- Search the Internet safely. Even though search engines are very useful when you’re looking for products, reviews, or price comparisons, you run the risk of unintentionally clicking on ‘poisoned’ search results that could lead you to malware instead of your intended destination. These poisoned search results are created by cybercriminals that use search engine optimization (SEO) tricks – sometimes referred to as Black SEO – to manipulate search engine results to include malicious links.
- Type the URL into the address bar. Instead of just clicking a link to take you to your chosen retailer’s website, it’s safer to type the retailer’s URL into the address bar on your web browser. It may take a little more effort, but this simple action can help to prevent you visiting a fake or malicious website.
- Credit Cards. Use the safest way to pay on the Internet. Pay for your order using a credit card. The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong.
Get a temporary credit card. Some credit card companies will issue a temporary credit card number for their customers. These temporary numbers can be useful for one-time purchases. However, you should avoid using them for any purchases that require auto-renewal or regular payments.
Don't give out your credit card number(s) online unless the site is a secure and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but might provide you some assurance.
Check on your credit card statements. Check your bank statements on a monthly basis. Don't let them sit and pile up, anyone who uses a credit card could potentially be hacked and could become a victim through no fault of their own.
- Dedicate a computer to online banking and shopping. For added security, you could use a dedicated machine for online banking and shopping. This should be a ‘clean’ computer that is totally free of computer viruses and any other infections. In order to help keep it clean, the machine should not be used for any casual web browsing, social networking, or email. Install Google Chrome, with forced HTTPS.
- Use a dedicated email address. It’s worth considering creating an email address that you only use for online shopping. This can help you to reduce the risk of opening potentially malicious email or spam messages that are disguised as sales promotions or other notifications. If such messages are sent to your primary email address, you’ll be aware that there’s a fair chance that they’re fake or malicious.
- Manage and protect your online passwords. Using a password manager can help you to deal with multiple accounts and passwords – and to encrypt passwords that would otherwise be in plain text. Some antivirus and Internet security software products include password management and password security features.
- Beware of using public Wi-Fi. When you’re in a shopping mall – about to make a purchase – it can be useful to make a last minute comparison with the best deals that Internet retailers are offering. However, there can be security risks if you access the Internet via a public Wi-Fi network . Cybercriminals can intercept your data and capture your passwords, login details, and financial information. If you need to access the Internet when you’re out shopping, it’s safer to do so via your cellular network.
- Consider using your tablet. If you have a Linux-based device – such as a Samsung tablet or another device that runs the Linux operating system – it may be safer to use that for online transactions. Apple iPads may also be less likely to be exploited while you’re shopping online – provided that your device has not been jailbroken. However, always remember to avoid using a public Wi-Fi network – or there’s a risk your passwords and other data could be stolen.
- Before using the site, check out the security/encryption software it uses.
- Make sure you are purchasing merchandise from a reputable source.
- Send them e-mail to see if they have an active e-mail address and be wary of sellers who use free e-mail services where a credit card wasn't required to open the account. Consider not purchasing from sellers who won't provide you with this type of information.
- Check with the Better Business Bureau from the seller's area.
- Check out other web sites regarding this person/company.
- Don't judge a person/company by their web site.
- Be cautious when responding to special offers (especially through unsolicited e-mail).
- Be cautious when dealing with individuals/companies from outside your own country.
- Make sure the transaction is secure when you electronically send your credit card numbers.
- Trust your instincts. If you don't feel comfortable buying or bidding on an item over the web, or if you feel pressured to place your order immediately, maybe you shouldn't.
- Be knowledgeable about web-based auctions. Take special care to familiarize yourself not only with the rules and policies of the auction site itself but with the legal terms (warranties, refund policy, etc.) of the seller's items that you wish to bid on.
- Double check pricing. Be suspicious of prices that are too good to be true. Also consider carefully whether you may be paying too much for an item, particularly if you're bidding through an auction site. You may want to comparison shop, online or offline, before you buy. Make sure there are not extra shipping or handling costs.
- Review the return, refund, and shipping and handling policies as well as the other legal terms. If you can't find them, ask the seller through an e-mail or telephone call to indicate where they are on the site or to provide them to you in writing.
- Make sure the Internet connection is secure. Don't trust a site just because it claims to be secure. Before you give your payment information, check for indicators that security software is in place.
- Print the terms. You should print out and date a copy of terms, conditions, warranties, item description, company information, even confirming e-mails, and save them with your records of your purchase.
- Insure the safe delivery of your item. If you're concerned you may not be home when your package is delivered and that someone may take it if it is left on the doorstep, ask whether you can specify that the shipper must receive a signature before leaving the package. Or, it may be safer to have the package delivered to your office.
- Inspect your purchase. Look at your purchase carefully as soon as you receive it. Contact the seller as soon as possible if you discover a problem with it. Tell the seller in writing about any problems you have, ask for a repair or refund, and keep a copy of your correspondence.
Security for your online purchases:
Before purchasing online, you should assess the security of both your computer and the seller's systems. You can limit the risk of identity theft by shopping only on websites that disclose an effective data security policy. A data security policy explains how an online seller aims to protect your personal information. When guarding yourself against Internet crimes, also consider your payment options, account security, and malware protection.
How can I tell how an online seller secures my personal information?
Many online sellers describe their methods of protecting your personal information in the security, privacy, or FAQ section of their website. Typically, the description of a data security policy discusses technological security, physical security, and other relevant issues.
What happens if my personal information is stolen from an online seller that I have done business with?
Most online sellers will notify customers, affected businesses, and law enforcement agencies when a data breach occurs. The notification letter to customers usually describes how personal information was compromised and the seller's response to the data breach. While federal law generally does not mandate data breach notification to consumers, most states do require such notification.
What should I do if I am notified of a data breach?
Once you receive notification of a data breach, you should immediately place a fraud alert on your credit files. Instructions for placing a fraud alert can be found here. You should also monitor your accounts for evidence of unauthorized transactions. Some sellers offer free credit-monitoring services after a data breach to mitigate its effects. Check with the seller to find out if it offers these protections.
What if there are unauthorized charges on my credit card?
If you find charges on your credit card statement that you do not recognize, you should contact the issuer of the credit card. Federal law allows you to dispute and obtain records of the fraudulent actions resulting from the theft. The Fair Credit Reporting Act requires the seller (and other targeted businesses) to provide you and/or law enforcement agencies with transaction records related to the identity theft within 30 days of your written request.
How does the payment method I use affect the security of online shopping?
When selecting a payment method, you should give some thought to security. Most online sellers accept a variety of payment methods to make purchases, such as credit cards, debit cards, checks, prepaid cards, and gift cards. Some sellers accept payment through third-party payment processors such as PayPal, Google Wallet, and Amazon Payments.
Third-party payment processors pay the seller directly so you can avoid submitting payment information to the seller, which reduces the risk of dealing with a seller you are not familiar with.
Some credit card companies allow you to reduce the risk of fraud by offering single-use or virtual credit card numbers. Most major card issuers offer zero-liability policies, so that if your card is used fraudulently you will not have to pay anything. This goes beyond the requirements of federal law, which limits your liability to $50.
If you are uncomfortable submitting your payment information online, some sellers allow you to pay by phone or fax, or through the mail (a small additional fee may be assessed). Keep in mind that any payment information you submit offline likely is stored on the seller's servers.
Why does password security matter?
Your accounts with online sellers generally require a password for access. Anyone who obtains your password can access the account and make purchases without your knowledge, or acquire your personal information. So guard your accounts with strong passwords, and never disclose a password except when accessing the account yourself.
Records: How should you keep records about your purchase?
What documents should you keep when purchasing online?
- A printout of the web pages indicating the seller's name, postal address, and telephone number;
- A printout of the web pages describing the item(s) that you ordered;
- A printout of the web pages or pop-up screens that provide the seller's legal terms;
- Printouts of any e-mail messages (for example, confirmation messages) that you send to or receive from the seller. This includes:
- Those that might show that the seller indicated that the product would be suitable for the specific purpose for which you needed it,
- Those in which you notify the seller of problems with the merchandise that you have received; and
- Those that would show your good faith attempt to resolve with the merchant a charge that you do not feel should have been made to your credit card.
- Notes or e-mail confirmations of any telephone conversations that you have with the seller.