No one loves stay-at-home shopping more than I do. I save on gas, time, aggravation—and I can price compare to my heart's content. But online shopping also presents certain unavoidable hazards in today's global marketplace. Here are 10 ways I make sure my identity and personal information is safe when I shop online.
1. Look for the "HTTPS."
A truly safe shopping site will use "https" technology—the "s" stands for "secure." That little "s" means all the information you enter is encrypted (sometimes you will see a little "lock" image as well). In the image below, look for the red arrow showing you that my Amazon order is placed using an "https" encrypted secure payment page with a little “lock” image next to it.
2. Set a unique password.
A password is your first line of defense against scammers, hackers, identity thieves and other bad, bad online people. On that note, can you guess the two most popular passwords of all time? Would you believe they are: "123456" and "password?"
If you want to shop safely online, set up a unique password that is difficult to guess. If you have a hard time choosing passwords, let a password manager do this task for you.
- Check and see if your antivirus software has this functionality (many do today).
- Use a password manager like 1Password that syncs across devices.
Note: Experts suggest you create a unique password for each online shopping site (this can cut down the probability that a hacker who gains access to one of your online shopping passwords can then use that password elsewhere).
3. Use the safest possible payment option.
StaySafeOnline.org states that the safest payment option is by far the credit card. When you use a debit card, the money is already gone—and there’s generally no limit on how much can be withdrawn.
Benefits of credit cards:
- Credit card companies will dispute a charge for their customers.
- Credit cards typically have a limit on customers' liability for fraudulent charges.
- With a credit card, your cash is still safe in your account until the charge goes through.
Note: For extra security, use a disposable credit card (a gift card or gift Visa, MasterCard or other card you can throw away once the balance is zeroed out). Many of these cards can be reloaded with cash and reused, but if a cybercriminal gets the number, the only cash they can access is what's left on the card itself.
4. Do not mail a vendor cash!
If you are shopping online and the merchant has a policy of only accepting cash, cashier's checks or money orders, beware. In fact, shop elsewhere. You have no recourse whatsoever once your funds go out in the mail.
5. Keep all documentation until the coast is clear.
If you shop online, save everything. Save your order confirmation, your proof of purchase e-receipts, your order history, any online dialogues with the retailer, and your credit card statements. Save anything that could help you document what you bought, how much you paid, and what you are owed if something should happen to go awry.
6. Only complete online transactions when you have a secure Internet connection.
In this age of Wi-Fi hotspots, it is so easy to forget to check whether you are logged in to a public (shareable) or private (protected) hotspot. For your protection, shop only when you are connected to your own home Internet connection—and make sure you have a password on your home account to protect others from "sharing" it without your knowledge.
7. Update your software frequently.
Your best strategy here is to turn on automatic updates for each software program you use. This way you will never miss an update—especially one designed to fix newly discovered security flaws!
8. Ignore questionable emails.
Email is a useful tool for cybercriminals who wish to gain access to your home computer and the rich financial and identity data most people keep there.
Common email-based cybercrime scams to avoid:
- Messages with the appearance of urgency – "act now" is a dead giveaway.
- Messages that instruct you to open, download or forward a file.
- Any message from a sender or email address you do not recognize and cannot verify.
- Any message telling you to click a link to check "suspicious activity" on your account.
- Any offer that requires you to input personal data (financial, identity or otherwise) or make a cash payment in order to claim the offer.
- Emails to you that cc: a large number of hidden or unknown recipients.
- Emails that appear to come from known associates or friends that are impersonal with messages like "click here to check out this great deal I found!"
- Emails where the URL in the email address does not match the URL on the website link in the email itself.
9. Never, ever, ever give out your social security number to make a purchase.
There’s never a reason to give out your social security number when shopping online.
Information no online merchant needs:
- Complete birthdate (month/day/year)
- Driver's license number
- Social security number
10. Opt out of saving your financial data with online merchants.
Many stores will ask you if you want to save your financial data for future transactions. While this can save time if you return to make more purchases, since there is always a threat that the merchant may be hacked at a future time, your best bet is to re-enter your data every time you complete a transaction.
11. Retailers use geo-location and browsing history data to determine the price you will pay.
The Wall Street Journal conducted their own investigation of how online merchants set item prices—and discovered the price you see can change based on a number of factors. This is called "dynamic pricing" and it’s also now being considered a form of price discrimination in some circles.
The online pricing displayed for you may be calculated based on:
- Where the merchant's GPS says you live (you will see pricing tailored to your zip code).
- How close competing stores are to you (you will see lower prices).
- How close their stores are to you (you will see lower prices).
What you can do: The tools you have available will depend on your browser and OS (operating system). Here are some helps you can try.
- Keep your antivirus software fully updated and run it frequently (preferably once per day at the same time).
- Browse incognito (search "your browser name + private browsing" to get instructions).
- Use one browser for shopping…and a separate browser for purchasing.
- Disable your browser's third party cookies. (This will only work for non-Flash-based cookies!)
12. Retailers use "behavioral retargeting" to track you down elsewhere online when you leave their site!
"Behavioral retargeting" is the process of using your shopping session cookies (third party cookies) to display ads for the same or similar products as the one(s) you a) didn't buy or b) just bought, in the sidebars of other websites you visit.
Example: You were eyeing a pair of New Balance running shoes on Amazon. You left without buying the shoes. You log in to your Facebook account. What is the first thing you see along the right-hand sidebar (where ads are typically displayed)? A small ad for New Balance running shoes—the exact ones you were just looking at!
What you can do: There are a couple of different ways you can limit or eliminate how much retargeting a retailer can send in your direction.
- The best way to prevent retargeting from occurring is to prevent each website where you have an account (such as Facebook or Google) from using your cookies to display targeted ads (typically there is a setting you can select to prevent this from happening).
- You can also disable third party cookies in your web browser.
- You can clear your cookies every day or every few days (check your antivirus software to see if it can help with this during your daily scans).
- Finally, you can browse incognito on one website and buy on another website—just make this a habit to reduce your risk.