Last Update: 1/22/2020
Online shopping has been gaining market share every year. Security breaches make headlines almost daily. With more and more shoppers going online, consumers are worried more than ever about keeping their online shopping safe and secure. In this article, we will help you shop more securely.
Secure your computer, web browser, Internet connection
Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.
1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online shopping when connected by a hardwired connection such as Ethernet.
Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.
The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.
4. Make sure you are shopping at a reputable online store that has a good reputation. Gone are the days when you could score a stellar deal on a iPad from a no-name vendor. Online shops need to buy and sell in volume to produce low prices. Check vendor review sites like Google Product Search, BBB online, or Reseller ratings for feedback.
5. Type the URL for the shop directly in the address bar, do not rely on a link from email. This helps prevent phishing scans. Make sure you are accessing the online store’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the online store takes orders over the phone.
6. When creating an account at the online store, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions. Using Paypal, Apple Pay, or Google Pay also solves the unique password problem.
7. Pay for your purchase with a credit card and not a debit card or check. This gives you the best purchase protection, under Federal law your liability is limited to $50.
Some credit cards allow you to create single use, virtual, or disposable credit card numbers. Try to use these unique credit card numbers whenever possible. Check your credit card issuer’s website to see if they offer this feature.
If possible, do not allow the online store to save your credit card number.
Remove your credit card and use prepaid gift cards on Facebook, iTunes, Playstation Network, and Xbox Live.
8. Another method to avoid transmitting your credit card number is by using Google pay or PayPal access. These checkout systems store your credit card number and prevent the number from being seen by the online store. Additionally when paying with PayPal, select the option that causes payment to come from your credit card, not from your bank account. This gives you more recourse in case of problems.
9. If you are using PayPal or buying from eBay, consider purchasing their PayPal Security Key that adds an additional log on step. You need to hit the button on the security key and type in the security code it displays before you can log into eBay or PayPal.
These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).
Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice instead.
- A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.
10. Sign up for alerts from your credit card vendor by email or text message. This will allow you to respond to any credit card fraud rapidly. Also carefully check each month’s credit card statement for erroneous or fraudulent charges. Consider checking your outstanding charges every couple of weeks via the credit card company’s website.
11. When shopping on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.
12. Explicitly logout of a website after you are finished. Do not just close the browser. This helps terminate your session officially.
13. Print out the confirmation screen of your order to ensure you do not get overcharged.
Things Not To Do
1. Do not shop when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.
Do you perform all the above? Do you have other security tips?