You’ve finally found it — the one gizmo or gadget that will complete you. And lucky you, you’ve found the best possible price online! But are you really sure you want to hit “confirm” on that order page?
Online shopping has become as natural as breathing for some people, and it’s easy to see why. The convenience of staying at home while you shop, and having the ability to instantly cross-reference price points can’t be overstated.
But an increase in popularity doesn’t erase the large number of risks that exist out on the Internet. The reality is that even shopping in brick and mortar stores carries a risk: huge retailers like Target and Home Depot have had notorious data breaches in recent years that have affected thousands of shoppers. The difference is, you have the option to pay cash when you leave your home to go shopping — the age-old form of payment that can keep our spending habits anonymous. But you usually don’t have that option when shopping online, so everything you do leaves a trace.
But how did this happen to me?
Identity theft is a huge problem on the internet. You may have already experienced having to get a new credit or debit card. It’s a major headache to find out that someone has been running up your limit in a city 300 miles away. But did you ever stop to think how internet thieves got a hold of your information to begin with?
As you can see here, people are selling credit cards on the black market. While we won’t sink so low as to buy the card to confirm if it’s legitimate or not, you can see that there is a market for your stolen credit card information. This may have been how your credit card information was compromised!
All it takes is an insecure payment page or a data breach of a vendor that is holding onto your payment information. There’s no room to be even the slightest bit careless in this crazy world.
Online vendors don’t always have your best interest in mind
Over 900 million people in China currently use online banking, and some estimates report that by 2020 there will be about 450 billion transactions on the internet daily.
Whether through ignorance or negligence, some online vendors don’t have the right practices in place to protect your financial and personal information. They know that people will spend money on their products anyway, so why bother? Our CEO, Christian Mairoll, told us a horror story about vendors asking for credit card information through unencrypted emails!
There are a number of other things that novice vendors might do that compromise your payment information. But more often than not, it’s what they don’t do that can really put you in a bind. Study the information below and you’ll have a much better sense of what standards you should have for any vendor you do business with, as well as what payment options are optimal for privacy.
How secure is your online payment method?
Different payment options are more or less popular in different parts of the world, and often times what our friends, co-workers, and families are using influences our own decisions. Not only that, but limits on what forms of payment vendors will accept also sets the boundaries for these choices. The following payment options are popularly used around the world for online shopping:
PayPal is an international online payment service provided by a U.S.-based company. It’s one of the most popular payment options made available by online vendors after credit and debit cards.
Pros – Paypal isn’t new to the online shopping scene, and as a result it’s a trusted option for many consumers. They are one of the first to use the tokenization technology to help you keep your financial information private, even from vendors. Tokenization is the process of substituting sensitive data with a non-sensitive replacement, or a “token.” PayPal allows easy chargebacks in case of fraud. There is a relatively simple process of disputes compared to other methods, which is why you should prefer PayPal over credit card if a vendor offers both options.
Cons – Many vendors are unhappy with the fees that PayPal charges them. But never fear, the customer is not charged extra for using their services. PayPal may also be eclipsed by other forms of payment in the future, like Google Wallet, Apple Pay, and Skrill, which all use tokenization technology.
Credit cards have been around for decades and are very strong forms of payment depending on what part of the world you live in. They are almost universally accepted with online merchants. If you have a credit card with a major company, you’re card is likely to have fraud protection which makes it a lot easier to deal with in the case of identity theft.
Pros – Credit cards are accepted by the vast majority of vendors online. If you already own a credit card, then you don’t have to worry about creating a new account with a web-based form of payment (like PayPal). Additionally, if your information is stolen, you can work with your credit company to cancel and replace your card. Credit cards can also provide certain reward benefits that can cut your shopping costs (if you don’t accumulate debt, of course).
Cons – There is no tokenization process when you use a credit card directly to purchase something online. Therefore, you are putting very sensitive information out there and therefore it’s good to limit this payment method to companies you really trust are secure.
Debit cards look and act like credit cards, but are generally attached to a bank account and are not based on credit. They are simply a plastic substitute for cash, which is useful for the pragmatic and spending conscious shopper.
Pros – The process of tracking your payments and finances is much easier with a debit card. Additionally if you use a prepaid debit card, the amount of damage that can be done is limited (since prepaid cards are not tied to a bank account, but rather a fixed amount of cash like a gift card).
Cons – If your debit card is stolen, it’s much harder to get your money back if the thief goes on a reckless spending spree. While this is being remedied by some institutions, using a form of payment that is directly tied to your bank account is unwise unless you are using a very reputable merchant.
What a legitimate (and safe) vendor looks like
Don’t be fooled by a pretty website
Just because a vendor has a nice website, that doesn’t mean the vendor is keeping your financial information safe from digital thieves. In fact, they might even be fraudulent themselves!
It’s incredibly easy to set up a good website nowadays. Sites like Strinkingly, Foursquare, and even WordPress make it so that you can set up an attractive website in under an hour with no coding knowledge whatsoever. Additionally, the increase of freelancing sites means that anyone can easily hire a worker to create them an attractive looking page, even if it doesn’t actually have any of the proper safety features to support shopping online.
Phishing sites are also a big issue. These are created when a crook steals the source code of a website and uses it to create another identical website. So double check the URL before sharing your information – to make sure you’re dealing with a legitimate vendor and not a copycat.
The truth: Online vendors want to get your money, and many of them don’t care to do it the right way because they want easy money fast.
The 6 signs of a secure vendor
A safe vendor will communicate to its customers on its website or through customer support how they keep personal information safe from harm’s way. Although there is no way to keep private information perfectly safe online, there are a few standards that a good vendor will adhere to.
1. Has a secure website
Unfortunately there are a lot of fake vendors out there just waiting for you to visit their website so that they can infect your computer with malware or steal your personal information. Don’t use an etailer just because they have the lowest price! Find a good phishing filter for your browser of choice, and avoid shopping at any sites that trigger a warning. Then immediately run your Emsisoft scanner to detect any malware that could have made its way onto your system!
2. Utilizes Secure Sockets Layer technology (SSL)
SSL is another baseline requirement for secure online shopping. This technology establishes an encrypted connection between a website and your browser. This secure connection helps keep personal information safe, and any vendor that is collecting your credit card information should have an SSL certificate. This is very standard for online vendors, and it is usually represented with a little lock icon situated before the site URL.
SSL alone will not protect you from all threats, and you should learn about infamous vulnerabilities on our blog.
3. Never asks for more information than necessary
It’s true that vendors have to ask for very personal information in order to process and ship your order, but there is a limit to what they should require you to disclose. Never trust a merchant that asks for an employee ID number, social security number, bank account number (this may be safe with Amazon or PayPal, but you should hesitate to give this number directly to a vendor), salary or tax information, or anything that may identify your family or friends.
4. Subscribes to safety certifications
If you want to be extra secure when it comes to shopping online, it may be worth it to invest a little time and research into the standards your merchant has in place to handle your private information. You may find that many vendors outsource this part of their business to safety experts.
For example, here at Emsisoft we don’t process our own customers’ payment information. Instead this is handled by Cleverbridge. Cleverbridge is certified with Safe Harbor, a commerce framework that was developed by the U.S. Department of Commerce.
Additionally, most secure vendors comply to payment card industry data security standard (or PCI DSS). PCI DSS is a standard put forth by the Payment Card Industry Security Standards Council, which was formed in 2006 by American Express, MasterCard, Discover Financial Services, JCB and Visa International.
The PCI DSS has 12 requirements for compliance, which includes regular testing of security systems, encrypting transmission of cardholder data, and maintaining a firewall configuration among other things. If you are unsure of how a vendor stores data and keeps customer information safe, it’s best to send an email and check to see if they are PCI DSS compliant or certified.
5. Has trusted site seals
There are a number of trust seals that can give a good indication on a vendor’s trustworthiness. Which one to look for depends on your location.
For example, in Europe the Trusted Shops awards certified shops with a European trustmark to allow customers to shop online with confidence. Every shop that gets this trustmark has been screened thoroughly on a number of criteria, including buyer protection.
The TRUSTe seal is another commonly used seal for online stores that focuses on privacy protection. TRUSTe assesses, monitors, and certifies websites, mobile apps, cloud, and advertising channels to allow companies “to safely collect and use customer data to power their business”. Additional site seals are the Better Business Bureau (US) and the “Norton Secured” badge.
6. Has happy customers
Certifications are not the only way to know whether a vendor is trustworthy or not. Checking a merchant’s reputation is very easy online, and it can make a huge difference in maintaining your privacy.
Go to your search engine of choice and type in <vendor> review, or <vendor> experience. Make sure to read reviews from about a dozen different sites if possible, because review sites can be fraudulent as well! Sometimes fake reviews and sites are created to support scam vendors, so be wary if all reviews are unrealistically perfect.
Online shopping safety checklist
Knowing that vendors are responsible for your privacy may have you feeling powerless and overwhelmed. But if you follow the list of safety guidelines below, you’ll greatly reduce your chances of financial fraud:
- Keep your social media profiles private if possible, or limit personal information if you choose to keep them public. Credit card thieves will use the information on these sites to fill in the blanks and run up your limits!
- Install appropriate phishing filters and trustworthy anti-malware software.
- According to the Wall Street Journal, small vendors are more likely to experience a data breach. Sometimes big retailers may not have the product you need, so it’s important to be extra vigilant with your research of smaller etailers.
- Spend some time researching before you make a purchase with a new vendor. What are their reputations on review sites? What certifications do they have? What forms of payments do they take?
- Also check a new vendor’s contact details. Make sure that they are consistent with the address the company is registered with.
- Never trust a vendor that asks you for your payment information via email. This is not a secure method, even if the vendor has the best of intentions. Additionally, don’t send money upfront if there is any doubt that the vendor may not deliver.
- Use a cancellation-enabled payment method like PayPal or credit cards. NEVER send cash or check (or wire money upfront)!
- Similarly, avoid using the phone to process your payments if you can. Your information can be stolen this way, and some vendors don’t realize that they need to secure these lines just as rigorously as their online payment forms.
- If you haven’t already, learn what your credit card provider’s policy is on unauthorized charges. The card you use for online shopping should have limited to no liability if your information is stolen.
- Record all the details of your transaction with screencaps, receipt or order confirmation number, and the date. Awareness of your online purchases is critical to recognizing theft when it happens.
- Check credit card accounts online regularly for unauthorized charges however small—you generally have 30 days to report suspicious activity, but this can vary per credit card provider.
You can never completely protect your information online unless you avoid the web entirely! This is obviously an extreme measure and we don’t recommend it. Instead, we recommend making informed choices about what payment options you use online, what information you choose to share, and which merchants you do business with.
The online shopping landscape will continue to change, and the specific requirements and standards for a safe vendor will as well. But something that won’t change is that there will always be someone trying to get a hold of your money. So be vigilant and stay educated, and you’ll remain ahead of the curve.
Emsisoft Endpoint Protection: Award-Winning Security Made SimpleExperience effortless next-gen technology. Start Free Trial
Have a great, theft-free day!