10 tips to shop more safely online and protect your privacy

Online shopping is no longer the novelty it was when the internet first came onto the scene three decades ago. Around 70% of Americans have browsed products, compared prices or bought merchandise online at least once, and e-commerce in the U.S. grew 44% in 2020. 

But all that money flowing through the internet has attracted attention from scammers and cyber-criminals. According to some estimates, the U.S. is responsible for around a third of global payment card fraud losses, making it the most fraud-prone country in the world. 

Luckily, there are a number of simple steps you can take to limit your exposure and make sure your private information is protected. 

1. Look for the lock icon 

When you’re on a secure website, you’ll see a lock icon directly to the left of the URL. The URL itself will also begin with “https” instead of “http” on unsecured websites. This means the website has been secured with a digital certificate that makes sure your information can’t be intercepted by a third party. These endorsements are given by Certificate Authorities, and web browsers like Google Chrome and Mozilla maintain lists of Certificate Authorities they deem trustworthy. 

That said, the presence of the lock icon isn’t a free pass to let down your guard completely. In an alert sent out in 2019, the FBI warned of a rise in scammers using “secure” websites as a part of phishing attacks. 

“They are more frequently incorporating website certificates — third-party verification that a site is secure — when they send potential victims emails that imitate trustworthy companies or email contacts,” the FBI wrote.

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told NextGov that his firm has found security certificates for sale online for thousands of dollars apiece. 

The FBI’s warning focused on the threat of “secure” certifications being used in phishing emails, but it also advises unequivocally, “Do not trust a website just because it has a lock icon or ‘https’ in the browser address bar.”  

In other words, you should never shop from a website that doesn’t have the lock icon, but the presence of a lock icon alone doesn’t mean you can ignore all other security measures. 

2. Use a password manager

On sites like Amazon that you shop on regularly, it’s essential that you use a strong and unique  password to protect your information. But having a strong and unique password for every website you use is a lot to ask your brain to remember. That’s where password managers come in.

On browsers like Chrome and Safari — and most smartphones — password managers come pre-installed, and often suggest strong passwords for you when you first create an account with a website. That way, you’ll only have to remember one password. 

If you want more security-related bells and whistles, you can also pay for a premium version of a password manager. These usually cost around $10 a year, and get you things like encrypted storage, the ability to share logins with other people and multifactor authentication.

3. Be wary of customer reviews

In the era of online shopping, it’s easy to be influenced by a good star rating. An increase of a single star on Yelp increases a restaurant’s revenue by 5% to 9%, according to research by Michael Luca, an associate professor of business administration at Harvard Business School.

But more and more, those aren’t the most useful metrics. One 2016 study published in The Journal of Consumer Research found that online reviews didn’t correlate to objective measures of quality as rated by Consumer Reports. The reason? Only about 1.5% of consumers leave online reviews, and they tend to be at the extremes. 

There’s also been a rise in fake reviews as e-commerce has grown. An article published in the Harvard Business Review last year found that 4.5 million Amazon sellers sourced fake reviews over a 10-month period. These products were most often in the $15-$40 price range, with an average rating of 4.4 and an average of 183 reviews. They were usually not name brands, and “the vast majority of sellers are located in or around Shenzhen, China.” 

Still, online reviews can give you some valuable information. But it’s helpful to avoid the most polarized perspectives. Look for reviews in the middle, which usually have the most honest and detailed accounts. For more expensive purchases, it’s also a good idea to check them against professional reviews from trusted sources like Consumer Reports. 

4. Check out as a guest

Most online websites will try to nudge you towards making an account when you buy something, but it’s usually not necessary — especially if you don’t plan on shopping there regularly. If there’s an option to check out as a “guest,” you should probably use it. Using guest checkout means that your personal data like your name, credit card number and address won’t be stored on the website in the event of a hack. 

5. Monitor your transactions regularly

You can do everything right and still have your information stolen. That’s why it’s so important to be vigilant about charges on your bank account and credit cards: The sooner you can identify fraudulent activity, the sooner you can stop it. 

Some scammers aren’t just looking to make purchases on your dime — they actually want to use your information to open accounts in your name. In addition to checking your transactions for suspicious activity, it’s also a good idea to regularly monitor your credit report through a credit bureau or online service. 

6. Enable two-factor authentication

Data breaches are inevitable, and at some point, one of your passwords will probably be compromised. But that doesn’t have to mean a green light for scammers to steal your information. 

By enabling multi-factor authentication, a user is required to provide a second form of identity other than a password when they’re logging in on a new device. This typically comes in the form of a text or email with a login code. Larger companies like Amazon and PayPal use this by default, but if it’s an option on other e-commerce sites you use, we recommend taking advantage of it.

7. Opt for a credit card over debit 

There are a few reasons to use a credit card instead of a debit card when you’re online shopping. Most credit card companies provide their customers “zero-fraud liability,” which means you won’t have to pay for purchases you didn’t make as long as it’s reported in a timely manner. 

Federal protections are also stronger for purchases made on credit. You’re only liable for a maximum of $50 of unauthorized purchases, and you’re not liable for any purchases made after you report your card lost or stolen. With debit cards, on the other hand, you could be on the hook for “all the money taken from your ATM/debit card account, and possibly more” if you don’t catch the fraudulent activity within 60 days. 

8. Turn on alerts

Most banks and credit card companies let you set up alerts any time a purchase is made on your account. If you want to be absolutely sure that no unauthorized charges have been made in your name, this is the best way to do it. You can usually limit this to transactions made online, by phone or by the mail, so you won’t have to deal with a notification every time you use your card in person. 

9. Use anti-malware software

You can protect yourself even further by using a quality anti-malware or antivirus program. It’s a good idea to use this wherever you online shop, whether it’s from your PC or phone. Fortunately, most products offer cross-platform protection, and many of them also include things like VPN access and password management, so you can control all your security settings in one place. 

10. Report scammers

If you run into a problem when you’re shopping online, you should try to work it out directly with the seller or site owner first. If that doesn’t work, your next step is to dispute the charge. But even after you get your money back, you should report the encounter if you think there’s fraudulent activity going on. Here’s where the FTC recommends reporting suspicious activity:

• The Federal Trade Commission at ReportFraud.ftc.gov
• Your state attorney general
• Your state’s consumer protection agency