Ecommerce is expected to make up more than 20% of global retail sales by 2023. For context, just two years ago, ecommerce sat at just over 14%. As online shopping becomes increasingly common, the prevalence of fraud has gone up with it. In 2019 alone, the number of online fraud complaints increased by more than 65%. And it’s not expected to get better any time soon.
Online shopping isn’t going anywhere. Unfortunately, neither are the scams that come with it. And while this isn’t a good reason to abandon your favorite online retailer, it does require some vigilance if you’re willing to enter a credit card number and send it into cyberspace.
Here are 10 tips to help you stay safe, ranging from the basics, to a few you’ve probably never considered.
Shop at legitimate websites
There’s a reason Amazon and Walmart dominate the online retail space. Not only are they massive and often cheaper than their competitors, but they’re trusted names that most people feel comfortable sharing their personal information with — including their credit card number and home address.
Of course, there are millions of other legitimate retailers online, too. Rather than shying away from an unknown, make it a point to do some basic diligence if you choose to shop there. A quick Google search, for example, could lead you to websites, forums or social media posts that could clarify whether this shop is legitimate. If it’s completely unknown, and you can’t find news articles or mentions on other websites, it’s probably best to steer clear.
Some other things that could help you verify are a business address that’s verifiable in any number of business directories (or even Google Maps — check street view too!) or a phone number with a person on the other end of it when you call.
That’s not to say that any of these things are foolproof methods for spotting a legitimate business, but each additional point of verification you can find should make you feel a little safer shopping there.
Create strong passwords
It’s 2021 and some of us are still using some mind-numbingly bad passwords. Using 123456 or “password,” believe it or not, is incredibly common even today. And not only are these passwords easy to guess on a single site, but most people reuse passwords across the web. This gives bad actors the opportunity not only to access your Amazon account, for example, but Gmail, Facebook, or even your bank account.
The recommendation from top security experts hasn’t changed in years: use a password manager with a strong master password. But don’t stop there; you should be using this to create strong and unique passwords for every site that requires a login.
Don’t forget physical security
When we talk about online shopping, one commonly overlooked point is the need to be mindful of physical security. Whether that’s guarding your credit card so that the person at the table next to you in the coffee shop doesn’t snap a photo, or logging off your PC so that it requires a password if you leave it unattended for a second, you always need to be mindful of where you are and who could be watching.
Even entering a password on your PC could be dangerous if someone were to get it on video, slow it down, and reverse engineer the letters, numbers, and symbols you’re typing.
If a field is optional, leave it blank. There’s no reason to add information that’s not needed to complete a transaction. Every data point you provide is one additional means by which unscrupulous people — whether it be webmasters, payment providers, or hackers — can use it against you. And in this case, that’s not just hacks, phishing campaigns and other online shopping scams, but additional information that these retailers (or online scammers) can sell to marketing agencies to help them sell you more products.
Check bank and credit card statements regularly
One of the best ways to find out if you’ve fallen victim to online fraud, or even identity theft, is to check bank and credit card statements regularly. While you’re at it, it’s never a bad idea to check your credit report, either. You should be checking your bank and credit card statements at least once a month, and pulling your own credit — known as a “soft pull,” one that doesn’t affect your credit score — at least once every six months.
If you spot something fishy, report it immediately to your bank or credit card company, and consider cancelling the card as well. These purchases are often covered by fraud protection policies at your creditor. Be sure to ask if these fraudulent purchases are covered.
Look for an SSL certificate
Most websites use SSL these days, but if you happen to find a site that asks for sensitive information, and doesn’t have the lock icon in the address bar of your browser, then run.
SSL stands for secure sockets layer and it’s essentially a layer of encryption that keeps sensitive data secure when sending it between two systems: your computer and Amazon, for example. This helps snuff out man-in-the-middle attacks, where someone intercepts the traffic from your PC before it gets to its destination. It’s a handshake, basically, between two trusted machines that reassures you that your data is being sent, and stored, securely. It’s not foolproof, but it’s better than the alternative.
Use a VPN
When shopping outside your home, you should never be sending sensitive data — passwords, credit card numbers, etc. — over an unsecure, or unknown network. While you’re generally okay using a network at Starbucks, for example — one that requires a password to authenticate your login — it’s still not a bad idea to use your own virtual private network (VPN).
A VPN works much like SSL in that it encrypts traffic between two sources, only unlocking, or decrypting it, once it reaches its target. VPNs, however, also offer additional layers of security by allowing you to hide (or change) your real location or other identifying information that would normally leak through your PC, depending on the VPN you choose, that is. ExpressVPN and NordVPN are two popular options and both will set you back less than $10 a month.
Use your phone
If it’s an option, consider using a mobile payment app like Apple Pay or Google Pay. Rather than requiring a credit card number, both options provide additional security by issuing a one-time-use authentication code. If it’s stolen, it can’t be reused by the person who swiped it.
This is also a better option if you’re shopping at a retail establishment. It allows you to avoid card skimmers, or better yet, to leave your credit card at home.
Try a single-use credit card
One of my favorite ways to shop online these days is with a single-use, virtual credit card. Rather than using your actual credit card, you can instead use it to fill a virtual one. It’s so easy to create these virtual cards that you can make a new one for every purchase, or each recurring subscription. For single use cards, you can add just enough money to cover the cost of the purchase, meaning even if there’s a breach that exposes your credit card number, or an attempted charge over the purchase amount, the card will simply deny it.
For recurring subscriptions, like Netflix, you can apply a monthly limit to cover only the price of the subscription. If it goes over that limit, the charge is denied and you’re notified. You can delete the card just as easily as you created it.
If you’re a Citibank or a Capital One user, you may have access to this feature inside your mobile app. If not, there are a number of services, like Privacy.com and NetSpend, that provide you with these throwaway virtual credit cards.
Report the scammers
Last, but certainly not least, don’t just take online scams as part of the shopping experience. If you fall victim to one of these scams, report it. You can file complaints with online marketplaces (like eBay and Amazon), complain to the web host, or escalate the matter further by reporting it to the Federal Trade Commission, your attorney general, or even the FBI for particularly egregious online crimes.
Now, go fill your virtual shopping bags. But please, do it safely.