8 tips to keep your cards safe while shopping online
By Dana Dratch | Published: November 30, 2011
Gearing up for a little online shopping?
You've probably already heard the holiday tales of phishers and hackers and scammers (oh, my!) who lurk in the corners of the World Wide Web.
But staying safe and secure on the Internet means following the same overarching rules you would to visit your local mall: Keep your wallet safe, don't talk to strangers and stick to places you know and trust.
The good news: With a credit card, federal law limits your liability for fraud or unauthorized use to $50. And many card networks cut their customers' liability to $0.
So after that, it's just a matter of making it easier for you -- and more difficult for thieves and con men -- to use your cards.
Want to keep your cards and data as secure as possible while shopping online? Here are eight tips to help:
1. Be careful with those URLs.
Spammers know what they're doing. Sites can look realistic right down to the (stolen) insignias that promise online safety and security.
But sometimes the best way to thwart them is just to go old school: When you want to visit a site to make a purchase, skip the links and carefully type in the address yourself, says Mari Frank, attorney and author of "The Complete Idiot's Guide to Recovering from Identity Theft." And double-check it before clicking -- one mistyped letter could land you on an entirely different kind of site.
One good reason to type it yourself: You can't trust the links that you receive in an email (or from that great online forum) are genuine. Even bookmarks can occasionally be corrupted, says Frank.
Have a lot of sites to hit to compare prices? Use some of the well-known comparison-shopping sites, she says. That way you cover a lot of ground, don't have to visit dozens of individual sites and you're using the shopping sites to vet your e-stores, she says.
2. Stick to respected card issuers and vendors that treat you well.
If you've had your cards for awhile, you probably know which ones make things easy if there's a problem, and which ones don't.
Guess which one you reach for if you're shopping online?
"It's important to get a credit card that is not going to give you a hard time when you report fraud," says Frank
Check out the site you where you want to make the purchases, too.
Jay Foley, principal partner for ID Theft Info Source, goes to a online search engine and looks up the name of the company and product. "I get the good and the bad so I can make an informed decision," he says. "The second thing I like to do is check with the Better Business Bureau in the area where the company is located. Are they getting a lot of complaints: yes or no?"
And, "if I put in the name of company and product and don't find anything on the Internet, I don't buy," he says.
That's one of the advantages to our information age," Foley says. "Information is at our fingertips. All we have to do is search."
3. Actively seek security.
If the Web page where you check out and share your card information doesn't have an address that begins with "https," "it's probably not safe to use a credit card," says Peter Eckersley, technology projects director with the Electronic Frontier Foundation.
Other signs that signal the level of security you want for card use: a padlock or VeriSign insignia at the bottom of the page. Both indicate that the site is using encryption to protect your data, says Hillary Mendelsohn, author of "thepurplebook" series of shopping guides and founder of thepurplebook.com.
Depending on your browser and level of technical comfort, you can also use free software such as "No Script" (designed to block malicious script), and "HTTPS Everywhere" (which facilitates encryption between your computer and the websites where you shop), says Eckersley.
And if you're using your card at a wider array of locations for holiday shopping, this is the time you want to use your card issuer's online services to monitor that account. It takes only minutes, and if there are any unauthorized charges, you'll spot them early.
4. Think twice about buying via WiFi.
When you're buying, "don't go wireless," says Frank. Whenever you're wireless, you're exposed to more vulnerability.
That goes double for public WiFi hotspots, she says.
Another no-no for the security conscious: buying by cellphone, says Frank.
While it's great for browsing and comparison-shopping, when it's time for you to enter card digits and click "buy," consider using a device with secure routers, or opt for land line phones, she says.
Other must-haves for computers you're using for online shopping: a secure firewall and up-to-date anti-virus and anti-spyware software, she says.
Another smart avoid with card numbers and personal details: public and semi-public computers, where other people have regular access to the machines.
5. Understand what information sites need -- and what they don't.
If you're buying something online, there are four things they should ask you for: the full credit card number, the expiration date and the three- or four-digit security code and, possibly, a shipping address, says Mendelsohn.
Don't ever put your credit card number in an email. If the retailer did have a problem with your order, they'd ask you to call or return to the site.
|-- Hillary Mendelsohn
Author, "thepurplebook" shopping guides
"There's no situation where they should ask you for a Social Security number, the last four digits of a Social Security number or anything else," she says.
If you later get an email claiming there's been a problem with your order and requesting that you email your card number, treat it like the scam it probably is, she says. "Don't ever put your credit card number in an email," Mendelsohn warns. "If the retailer did have a problem with your order, they'd ask you to call or return to the site."
Independently verify those phone numbers and website addresses. Especially at the holidays when phishing is rampant, you never want to use the contact information sent in an email.
6. Don't store your card information on the website.
Obvious, maybe. But not always for the reasons you'd think.
Sure, you don't want hackers to get your information and use it without your permission. But you also don't want to make surfing and shopping too easy for teens, co-workers or anyone else who has access to your computer, says Linda Sherry, director of national priorities for Consumer Action.
Short-circuit this. When your computer asks if it should "remember" your site password automatically, the answer is "no." You may have to uncheck a box to do this. Similarly, as you're making a purchase, the site itself will likely ask if it should remember your card information for future purchases. Again: no.
The last thing you want: one-click shopping that includes access to the site, complete with your stored card information, says Sherry.
While it's easy to prove unauthorized use if someone uses your card to buy airline tickets from Eastern Europe, it's a lot harder to make a case if the offender orders a new gaming system and has it delivered directly to your home or office.
7. Avoid using debit cards online.
If you're the victim of fraud or theft with a debit card, "the money is siphoned out of your account immediately," says Frank. Depending on the bank, the money could remain in limbo during the subsequent fraud investigation, she says.
The other rub: "With debit cards, you're not protected by the same laws that protect credit cards," she says.
Even when online shopping involves using an intermediary, such as PayPal or BillMeLater, it's smart to fund it with a credit card instead of a debit card just in case you have a dispute or problem, Mendelsohn advises.
8. Consider using a virtual or 'disposable' credit card number.
When are you using your card but not sharing your card number? When you're using a virtual, temporary or one-time use card number.
Your card issuer gives you an alternate number to use when you checkout online. The disposable number still links to your account and your purchases will appear on your card bill.
But since the number is good for a limited time or with only one merchant, a scammer who comes across it later is less likely to be able to use it.
While disposable numbers are not available with every credit card, it's something that a number of the major issuers are offering, says Steve Kenneally, vice president of the American Bankers Association.
Adds Kenneally, It's "one more tool" for consumers to use to safeguard their card information when shopping online.
- FAQs on Costco Anywhere Visa card by Citi – Costco switched card partner from American Express to Visa in June 2016. We answer the most-common reader questions about Citi's Costco Anywhere Visa card ...
- Beacons expanding beyond big retailers, restaurants – Geolocation technology sends coupons and info to people in shops, hotels and even waiting for a bus ...
- 4 creative ways people cut their spending – Hiding your cards, using only cash are just two ways to limit your purchases and debt ...