If you’ve never purchased an item online before, you are in the extreme minority. In 2017, a study on the online retail habits of US consumers showed that 40% of Americans with the Internet purchase items online at least a few times a month, with 20% saying they do the same on a weekly basis.

It’s not just the United States that’s in love with online shopping. Worldwide retail e-commerce sales will hit an estimated $2.84 billion in 2018. That’s nothing compared to the future projection of $4.88 billion in 2021, a 72% increase in three years’ time.

Of course, with every new leap forward in technology comes the intent of someone to exploit that technology for their gain. According to a story from CNBC, consumer fraud reached $16 billion in the US in 2016. There were 15.4 million victims of some form of identity theft.

The three most prominent points of attack were:

  •    Online/smartphone transactions where the cardholder does not need to present their actual card – up 40% from 2015.
  •    Account takeover fraud – where thieves steal passwords and usernames to access an account – up 31% from 2015.
  •    Opening new accounts in a consumer’s name – up 20% from 2015.


When you enter your debit or credit card number into a website’s pay field, there’s a lot at stake. To protect your identity and your hard-earned money, here are five tips that can promote a much safer experience when you shop online.

Don’t Use Your Debit Card

Debit cards are one of the most convenient inventions of the last three decades. No more withdrawing cash from the bank, no more writing checks at the grocery store. All we do is swipe (or insert), and the funds disappear from our bank account. That’s all well and good when you’re standing at the counter of a restaurant.

However, when you’re paying for an item online, you’re putting a whole lot of trust into that website to not ‘spill the cup’ and let your account information spill out all over the Internet. If that happens and a criminal gets access to your checking and savings accounts, they can drain that money rapidly before you even notice it’s gone. Most credit card companies have fail safes in place that trigger queries to you when a suspicious activity, such as large purchases or frequent purchases in a short amount of time or from one specific vendor appears.

Similarly, credit card companies are much more adept at canceling a compromised card. Credit card companies have a simple process of challenging fraudulent charges. Plus, unauthorized charges on a credit card are a nuisance, while unauthorized charges on your bank account can leave you without the funds to pay your bills or buy groceries until the bank resolves the matter.

Only Buy from SSL Data Encrypted Websites

Ever notice that little padlock icon next to the web address bar when you click on a website? If the word “Secure” is there in green type and the padlock is shut, you’re golden. That combination of icon and text means that the website in question is using Secure Socket Layer (SSL) data encryption.

In simpler terms, SSL is a security measure that creates encrypted links between the web server and your Internet browser. Seeing this symbol means the company is serious about protecting your data (and its own) during financial transactions.

Securing an SSL connection is a multi-level task that creation of an SSL certificate along with two cryptographic keys. These items comprise a Certificate Signing Request (CSR) which you submit to the resident Certification Authority (CA) for validation. If you buy from a website without SSL data encryption, any hacker with a small amount of skill can intercept all of the data you are sending to a site, including your debit or credit card information.

Unique Passwords

Do you have password fatigue? Is it agonizing to have to remember all the different combinations of letters, numerals, capitals, and symbols that comprise your various user accounts spread across the Internet? Good! That means you’re doing your part to keep cybercriminals from easily accessing your accounts without setting off any alarm bells.

If you have multiple subscriptions or accounts on websites using the same payment system, multiple login and password combinations will keep a hacker from hacking all of your accounts if they uncover one login/password combination. To be even more safe with passwords, consider only doing your shopping from a computer that stays in your home all the time – like a desktop.

Laptops, tablets, and smartphones are easily lost or stolen while we’re on the go, and all it takes is bypassing that first screen to gain access to every single saved password in your possession. According to a study by Kensington, a laptop is stolen once every 53 seconds in the US, meaning nearly 600,000 a year. Meanwhile, 70 million smartphones are lost or stolen each year, with a scant 7% recovered by the original owner.

Avoid Copycat Websites

When Equifax came clean and revealed its huge data breach in 2017. It was getting so many requests from customers on what to do next, it linked to a website –  EquifaxSecurity2017.com – for answers. The problem was that this website did not belong to Equifax, but rather was created in half an hour by a software engineer named Nick Sweeting for the purpose of showing consumers how lax Equifax’s security was and how easy it is to create a reputable looking website from scratch.

While Sweeting’s intentions were informative, most people who create fake sites have different motivations in mind; namely, ripping off consumers. Fake websites are so prevalent that the Better Business Bureau has constructed a five-point checklist to help consumers avoid them.

  1. Don’t trust a familiar logo as they are easily copied.
  2. Look for fake or no contact information. If there is no actual location of a store or company, that should be a red flag. If their contact email address is not the same as the company’s domain, it’s most likely fake.
  3. Check the URLs. The URL given might not be the same one you’re being directed to. You might try copy/pasting the URL into a word document to see its true nature, or pasting it into Google’s search bar to see if it’s been labeled as a scam.
  4. Make sure you’re going to an HTTPS site. The ‘S’ means there’s secure encryption in place for your transmitted information. If it’s only an HTTP site, don’t pass on any personal data.
  5. If it’s too good to be true, it probably is. Apple didn’t just randomly decide to give you a $2,000 gift card for being a good customer, and Discover hasn’t decided to knock $5,000 off your balance. If an offer like that comes into your inbox, go to the true site (i.e., Discover.com) to determine if it’s real or not. If it’s fake, make sure you report it to the company being spoofed.

Virtual Private Networks (VPNs)

If you’re a regular at Starbuck’s for their pastries, lattes, and free Wi-Fi, you probably are accustomed to that warning your device serves up about this being a public connection. Plenty of public hotspots offer little or nothing in the way of data encryption, but that doesn’t mean you can’t do it for yourself. Purchasing a membership to a VPN, usually less than $15/month, gets you about as secure a connection as possible.

A VPN provides a shielded ‘tunnel’ from your device to a server located in a remote location. All data passing through this tunnel is encrypted and not visible to anyone else. Once the data reaches the remote server, it’s decrypted and sent on to the website of your choice.

The same process happens on the way back, whatever information you request from the Internet is first sent to the remote server, encrypted, then passes through the VPN tunnel back to your device for decryption.


About the Author

Nikki is a CERTIFIED FINANCIAL PLANNER™ professional, and active stock market investor. She is the founder of She Talks Finance, a personal finance initiative for women. She also specializes in helping traders and investors improve their mental game.