How to shop online safely

With some simple tips, make shopping online a safer experience this holiday season.

Lexy Savvides Principal Video Producer
Lexy is an on-air presenter and award-winning producer who covers consumer tech, including the latest smartphones, wearables and emerging trends like assistive robotics. She's won two Gold Telly Awards for her video series Beta Test. Prior to her career at CNET, she was a magazine editor, radio announcer and DJ. Lexy is based in San Francisco.
Expertise Wearables | Smartwatches | Mobile phones | Photography | Health tech | Assistive robotics Credentials
  • Webby Award honoree, 2x Gold Telly Award winner
Lexy Savvides
5 min read

Lexy Savvides/CNET

As holiday season approaches, shopping online is an attractive option for grabbing plenty of bargains.

Like any transaction, there are security issues to keep in mind when buying online, but with some common sense you can minimize the risk.

Even if you consider yourself a seasoned online shopper, it's always worth a reminder to make sure your experience is the safest it can be.

General tips

  • Don't send your credit card details via email, post them on social media (even in a private message), or enter them on an unsecured website
  • Don't give away more information than you need. Retailers generally don't need to know details like your date of birth or social security number, so why disclose it if you don't have to?
  • Check for a physical address and contact details like phone numbers for the vendor before buying
  • Remember to log out of your account after making a purchase

Keep your PC, Mac or mobile device up to date

This means regularly checking for updates to your operating system, as well as ensuring apps and browsers are also kept up to date with the latest version. Running regular antivirus and malware scans is recommended to help avoid compromising your personal details to tools such as keyloggers.

Also, get into the habit of using strong, unique passwords for each online store you buy from. If you haven't changed your password for an existing account in some time, do it now. Password managers are a great tool if you have trouble generating and remembering unique passwords.

Keep it private (and separate)

Avoid using public Wi-Fi or public computers when shopping online. This includes library or airport PCs.

If you have to make a purchase when out and about, turn on cellular data on your mobile device rather than using Wi-Fi. A VPN is also a great option for adding another layer of security.

Firefox on the left and Chrome on the right. Lexy Savvides/CNET

It's worth using a separate browser that you regularly keep up to date for shopping and banking online, and another for everyday web use.

Consider opening a second email account specifically for online shopping purposes to help minimize spam, and keep a track of which service is using your email address for what purpose.

If you have a Gmail account, you can append a plus symbol (+) to the end of your username to help filter your email. For example, you could enter your email address in the format of "johndoe+amazon@gmail.com" and then set up a filter within Gmail so everything sent to that address goes straight to a label called "Amazon".

Research your retailer

Make sure to fully check out the retailer's credentials if it's not a big name you have heard of before. A quick search of the site name should turn up results and reviews about the service, but keep an eye out for overly positive reviews on user forums that might not be legitimate.

Both a lock and https in the URL show you that the site is using a secure connection via SSL. Lexy Savvides/CNET

Ensure that the site is using a secure connection, which is marked by https:// in the browser bar and a number of other indicators including an image of a lock. Some sites have an icon called a trust indicator or security seal that shows that the retailer is independently verified by a third party, such as an antivirus provider.

Use a payment method with buyer protection

Lexy Savvides/CNET

Although debit cards ensure you are using your own cash to make a purchase, many do not offer the same robust buyer protection as other options if something does go wrong. A credit card, PayPal or a virtual wallet option give you more flexibility when it comes to requesting a chargeback.

A chargeback is when a transaction is reversed and a refund is given to you as the buyer. It can either be initiated by your bank on detection of fraudulent activity, or you can initiate a chargeback depending on the situation. Check with your bank for details.

Another option that you might consider using to add another layer of protection is a single-use credit card number. These are tied to your regular credit card but provide a unique number to be used for one transaction so your actual credit card number is not compromised. This is particularly useful if there is a breach somewhere along the chain that might reveal your credit card details. Again, check with your bank to see if this is an option.

Although it makes it very convenient to make repeat purchases, it is worth unchecking any option that lets the retailer store your credit card details on file. This way if your account is compromised, at least your financial details are not revealed.

Shopping on your smartphone or tablet

Apart from the tips outlined above, there are a few things to be aware of when shopping on a mobile device. Set a password, pattern or PIN lock on your smartphone, and adjust the settings so the screen locks automatically after a set period of inactivity.

The vendor's own app might be a convenient way to make a purchase, but find out if it is using a secure connection to transmit your personal information and transaction details. If unsure, it's best to use the website through a mobile browser.

Lexy Savvides/CNET

Turn off Bluetooth if you are not using it, and check what permissions applications are asking for before you install them. Also, jailbreaking or rooting your device may open up more features but it can leave it more open to threats.

Finally, if you lose your device and it has personal information on it such as credit card info, or you left it logged in to an account which has access to your credit card or bank details, make sure you can remotely wipe and disable your device. For iOS, enable Find My iPhone from the settings. Android users can use Google's Android Device Manager to remotely lock and erase the handset or tablet. Windows Phone owners can use the Find My Phone feature on windowsphone.com to erase the handset if lost.

Calculate the total cost

Take into account shipping, sales tax and any other taxes or charges that might apply, especially when importing goods from overseas. Product doesn't suit or you need to get a refund? Check the retailer's policies before making the purchase to work out if you need to cover return costs and any extra fees or charges you need to pay.

It's also worth shopping around to find the best deal on the same product. Don't just assume your favourite online retailer is always going to have the best price, as you might be able to find a better deal elsewhere.

Something went wrong?

Your first port of call if something goes wrong with an online transaction should be the retailer. If you need to report identity theft or fraud, each country has a local service where you can report the issue.

If something looks suspicious, it probably is. Regularly keep an eye out for online scams on the relevant sites. Find information on USA.gov, Scam Watch in Australia and Action Fraud in the UK.