Safe online shopping: 10 tips to avoid getting burned

Here are 10 easy ways to ensure you're being as safe as possible when shopping online.

You need to buy some gifts. You need to buy them quickly. You can (a) brave the madness of holiday retail shopping at your local mall, rife with screaming children and airborne contagions, or (b) kick back at home and buy all your gifts online, accompanied by nothing more obnoxious than a warm cup of cocoaor a cold glass of wine.

We'll take the online shopping option. We're civilized adults at PCWorld, and we're not interested in rubbing shoulders with rabid mall zombies unless we have to.

But the world of online shopping isn't all hot chocolate and chardonnay. Buying gifts via a Web browser certainly speeds up one's shopping regimen, but it also bears risks. Here are 10 easy ways to lock down your Web security this season, and still get all your shopping done in time.

Keep your browser updated

Start at the beginning. Whether you use Chrome, Firefox, or Internet Explorer, updating your browser will help to ensure that youre getting the most up-to-date security protection.

Using Windows Update will take care of Internet Explorer. Firefox and Chrome should keep themselves current by automatically checking for updates.

To confirm whether you have the latest version of Firefox, click the Firefox tab in the top-left corner, find the help menu, and click About Firefox. In Chrome, click the settings button at the top-right corner of the window and click About Google Chrome; if you see a green checkmark, that means you have the latest version.

Install malware-protection software

Another thing to check before you binge-shop is your security software. The market has no shortage of utilities dedicated to protecting your computer from malicious attacks. G Data Internet SecurityNorton Internet Security, and Bitdefender are all applications that have tested well at PCWorld.

You can even find plenty of free applications for protecting your computer from malware and Internet attacks that could result from an unfortunate online shopping session. The bottom line: Antimalware programs can't protect you from all attacks, and they certainly can't catch "social engineering" exploits. But in this day and age, it's silly not to use some sort of baseline protection.

Buy from reputable online stores and sellers

If youve never heard of the site youre considering a purchase from, you have a number of ways to make sure it is legitimate.

Third-party organizations such as the Better Business Bureau Online and Truste give seals of approval to sites that meet their security and privacy standards.

Also, comparing products on sites like Bizrate can give you confidence that you're getting a fair price.

For example, searching for "iPad" on Bizrate provides a list of online retailers that sell the tablet, offering you an easy way to compare prices and read firsthand customer accounts of their experiences with specific retailers.

Look for the address-bar padlock symbol

A webpage should always be Secure Sockets Layer (SSL)-encrypted if you plan to use your credit card information to shop. SSL encryption ensures privacy by restricting the computers that can access the data being transferred, limiting access to you and the online retailer exclusively.

Most browsers indicate that the encryption is active with a padlock icon near the address bar, and the URL is preceded with https:// instead of http://, as shown below.

Give out as little information as possible

Beware of nosy questions seeking personal information. For instance, a reputable online retailer will never need your Social Security number.

Generally its a good practice to give out the least amount of information the seller requires, so look over the required fields on forms and fill them out accordingly. Use the minimum number of fields that will allow your purchase to proceed.

Never give out your credit card number over email

Its simple: Legitimate retailers will never ask for your credit card information or other sensitive personal details over email.

As mentioned above, the only time you should give out your credit card number and other personal info online is when you are on an SSL-encrypted webpage operated by a trusted retailer.

Use online payment services such as PayPal

Services like PayPal, Bill Me Later, and PaySimple keep your credit-card information stored on a secure server, and then let you make purchases online without revealing your credit details to retailers.

PayPal also says that it monitors accounts for suspicious activity and covers most unauthorized transactions.

If shopping on a mobile device, stick to apps you know

Why power up the computer when you can shop easily from your smartphone?

Mobile shopping presents its own set of security issues, but a good rule of thumb is to use apps that came directly from retailers, and to make purchases inside those apps, if possible.

It's also wise to download apps only from sources you trust, such as the Apple App Store or Google Play.

Lastly, never make purchases over public, unsecured Wi-Fi. For example, connecting your phone to Starbucks' Wi-Fi and then shopping on Amazon could leave your personal information at risk.

Know your rights

In the United States, online purchases you make with a credit card are protected by the Fair Credit Billing Act, which limits your responsibility for fraudulent or erroneous charges to $50.

Consumers are required to write a physical letter within 60 days detailing any complaint to the retailer, with a return receipt acting as proof that the creditor received the letter.

The Federal Trade Commission provides an example letter, so all you need to do is fill in the blanks with your information.

Use common sense

If a deal online seems too good to be true, it probably is.

If anything seems suspiciousfor instance, if a retailer refuses to provide details on a product or avoids answering billing questionsthe best practice is to avoid it and shop with a tried-and-true online retailer instead.

Additionally, you should never feel pressured to give out information. If a retailer is requesting something from you that makes you uncomfortable, it's probably time to take your business elsewhere.

For more online shopping tips, check out these sites:

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecurityshoppingbrowserssoftwareholiday seasonsecurity software

More about Amazon Web ServicesAppleBillFederal Trade CommissionGoogleNortonPayPalStarbucks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Homnick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts