Safe Online Shopping - A Quick Overview online security, ecommerce scams, ecommerce safety, safe shopping websites, legitimate web stores Safe Online Shopping - A Quick Overview How to Shop Safely on the Web

by Jennifer Grant of

The commercialization of the Internet has changed the way we think of shopping forever. Instead of spending money on gas and fighting traffic to get to our favorite stores, we can now lounge 24/7 in front of the computer, selecting items from a global bazaar of goods. Sounds great, doesn’t it? In theory, it is.

However, all one needs to open up shop on the Internet is a web site, a database of product images, and inexpensive software to process payments. One does not need a warehouse full of inventory, or even need to be a legitimate business, to start collecting money on the Internet. Because the startup and overhead costs are so low, pretty much anyone can build a professional looking web site. But how do you tell if they’re legit?

The confusion around legitimacy is how e-commerce scams happen. You find something you’d like to buy online, enter your credit card information into a form, hit submit, and wait for your goods to arrive… but they never do. Or, what you receive is not what you paid for (counterfeit watches are a good example). Scams happen with online services, too. You pay for a subscription – maybe an online publication or an adult site – and you never receive a password giving you access, or the info you do receive is invalid.

Credit card fraud is when someone obtains your credit card number, either online or off, and uses it to make purchases without your knowledge or permission. The anonymity of the Internet, and the ability to enter separate billing and shipping addresses on most shopping cart forms, enables criminals to use stolen information easily. They also frequently make use of companies that offer overnight shipping. The thief receives the goods quickly and is able to disappear before the fraud is discovered.

One misconception of Internet shopping is that your credit card information is inherently insecure. The reality is that anytime you give someone your credit card number, it could be stolen, whether you’re online or off. If you open a tab at a bar or restaurant, your credit card is likely more exposed than it would be online, because the wait staff and countless other people have the opportunity to look at it and copy down the number. If you make bill payments over the phone, the operator and everyone with access to her system can see your credit card information. Also remember that offline credit card payments are always entered into a computer at some point, and all computers are hackable. If you order online from a secure, legitimate web site, your personal information is actually safer than it would be in the bricks and mortar world.

Secure Surfing

Your browser, which is the software you use to surf the Internet, should be able to handle Secure Socket Layer (SSL). This is an encryption method that scrambles private information you send into cyberspace. Internet Explorer and Netscape are SSL-compatible browsers. SSL is a very common way for e-commerce sites to collect data, and you should be wary of purchasing from anyone who does not use it.

There are two ways to tell if a site is using SSL. In Internet Explorer, look on the top left corner of the screen, where the word “Address” appears. (In Netscape, look to the right of the round “stop” button with the “X” in it.) The information in this area is called your browser string, and it tells you exactly where you are on the web. The browser string can be short or long, but it always starts off like this:

If it looks like this:

With an “s” in front of the “http,” the site is using SSL and is therefore secure.

There is also a lock icon on the bottom right corner of the browser window, in both Explorer and Netscape. If it’s unlocked, the web page you are on is not secure. If you are on a secure section of a web site, the lock will be fastened closed.

Not all pages on a web site need SSL, only the ones that process sensitive information. So if you’re browsing a site and putting items in your shopping cart, you won’t necessarily be on a secure connection. But when you get to the page where you enter credit card information, check the lock icon and the browser string to ensure it’s secure.

Establishing Identity

Because it’s so easy to look professional on the net, it’s important to verify the identity of the company you’re buying from. Legitimate e-tailers should have no reason to hide their physical address, even if it’s a post office box. At the very least, there should be a phone number with a live person on the other end. Avoid shopping at sites that only let you contact them via e-mail, or not at all. If there is a problem with your order, you need to be able to get in touch with the company immediately.

A web site using SSL technology must acquire a certificate from a company that establishes their identity. The leading ones are Verisign, Geotrust, and Thwate. Many sites will post a link with an icon from their certificate provider, and you can click on it to see if their identity has been confirmed. Also make sure the certificate is not expired, since they must be renewed periodically. If you’re considering purchasing from a site and you can’t find information on their SSL certificate, consider it suspect.

Auction sites like Ebay offer seller reviews, and it’s wise to read these before you purchase. If a seller has only positive reviews, they are considered reputable. If a seller does a lot of business on the site and has only a few negative remarks, they’re still probably okay. If they sell infrequently and have any negative feedback from their customers, they are most likely unprofessional and you should steer clear.

Protecting Your Privacy

You should be able to easily determine how an online company uses the information it collects about you. You should also be able to opt out or unsubscribe from any mailing lists. Is their privacy policy clearly posted on their web site’s navigation? Is it easy to understand or a just bunch of legalese? If the company does not clearly state how they use your personal information, consider it a red flag.

Cookies are small data files stored on your computer’s hard drive that allow companies to track how you navigate their site. They are also used to pre-populate forms, so you don’t have to enter your address and other information each time you re-visit the site’s shopping cart. Most sites use cookies, and won’t let you access certain areas without them. However, a reputable company won’t use them to store personally-identifiable information, and they’ll clearly state their policies.

Companies like can help you monitor and affect how your private information is displayed online.

Returns and Customer Service

If an online company is reputable, they will have a reasonable return policy and post it where it’s easy to find. Many businesses offer postage paid returns, but be sure to check first so you are not surprised later. Most good sites also offer package tracking once your order has shipped. Always print your order confirmation web pages and e-mails so you have records of your online purchases.

You should be able to easily contact customer service via e-mail or phone, ideally both. Beware of shopping at sites that only let you fill out a form in order to contact them. Some sites use forms to eliminate spam e-mails, but a legitimate company that does this should have no problem providing a phone number.

Legal Stuff

The Fair Credit and Billing Act allows you dispute charges on any unauthorized use of your card, and credit card companies are generally on your side with such things. If you initiate a chargeback on your card, it’s usually the online merchant’s responsibility to prove that they did indeed deliver the goods or services as promised, before the chargeback is reversed.

There are also mail and telephone commerce laws that say (unless stated otherwise) that online retailers must deliver the items you ordered within 30 days, and must notify you of any delays.

Good Communication Goes Both Ways

You can also make your online shopping experience go smoothly by checking your order form before you submit it. Make sure your shipping and billing addresses are correct, and double check your e-mail address to make sure it’s valid. A legitimate company will get in touch with you if there is a problem with your order, but they can’t do that if you haven’t provided accurate contact information.

Knowing what you are getting into is the trick to shopping online safely. If a company generally makes itself accessible to its customers, uses SSL, and clearly posts its contact information, return policy, and privacy statement, it’s probably safe. Use your common sense and the guidelines above, and you’ll find that shopping online is just as safe as going to the mall.

Suggested Reading