14 Tips for Safe Online Shopping

Start at a trusted site. Search results can be rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it’s less likely to be a rip-off. We all know Amazon.com carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, sales on these sites might look enticing, but that’s how they trick you into giving up your info. (Photo by Quinn Rooney/Getty Images)

Never buy anything online using your credit card from a site that doesn’t have SSL (secure sockets layer) encryption installed—at the very least. You’ll know if the site has SSL because the URL for the site will start with HTTPS—instead of just HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below; it depends on your browser. HTTPS is standard now even on non-shopping sites, enough that Google Chrome flags any page without the extra S as “not secure.” So a site without it should stand out even more.

No online shopping e-tailer needs your Social Security number or your birthday to do business. However, if crooks get them and your credit card number, they can do a lot of damage. The more scammers know, the easier it is to steal your identity. When possible, default to giving up as little personal data as possible. Major sites get breached all the time. 

If you’re going to be like the latter group, we will again beat this dead horse about making sure that you utilize uncrackable passwords. It’s never more important than when banking and shopping online. Our old tips for creating a unique password can come in handy during a time of year when shopping around probably means creating new accounts on e-commerce sites.

Don’t wait for your bill to come at the end of the month. Go online regularly, especially during the holiday season, to view electronic statements for your credit card, debit card, and checking accounts. Look for any fraudulent charges, even originating from payment sites like PayPal and Venmo. (After all, there’s more than one way to get to your money.)

You should definitely only buy online with a credit card. If your debit card is compromised, scammers have direct access to your bank funds. Any seller that wants a different kind of payment, like wired money, is a big red flag. The Fair Credit Billing Act(Opens in a new window) ensures that if you get scammed, you are only responsible for up to $50 of credit card charges you didn’t authorize. There are protections even if you’re not happy with a purchase you did make.

If you see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only when you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems, however; after that, you might be liable for the charges anyway.

Swindlers don’t sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against malware with regular updates to your antivirus program. Better yet, pay for a full-blown security suite, which will have antivirus software, but also will fight spam, spear-phishing emails, and phishing attacks from websites (the latter two try and steal your personal info by mimicking a message or site that looks legit). Remember, it’s not enough to have it installed. Make sure your anti-malware tools are always up to date. Otherwise, they can let in any new threats—and there are always new threats.

Paying for items using your smartphone is pretty standard these days in brick-and-mortar stores, and is actually even more secure than using your credit card. Using a mobile payment app like Apple Pay generates a one-time-use authentication code for the purchase that no one else could ever steal and use. Plus, you’re avoiding card skimmers—hell, you don’t even need to take your credit card with you if you only go places that accept phone-based payments. How does that matter if you’re online shopping? Many a phone app will now accept payment using Apple Pay and Google Pay. You just need your fingerprint, face, or passcode to make it happen instantly. 

When it comes to gift cards, stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them. There are many gift card “exchanges” out there that are a great idea—letting you trade away cards you don’t want for the cards that you do—but you can’t trust everyone else using such a service. You might get a card and find it’s already been used. Make sure the site you’re using has a rock-solid guarantee policy. Better yet, simply go directly to a retail brick-and-mortar store to get the physical card.

If you’re wary of a site, perform your due diligence. The Better Business Bureau has an online directory(Opens in a new window) and a scam tracker(Opens in a new window). Yelp and Google are full of retailer reviews. Put companies through the wringer before you plunk down your credit card number. There’s a reason that non-delivery/non-payment is the most common cybercrime complaint: it hurts when that happens, financially and emotionally.

That said—online reviews can be gamed. If you see nothing but positive feedback and can’t tell if the writers are legitimate customers, follow your instincts.

If nothing else, make absolutely sure you’ve got a concrete address and a working phone number for the seller. If things go bad, you have a place to take your complaint. In fact, call them before you order so you can clarify a return policy and where to go with any issues after the purchase.