Tips for safe online holiday shopping


This post is adapted from one that first appeared in the San Jose Mercury News

It’s hard to believe Black Friday and Cyber Monday are only days away. If this year is typical, throngs of people will be crowding stores starting on Friday, and those not pounding the pavement at brick-and-mortar stores will be pounding their keyboards or mobile screens to shop online.

Cyber Monday, which is the first working day after the Thanksgiving weekend, is a marketing term used to persuade people to shop online that day. It started years ago when relatively few people had high-speed connections at home, so shopping from work was a much better experience. Besides, why waste your weekend shopping when you can do it from work at your boss’ expense?

Shopping online can be a great way to save time and — in some cases — money on holiday gifts. Another advantage is that you can have the gift shipped directly to the recipient, often gift wrapped and with a card for a small extra charge. Disadvantages include diverting money away from local merchants and not able to touch the merchandise or take it home with you. So I still urge people to shop locally while also taking advantage of online deals.

With a couple of exceptions, I’ve had good experiences shopping online. I’ve never been a victim of merchant fraud, but I once did order a camera at a price that was “too good to be true” and wound up getting the camera minus the battery, and charging cable. After a bit of arguing on the phone they did take it back — the merchant may have been sleazy, but not criminal.

Still, you need to be careful. Symantec reports that “every second, 18 adults become a victim of cybercrime, resulting in more than one-and-a-half million cybercrime victims each day on a global level.” You don’t want to be one of them.

Just because you haven’t heard of a company doesn’t necessarily mean it’s not trustworthy. But if you venture away from the major e-retailers or retail chains, it’s a good idea to do a little homework before forking over a credit card and your home and email address.

  • Google (or Bing) them to see what folks are saying. Sometimes I’ll type in the name of the merchant and the word scam to see if people are accusing them of anything, but I take those results with a grain of salt. It’s extremely common for even the most reputable companies to get some negative comments. What I look for is a preponderance of comments or ones from highly reputable sources like a Better Business Bureau or a trusted editorial site.
  • Look to see if there is a physical street address and a phone number, and sometimes call them to just see what kind of vibe I pick up from a brief conversation. I always use a credit card because that affords me some protection against scams and fraud. Debit cards and PayPal also offer some protection, but I still prefer using a credit card because if there is a problem, the card issuer will suspend the charge while it’s being investigated. With a debit card or PayPal, you have to get them to put money back in your account.
  • When you’re on a retail site, look for a https in the browser’s address bar. The “s” stands for secure, indicating that the information is encrypted. It doesn’t absolutely guarantee security, but it’s important.
  • And be sure to use secure and unique passwords that you change periodically. For more on this, visit
  • If you have a choice, avoid shopping or otherwise giving out credit card information on public Wi-Fi sites. It’s better to do it from home or a site protected with a secure password. I have to admit I sometimes don’t take this advice, but it does increase the risk a bit.


Regardless of how you do your online shopping, keep a close eye on your credit card statements, especially during the holidays. Almost all banks and credit card companies offer online access and they usually post debits immediately or within 24 hours of a charge. If you see something you don’t recognize, call or send them a message right away to make sure your card number isn’t being misused.

During the holiday season you might get email with product pitches or charity appeals. If so, be careful about clicking on links. It could be a “phishing” scam designed to send you to a site that looks legitimate but isn’t. If you’re interested in what they’re offering, type in the address manually in your browser to be sure you’re going to the right place. Be very careful if the URL doesn’t end in the actual Web address of the company. For example, email from Chase bank ends in If it were something like you’d have a very good reason to be suspicious.

And as wonderful as it is to be generous during this season (and take advantage of last-minute tax deductions) it’s important that your money go to a real charity, not a scammer. Beware of any email pitches even if they appear to come from legitimate charities. If they do seem legitimate and you’re inclined to give, don’t click on a link, but go directly to that charity’s website to make your donation.

And don’t forget to be careful if you shop in retail stores. Keep your eye on your credit cards and wallet and drive and walk carefully. When it comes to physical injuries, shopping mall parking lots are infinitely dangerous than the Internet.