By Larry Magid
With the holiday season underway, a lot of people will be shopping online this year. For the most part, it’s pretty safe but there are some basic precautions worth remembering. On Black Friday alone, consumers spent more the $3 billion online, according to Adobe.
One risk when shopping online is to be sure you’re dealing with a legitimate merchant who is not only honest but also exercising a reasonable amount of security. One option is dealing with merchants you know. But even that’s no guarantee when it comes to security.
Big names and trusted small businesses
Big names like Macy’s, Amazon, Target and Walmart have reputations to maintain and policies in place but — as millions of people who shopped at Target’s brick and mortar stores in 2013 learned, being big doesn’t mean they can’t suffer from data breaches. Don’t necessarily shy away from smaller and less known merchants, who sometimes offer extraordinary customer service and unique products. Plus, you’re supporting small businesses. But if you are dealing with a business you’ve never heard of, do a little research by typing its name into a search engine or customer review site to see what people are saying about them. If they have a phone number listed, give them a call. A phone conversation gives you a lot more clues than a website.
If you’re not sure about a website or an app:
- Do a web search to see what folks are saying. Type the name of the merchant and the word “scam” to see if people are accusing them of anything, but take those results with a grain of salt. It’s extremely common for even the most reputable companies to get some negative comments. Look for a preponderance of comments or ones from highly reputable sources like a Better Business Bureau or a trusted editorial site.
- Look for a physical street address and a phone number, and maybe call them to just see what kind of vibe you pick up from a brief conversation.
- Look at the reviews on any app in the app store.
- Be very careful to make sure an app that’s “associated” with a retailer or brand is really from that brand and not just using their name.
- Look for a https in the browser’s address bar. The “s” stands for secure, indicating that the information is encrypted. It doesn’t absolutely guarantee security, but it’s important.
- Use secure and unique passwords that you change periodically. For more on this, visit ConnectSafely.org/cybersecurity.
- Use a credit card if possible or, if not, use a debit card, PayPal or some other payment service that offers fraud protection. Credit cards are best because if you do dispute a charge, the card issuer will remove it from the bill while it is being investigated. With other payment forms, you may be out-of-pocket immediately until the issue is resolved in your favor.
Be careful when using WiFi
- If you have a choice, avoid shopping or otherwise giving out credit card information on public Wi-Fi sites.
- It’s better to do it from home or a site protected with a secure password
- When away from home, it’s best to use your cellular signal rather than WiFi even though it may eat into your data plan (shopping doesn’t usually consume much data).
- If you are using a public WiFi network, make sure it’s legitimate. It’s possible for scam artists to set up their own networks that look like ones from a merchant, airport or hotel so ask a staff member the name of their network before logging on.
Safe passwords and log-in systems: The longer the password the better and it should not be a name or a word in the dictionary. One trick is to think of a long phrase that’s easy to remember like I met Sally Jones at Lincoln High School in 1985. Your Yahoo password could be the first letter of each word, upper case when appropriate with a symbol and numbers plus a reminder of what site it is like ImSJaLHSi!85YH. The YH at the end stands for Yahoo. Use different letters for each site that you’ll remember and change the password every six months or so or if you have any reason to believe it may have been compromised. Also consider using services with two factor authentication (you typically get a verification code on your smartphone to make sure it’s you). Here are Tips for Strong, Secure Passwords & Other Authentication Tools from ConnectSafely.
An even more secure method is to use dual or multi-factor authentication. Many sites, banks and merchants offer an option that allows you to require that you verify your identity with your cell phone whenever you log in from a new device. After you type in your username and password, you’re typically sent a text message with a short code that you have to enter to access the site. It’s slightly inconvenient but adds a big level of extra security and — in most cases — is only necessary when you’re using a new device to log in. This feature is also available for most web-based email services, which is important because email is often used as a way of recovering passwords.
- Make sure you know the company’s return policy and pay attention to the final price, including shipping and tax. Shipping and handling charges can vary widely.
- As always, keep your operating system and any browsers or apps you use up-to- date. That’s helps protect you against known security flaws that have been fixed.
- Brick and mortar dangers
- Read the “fine print” before conducting transactions. Know shipping and handling charges and if you’re signing up for something other than what you want. Try to figure out a site’s cancelation policy before signing up for any ongoing services.
- There are also dangers associated with brick and mortar shopping. Check your credit card statements online frequently to protect against fraudulent charges and data breaches against merchants and banks. When shopping in person, watch out for pickpockets, drive and park carefully and try to relax and smile at the clerks and your fellow shoppers. In today’s hyper connected world, someone’s “Gonna find out who’s naughty or nice.”
From the FBI: Additional steps to avoid becoming a victim of fraud:
Here’s some additional advice from an FBI press release
- Check bank and credit card statements routinely, including immediately after making an online purchase and weeks following the holiday season.
- Only purchase merchandise from a reputable source.
- Don’t trust a website to be secure just because it claims to be.
- Do not respond to spam e-mails or click on links contained within them.
- Avoid filling out forms contained in e-mails that ask for personal information.
- Be cautious of all e-mail attachments and scan them for viruses before opening.
- Verify requests for personal information from businesses or financial institutions by contacting them using the main contact information on their official website.
- Be cautious when dealing with individuals outside of your own country.