by Larry Magid
(this post has been updated for 2018 from previous posts)
With the holiday season underway, a lot of people will be shopping online this year. For the most part, it’s pretty safe but there are some basic precautions worth remembering.
One risk when shopping online is to be sure you’re dealing with a legitimate merchant who is not only honest but also exercising a reasonable amount of security. One option is dealing with merchants you know. But event that’s no guarantee when it comes to security.
Big names and trusted small businesses
Big names like Macy’s, Amazon, Target and Walmart have reputations to maintain and policies in place but — as millions of people who shopped at Target’s brick and mortar stores in 2013 learned, being big doesn’t mean they can’t suffer from data breaches. Don’t necessarily shy away from smaller and less known merchants, who sometimes offer extraordinary customer service and unique products. Plus, you’re supporting small businesses. But if you are dealing with a business you’ve never heard of, do a little research by typing their name into a search engine or customer review site to see what people are saying about them. If they have a phone number listed, give them a call. A phone conversation gives you a lot more clues than a website.
If you’re not sure about a website or an app:
- Do a web search to see what folks are saying. You can type the name of the merchant and the word “scam” to see if people are accusing them of anything, but take those results with a grain of salt. It’s extremely common for even the most reputable companies to get some negative comments. Look for a preponderance of comments or ones from highly reputable sources like a Better Business Bureau or a trusted editorial site.
- Look to a physical street address and a phone number, and maybe call them to just see what kind of vibe you pick up from a brief conversation.
- Look at the reviews on any app in the app store
- Be very careful to make sure an app that’s “associated” with a retailer or brand is really from that brand and not just using their name
- Look for a https in the browser’s address bar. The “s” stands for secure, indicating that the information is encrypted. It doesn’t absolutely guarantee security, but it’s important.
- Use secure and unique passwords that you change periodically. For more on this, visit ConnectSafely.org/cybersecurity.
- Use a credit card if possible or, if not, use a debit card, PayPal or some other payment service that offers fraud protection. Credit cards are best because if you do dispute a charge, the card issuer will remove it from the bill while it is being investigated. With other payment forms, you may be out-of-pocket immediately until the issue is resolved in your favor.
Be careful when using WiFi
- If you have a choice, avoid shopping or otherwise giving out credit card information on public Wi-Fi sites.
- It’s better to do it from home or a site protected with a secure password
- When away from home, it’s best to use your cellular signal rather than WiFi even though it may eat into your data plan (shopping doesn’t usually consume much data). You can either shop via a phone app or tether your laptop to your phone’s wireless plan.
- If you are using a public WiFi network, make sure it’s legitimate. It’s possible for scam artists to set up their own networks that look like ones from a merchant, airport or hotel so ask a staff member the name of their network before logging on.
Safe passwords and log-in systems: The longer the password the better and it should not be a name or a word in the dictionary. One trick is to think of a long phrase that’s easy to remember like I met Sally Jones at Lincoln High School in 1985. Add a letter or two to make it unique to that site and use different letters for each site.
An even more secure method is to use dual or multi-factor authentication. Many sites, banks and merchants offer an option that allows you to require that you verify your identity with your cell phone whenever you log in from a new device. After you type in your username and password, you’re typically sent a text message with a short code that you have to enter to access the site. It’s slightly inconvenient but adds a big level of extra security and — in most cases — is only necessary when you’re using a new device to log in. This feature is also available for most web-based email services, which is important because email is often used as a way of recovering passwords.
You’ll find more password tips at ConnectSafely.org/passwords.
- Make sure you know the company’s return policy and pay attention to the final price, including shipping and tax. Shipping and handling charges can vary widely.
- As always, keep your operating system and any browsers or apps you use up-to- date. That’s helps protect you against known security flaws that have been fixed.
- Read the “fine print” before conducting transactions. Know shipping and handling charges and if you’re signing up for something other than what you want. Try to figure out a site’s cancelation policy before signing up for any ongoing services.
- Make sure all your files are backed-up. Keep a back-up of all your data, preferably off-premise using a cloud service like Dropbox, Microsoft One-Drive or Apple iCloud, which backup files as they are created or modified. If something goes wrong with your device, the files that matter can easily be retrieved.
The Federal Trade Commission has more tips, including advising consumers to not send financial information by email because “Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number.”
Brick and mortar dangers
There are also dangers associated with brick and mortar shopping. Check your credit card statements online frequently to protect against fraudulent charges and data breaches against merchants and banks. When shopping in person, watch out for pickpockets, drive and park carefully and try to relax and smile at the clerks and your fellow shoppers. In today’s hyper connected world, someone’s “Gonna find out who’s naughty or nice.”