Online shopping is a godsend to busy consumers; grand entertainment for the homebound; and — sometimes — frightening to those who’ve experienced identity theft.
More than 92 million people made online purchases last year using credit cards, debit cards and services like PayPal and Google Checkout. To use a few football metaphors, the vast majority of online shoppers crossed the goal line without a problem. Some, however, were sacked on the one-yard line by identity thieves. People in banks with MBAs in fraud management are scrutinizing fraud claims more closely so make sure you have all the details before calling.
Any grid-iron fan knows a good defense makes for a great offense, so here’s a rundown on the risks and solutions associated with the most popular ways to pay online.
1. Encryption URLs
The most obvious way to identify a safe site is to look for an “https” URL, as opposed to a simple “http” URL. That extra “S” indicates security, meaning digital transmissions from the site are being encrypted.
2. Logos or Seals
Security providers like VeriSign and McAfee indicate a site is protected by a specific company. Verify the seal’s legitimacy by clicking on it. A live link should take you to the security-service’s verification page. Security seals, however, are just a starting point, not a guarantee. Nor does the lack of a seal mean a site is necessarily risky.
3. Spam Links
Don’t click on links embedded in spam e-mails. If you’re suspicious of a site, run its name through a search engine and see if there are complaints from other shoppers. Even if this search indicates a link is safe, copy and paste the link into a new browser window (not tab). If the email doesn’t reveal the URL, right click on the link, select “Copy Link Location” and paste the URL into a new window.
4. Pop Ups
Back off if you get a pop-up or other warning indicating something is wrong with a site’s SSL certificate. (This does not include pop-up ads, although you should set your browser to block unwanted pop-ups.) Professional, well-designed sites don’t usually have expired certificates or other problems.
5. Green Bar
Shady sites can use encryption so also check the address bar for a bit of green or the site-owner’s name written in green. The green indicates the site has been vetted, belongs to a legitimate company and isn’t a phishing site. You will certainly see green on larger e-commerce sites and on bank sites.
Recent versions of major browsers all use green in some way to indicate the existence of another layer of security known as an “extended validation SSL certificate.”
None of this encryption will help you if you’re computer is infected with keylogger malware. This scam downloads software without your permission that captures your keystrokes and screen images and sends them to hackers. Your only real line of defense is to use qualified security software and regularly install all recommended updates.
7. Tab Napping
Based on the term kidnapping, tab napping refers to stealing your banking information and preys upon those who open lots of tabs on their browser at the same time.
8. Password Management Software
Store the login and personal data used in Web forms in an encrypted place on your computer with password management software. You can then safely enter this sensitive data onto Web site forms without retyping it each time.
9. One-Time Cards
For extra protection, consider using one-time credit card numbers that you can often set up with your card provider. WalletPop explains in more detail how this works.
10. Use a Credit Card
Under the Truth in Lending Act, your maximum liability for unauthorized use of their credit card is only $50. Use your card for online purchases and your liability is a big, fat zero. Report fraud quickly and banks typically will rapidly reverse the charges. In these tight times, however, banks are scrutinizing fraud claims more closely so make sure you have all the details before calling.
11. Use Your Debit Card as a Credit Card
Debit cards are a bit riskier as these transactions draw directly from your bank account and are subject to a different federal law. The Electronic Fund Transfer Act provides considerable protection from liability, but the level of protection diminishes as time passes. Happily, most debit cards also can be used as credit cards, providing you with more protection.
It’s important to report unauthorized debit-card charges within two business days of discovering the problem so your liability is limited to $50 offline and zero for online transactions. Report the loss within 60 days of the date your bank sent the statement listing the bogus transactions, your liability is capped at $500 for offline transactions and remains zero online.
If you miss those deadlines, however, your liability could be unlimited. (See this New York Times article for more information.)
12. Payment Services
PayPal, Google Checkout and BillMeLater offer some useful additional security because you entrust your sensitive account information to just one company — not to every online store you patronize.
This is particularly useful if you frequently buy from eBay, Etsy.com or little-known merchants that likely don’t have top-notch Web defenses. Fraudulent use of payment-service accounts, however, may be harder to prove and get your money back than if you use a credit card.
# # #
FreeShipping.org is the Internet’s premiere destination for online shoppers to find free shipping deals offered by more than 1,350 online retailers, including Victoria’s Secret, Target, Bloomingdale’s, Kohl’s, Sears, Best Buy, Old Navy, Nordstrom and Macy’s. For more information, visit www.freeshipping.org.