise, the ability to store more information on your phone can now lead to identity theft opportunities if [...] […]
    • Protecting Yourself While on Vacation April 11, 2012
      Spring is here and for many that means gearing up for a bit of rest and relaxation with a spring break vacation or, at the very least, planning a fun-filled trip in the summer months to come.  However, the planning shouldn’t stop at selecting your dream destination and accommodations.  Unfortunately, identity thieves are everywhere, and [...] […]
    • Steps to Take if a You’re a Victim of Tax Fraud March 20, 2012
      We previously discussed the issue of identity theft when it comes to filing taxes.  Identity thieves use other people’s Social Security numbers (SSN) to file tax returns and claim refunds that aren’t theirs to take.  If the Internal Revenue Service (IRS) tells you it already has a return for your SSN when you file your [...] […]
    • Identity Theft During Tax Season February 29, 2012
      With most things in life, where there’s a will, there’s a way.  And, identity theft is no exception.  Identity thieves are always on the prowl for ways to scam the system at the expense of innocent individuals, even when it comes to filing taxes. A recent story in The Los Angeles Times reported that the [...] […]
    • Don’t Throw Away Your Identity February 13, 2012
      It’s easy to realize that there is an endless array of technology-enabled methods identity thieves can use to steal your identity, but it’s important to realize identity theft is also easily accomplished through low-tech methods.  MyID.com™ helps to protect you online.  But offline, it’s important that you take measures to steer clear of becoming a [...] […]