Skip navigation.
DIY Online Security
Because it matters and its easy once you know how!
 Basic Computer Security | Online Safety | Terms Of Use | Risks | Feedback
Home

Safe Online Shopping

As mentioned before there are some great bargains to be had on the Internet – but you need to exercise caution when shopping on-line.

This article is going to discuss how you can protect yourself whilst shopping online.

There are several ways you can buys goods on the Internet. For example you could visit a very big online shop such as Amazon.co.uk or Amazon.com or various airlines. You could visit an auction site such as Ebay or you could buy from thousands of smaller retailers. Finally you may see an advertisement in some classified listing and decide to buy from that individual.

Each method of shopping described above carries advantages and dis-advantages. By buying from big reputable brands you reduce the risk of being scammed, but on the other hand their prices may not be as keen as from a smaller retailer or on Ebay.

Thus you need to decide the level of risk you are comfortable with.

Prerequisites

Even before you set out to do any online shopping there are several prerequisites that you must know about. Your computer must not be infected with malware or trojan (see how to sanitise) and it must have a minimum level of security. There is no point in shopping on line if your computer has been compromised since it is likely that your credit card and or debit card details would be stolen as soon as you started using them.

Also read the credit card or debit card agreement you got from your card provider as to their policy with respect to you using it online. Some credit card providers in some countries provide protection if your credit card details become compromised through your use of the credit card online. Also furthermore in some countries, e.g. the UK, some credit card companies will protect you if the goods you order online do not turn up or turn up damaged, etc. Thus in most cases it better to use a credit card as opposed to a debit card. If you cannot get a credit card then prepaid credit cards are available.

Check also what you are liable for if something goes wrong whilst you are shopping online some credit card companies have a minimum you must pay e.g. the first £50 GBP or £100 GBP. Some credit card companies advertise the protection they offer you, to give you peace of mind whilst your are shopping online.

However, they all expect you to observe a minimum level of computer security, especially with respect your computer i.e. it must not be infected and also they expect you to keep confidential all user names and passwords and other credentials you use to log on to various websites.

For the above reasons it is probably not wise to use an Internet cafes' / library / or any other public computers for online shopping (and certainly not for online banking) since it is very difficult for you to be sure that their computer is not infested with malware, trojans, etc. It is not uncommon for hardware key loggers to be installed on the computers in some Internet cafés. These key loggers will record all keystrokes entered into the computer. (A hardware key logger is a tiny plug (approx 1cm diameter x 2cm) that goes between the keyboard and computer. Most of the time people will not spot it is there. Also the attackers tend to leave it in place for a few hours and will discretely remove it to analyse its contents at their leisure away from preying eyes.)

Furthermore, it is likely that your confidential details can easily be observed by other people standing around you.

Staying safe whilst carrying out your on-line shopping is a mixture of a lot common sense and some technical understanding of what is involved.

If the bargain sounds too good to be true then it probably is a scam!

“Caveat emptor” is Latin for "let the buyer beware" – and this should be your guide whether you are shopping at a bricks and mortar shop or online.

What follows is a simple set of rules that should dramatically reduce the risk of you suffering losses as a result of your On-line shopping activities.

Rule 0

Make sure you use a computer with a minimum level of security (as described here ) for your On-line shopping activities, preferably in your own home / private office so that you cannot be observed entering the confidential information.

Make sure all your software is up to date. You have firewalls, antivirus software, anti-spyware software, etc as described here .

Rule 1

DO NOT use computers in public places e.g. internet cafes, libraries, conferences, trade shows, etc. Most of them will probably be infected and or compromised. Furthermore, unless you are an expert, your details, especially your private information such as name, address, credit card numbers, etc will be very hard to remove from the computer after you have finished shopping. Even if you close the browser after you have finished using it all your confidential details may still remain in the computer for someone else to retrieve.

Rule 2

DO NOT use public wireless hotspots which ask you to enter your credit card / payment details at the time of use as there are a number of attacks that can be done against wireless hotspots and when your laptop connects to it. If you need to use a wireless hotspot use one that is either completely free or one that you have prepaid in advance from your home Internet or some other secure Internet connection. Also, when using public wireless hotspots it is vital that you use as a minimum a software firewall. See the following link for minimum computer security.

Rule 3

Only shop from reputable companies that you have a degree of trust in their brand.

Rule 4

Use a credit / debit card that provides you with the most protection – this will depend on your country and the agreement with the card provider.

For example in the UK credit cards are governed by the Consumer Credit Act 1974 which has number of safe guards built in to protect the consumer. “An advantage of using a credit card is that, under section 75 of the Consumer Credit Act 1974, customers who have a claim against a supplier for breach of contract or misrepresentation will generally have an equal claim against the card issuer.” see http://www.financial-ombudsman.org.uk/publications/ombudsman-news/31/creditcards-31.htm

Thus generally it is better to use a credit card online a opposed to a debit card.

There are now prepaid credit cards which are available in some countries which effectively limits your exposure to the prepaid amount. The only problem is that the card can be lost and you will lose all the monetary value associated with it.

Rule 5

If you use a payment service such as PayPal make sure you have understood their terms & conditions. For example in the UK if you use your credit card via PayPal to pay a merchant you will lose the protection that using a credit card offers you since the contract is between the credit card company and PayPal and not the final merchant. Ebay has its own PayPal dispute resolution mechanisms.

Rule 6

Research the product / service you wish to buy and make sure you have got the exact specification and identification of that product so that you can compare like with like on various website. It is also a good idea to use the price comparison services such as kelkoo or pricerunner.

Rule 7

Research the merchant and read the feedback ratings other shoppers have given, especially on independent comparison sites such as kelkoo and pricerunner.

Rule 8

If you are using an auction site such as ebay make sure you have read all their help and FAQs especially relating to security and how you should shop on their sites safely.

Rule 9

Read the merchant's Terms & Conditions that you are going to buying from, including understand any additional charges such as Postage & Packing that you may incur as a result of your transaction. Also make sure you understand their returns policy with respect to faulty goods – they may not have one!!!
Some credit cards charge you an additional fee especially if you are buying goods in a foreign currency – this fee may be hidden in the exchange rate the card provides.

Note: If you buy from aboard over the Internet you may be charged import duty and or other taxes such as Value Added Tax depending on your country, where you buying from and the types of goods you are buying. Thus even though the sales price of the goods on the particular website may be very competitive, the delivery company or the customs people may collect additional payment before they release the goods to you.

Rule 10

Make sure that the website you are buying from using “Secure Socket Layer” or SSL when transmitting your confidential information such as your name, address, credit card number, expiry date etc. Your browser will inform you when you have entered a secure session. It will display a pad lock at the bottom right hand corner of the browser window. In the address bar it will show https:// at the start of the website address.

DO NOT enter your confidential information such as name, address or credit card number if the icon of the pad lock is missing or broken.

Rule 12

When you set up an account with a website merchant make sure you use a strong password. I.e. a mixture of upper and lower case, at least 6 characters long, letters and numbers. A good way of remembering a strong password is to pick a sentence from a poem, song or favourite passage of text and use the first letter of each word inter-spaced with numbers as your password.

You should not use words that can be found in the dictionary. Don't use your pets name, spouses name, dates of birth, etc – i.e. things that can be easily guessed about you if someone even knows you slightly.

Rule 13

DO NOT use the same password for different websites. This is like putting all your eggs in one basket.

Rule 14

Never reveal your banking PIN, banking log on credentials, bank ATM (cash machine) PIN etc to any website, unless you are doing online banking and then only use your banks instructions on how to log on. There are lots of scams and social engineering attacks designed to make you reveal your card or bank details so as to empty your account!

 Rule 15

Heed your browser's warnings, e.g. if it says the SSL certificate is expired, wrong, bad, or any other error DO NOT continue shopping with that site.  You may not understand the specifics of the technology, but you must heed the warnings your browser gives you.  The SSL certificate signified by a padlock and no warning is one of the main defenses against your information being stolen.  (For those curious SSL is used to protect your data in transit and to prevent "man in the middle" attacks). 

Note: We are not lawyers so always check the law and the regulations in the country where you live. If you are not sure seek professional legal advice.

Bookmark/Search this post with:
delicious delicious | digg digg | reddit reddit | furl furl | yahoo yahoo
» login or register to post comments | email this page | printer friendly version