11 Ways to Stay Safe When Shopping Online
You're reading this article online, so it's a safe bet that you also shop online. More than three-quarters of U.S. adults have shopped online, and nearly half do so at least once a month, according to a 2018 NPR/Marist survey of the digital economy.
It's clear that consumers feel comfortable shopping online. However, that comfort is often accompanied by complacency. Cybercriminals are more sophisticated than ever, and they are using tricks to easily fool consumers into visiting fake stores or opening phishing emails.
Here are 11 tips to help you beat the crooks and stay secure while shopping online.
Never reveal your Social Security number or driver's license number.
Your most valuable asset online isn't your credit-card number, but your personal information. The more you reveal about yourself online, the greater the risk of identity theft.
An online store will request your name, address, phone number, email address and billing information. If it asks for anything else, such as a Social Security number or a driver's license number, take your business elsewhere. No legitimate business needs that information for a simple purchase.
Shop online with credit cards, not debit cards.
As the personal-finance blog NerdWallet explained it, "With a credit card, the card issuer must fight to get its money back. With a debit card, you must fight to get your money back."
If a cybercriminal lifts your debit-card information, he has a direct connection to your bank account. If you don't monitor your account closely (which, of course, you should be doing), you risk being wiped out completely.
It is also much easier to report and reconcile compromised credit-card information than debit-card info. Credit-card customers have up to 60 days to report fraud before they're on the hook for stolen funds; debit-card customers have as little as two business days.
Consider using a prepaid card.
One exception to the "never debit" mantra is the prepaid debit card, the kind that you can buy in drugstores. You control the amount of money connected to the card, so there won't be an entire bank account for a criminal to tap into.
More importantly, a prepaid card isn't connected to any personal information beyond what you need to provide for purchase and delivery. That differs from credit and debit cards, which are linked to bank accounts or large lines of credit.
Make up the answers to security questions.
Any time you are asked to remember security questions based on personal information, fudge the truth. Sure, your mother's maiden name might be Pebble, but no one is going to know or care if you say it's Slaghoople instead. What's important is that you remember it.
Social media has made it easy for cybercriminals to gather all kinds of personal information that is used in answers to security questions. This is one time when it is OK to lie.
Use a dedicated shopping email address.
What does your personal email account hold? Chances are, it includes plenty of personal information, lists of contacts and archived correspondence that you don't want hackers to get access to. Your work email account may have even more sensitive information, including something that could compromise corporate data.
Avoid these risks by setting up a separate email account to be used only for online shopping. Doing so will make the information in your regularly used email accounts less vulnerable if there is a data breach involving the shopping site.
The other benefit of having a separate email address for shopping only is that any special offers, marketing blasts and other emails from these retailers will go to that account. That will make it easier for you to tell if similar emails coming to other accounts are spam. Just make sure that the shopping email account's username and password are different from those used by any of your regular email accounts.
Never click shopping links in an email.
We all get email messages from online retailers, but be very careful in how you handle them.
Even if a message shows up in your dedicated shopping email inbox, it isn't necessarily legitimate. Rather than clicking on the link in the message, go directly to the store's official website and search for the item on sale, or type in the codes for special offers.
At the very least, you should verify the link embedded in the email message. When you hover your mouse cursor over the link, the actual link will be displayed at the bottom of your browser's window.
If the link doesn't go to the store's legitimate site — make sure to read the link all the way to the end, as sometimes, an .exe file is buried in a legitimate-looking link — then delete the email message. And make sure that "o" isn't a zero instead, or that "l" isn't a 1.
Remember, if an offer in an email message or on social media sounds too good to be true, it almost always is.
Use smart password management.
Many data breaches you hear about involve unencrypted or poorly encrypted passwords. Once a cybercriminal has the password for one online account, the chances are very good that he'll be able to access other accounts with that same password. Why? Because many people use one or two basic passwords for everything.
That's why it is important to use a different password for every important account -- any account that involves money or personal information. It's OK to write the passwords down, as long as they are stored in a secure location, such as a locked desk drawer or in the "vault" of an encrypted password manager. Storing passwords in an email account or on a computer file puts them at risk of being stolen if your system is compromised.
Use two-factor authentication.
If an online store offers two-factor authentication, use it. (Amazon now does.) Yes, it may mean going through an extra step, such as typing in a code texted to your phone or generated by an authenticator app, but it adds a layer of security. It'll make it much harder for anyone who has your password to access that account.
Don't let shopping sites save your information or credit cards.
It's time-consuming to have to re-enter your name and address and dig out your credit card every time you visit an online store, especially if it is a site you visit regularly. (Many password managers can take care of this for you securely.)
Use store apps when shopping on mobile devices.
It is difficult, if not impossible, to do all of the standard safety checks you would do on a computer (checking links, checking browser connections) on a mobile device's web browser.
The safest way to shop on a mobile device is to use the store's own app — downloaded from an authorized app store — and use the cellular carrier's network or a secure Wi-Fi connection. Never use public Wi-Fi, even one with a shared password, to shop online or to make financial transactions; it is too vulnerable to attack.
Keep all of your software up-to-date.
No matter which device you use, don't go shopping online until you know all of your software is updated. That includes using the latest version of your preferred browser, having the best antivirus software installed and applying all of the most recent software patches, whether you're on a desktop, laptop, tablet or smartphone.