Safe online shopping? How to recognize a trustworthy vendor

You’ve finally found it — the one gizmo or gadget that will complete you. And lucky you, you’ve found the best possible price online! But are you really sure you want to hit “confirm” on that order page?

Online shopping has become as natural as breathing for some people, and it’s easy to see why. The convenience of staying at home while you shop, and having the ability to instantly cross-reference price points can’t be overstated.

But an increase in popularity doesn’t erase the large number of risks that exist out on the Internet. The reality is that even shopping in brick and mortar stores carries a risk: huge retailers like Target and Home Depot have had notorious data breaches in recent years that have affected thousands of shoppers. The difference is, you have the option to pay cash when you leave your home to go shopping — the age-old form of payment that can keep our spending habits anonymous. But you usually don’t have that option when shopping online, so everything you do leaves a trace.

But how did this happen to me?

Identity theft is a huge problem on the internet. You may have already experienced having to get a new credit or debit card. It’s a major headache to find out that someone has been running up your limit in a city 300 miles away. But did you ever stop to think how internet thieves got a hold of your information to begin with?


Stolen credit cards are sold on the black market — don’t let this be yours!

As you can see here, people are selling credit cards on the black market. While we won’t sink so low as to buy the card to confirm if it’s legitimate or not, you can see that there is a market for your stolen credit card information. This may have been how your credit card information was compromised!

All it takes is an insecure payment page or a data breach of a vendor that is holding onto your payment information. There’s no room to be even the slightest bit careless in this crazy world.

Online vendors don’t always have your best interest in mind

Over 900 million people in China currently use online banking, and some estimates report that by 2020 there will be about 450 billion transactions on the internet daily.

Whether through ignorance or negligence, some online vendors don’t have the right practices in place to protect your financial and personal information. They know that people will spend money on their products anyway, so why bother? Our CEO, Christian Mairoll, told us a horror story about vendors asking for credit card information through unencrypted emails!

There are a number of other things that novice vendors might do that compromise your payment information. But more often than not, it’s what they don’t do that can really put you in a bind. Study the information below and you’ll have a much better sense of what standards you should have for any vendor you do business with, as well as what payment options are optimal for privacy.

How secure is your online payment method?

Different payment options are more or less popular in different parts of the world, 
and often times what our friends, co-workers, and families are using influences our own decisions. Not only that, but limits on what forms of payment vendors will accept also sets the boundaries for these choices. The following payment options are popularly used around the world for online shopping:


Screen Shot 2015-07-23 at 1.50.52 PMPayPal is an international online payment service provided by a U.S.-based company. It’s one of the most popular payment options made available by online vendors after credit and debit cards.

Pros – Paypal isn’t new to the online shopping scene, and as a result it’s a trusted option for many consumers. They are one of the first to use the tokenization technology to help you keep your financial information private, even from vendors. Tokenization is the process of substituting sensitive data with a non-sensitive replacement, or a “token.”  PayPal allows easy chargebacks in case of fraud. There is a relatively simple process of disputes compared to other methods, which is why you should prefer PayPal over credit card if a vendor offers both options.

Cons – Many vendors are unhappy with the fees that PayPal charges them. But never fear, the customer is not charged extra for using their services. PayPal may also be eclipsed by other forms of payment in the future, like Google Wallet, Apple Pay, and Skrill, which all use tokenization technology.

Credit Card

29623190_sCredit cards have been around for decades and are very strong forms of payment depending on what part of the world you live in. They are almost universally accepted with online merchants. If you have a credit card with a major company, you’re card is likely to have fraud protection which makes it a lot easier to deal with in the case of identity theft.

Pros – Credit cards are accepted by the vast majority of vendors online. If you already own a credit card, then you don’t have to worry about creating a new account with a web-based form of payment (like PayPal). Additionally, if your information is stolen, you can work with your credit company to cancel and replace your card. Credit cards can also provide certain reward benefits that can cut your shopping costs (if you don’t accumulate debt, of course).

Cons – There is no tokenization process when you use a credit card directly to purchase something online. Therefore, you are putting very sensitive information out there and therefore it’s good to limit this payment method to companies you really trust are secure.

Debit Card

Debit cards look and act like credit cards, but are generally attached to a bank account and are not based on credit. They are simply a plastic substitute for cash, which is useful for the pragmatic and spending conscious shopper.

Pros – The process of tracking your payments and finances is much easier with a debit card. Additionally if you use a prepaid debit card, the amount of damage that can be done is limited (since prepaid cards are not tied to a bank account, but rather a fixed amount of cash like a gift card).

Cons – If your debit card is stolen, it’s much harder to get your money back if the thief goes on a reckless spending spree. While this is being remedied by some institutions, using a form of payment that is directly tied to your bank account is unwise unless you are using a very reputable merchant.

What a legitimate (and safe) vendor looks like

Don’t be fooled by a pretty website

Just because a vendor has a nice website, that doesn’t mean the vendor is keeping your financial information safe from digital thieves. In fact, they might even be fraudulent themselves!

It’s incredibly easy to set up a good website nowadays. Sites like Strinkingly, Foursquare, and even WordPress make it so that you can set up an attractive website in under an hour with no coding knowledge whatsoever. Additionally, the increase of freelancing sites means that anyone can easily hire a worker to create them an attractive looking page, even if it doesn’t actually have any of the proper safety features to support shopping online.

Phishing sites are also a big issue. These are created when a crook steals the source code of a website and uses it to create another identical website. So double check the URL before sharing your information – to make sure you’re dealing with a legitimate vendor and not a copycat.

pasted image 0 (1)

Clicking “view page source” is all a scam artist needs to do to create a phishing site.

The truth: Online vendors want to get your money, and many of them don’t care to do it the right way because they want easy money fast.

The 6 signs of a secure vendor

A safe vendor will communicate to its customers on its website or through customer support how they keep personal information safe from harm’s way. Although there is no way to keep private information perfectly safe online, there are a few standards that a good vendor will adhere to.

1. Has a secure website

Unfortunately there are a lot of fake vendors out there just waiting for you to visit their website so that they can infect your computer with malware or steal your personal information. Don’t use an etailer just because they have the lowest price! Find a good phishing filter for your browser of choice, and avoid shopping at any sites that trigger a warning. Then immediately run your Emsisoft scanner to detect any malware that could have made its way onto your system!

2. Utilizes Secure Sockets Layer technology (SSL)


Look for the lock symbol.

SSL is another baseline requirement for secure online shopping. This technology establishes an encrypted connection between a website and your browser. This secure connection helps keep personal information safe, and any vendor that is collecting your credit card information should have an SSL certificate. This is very standard for online vendors, and it is usually represented with a little lock icon situated before the site URL.

SSL alone will not protect you from all threats, and you should learn about infamous vulnerabilities on our blog.

3. Never asks for more information than necessary

It’s true that vendors have to ask for very personal information in order to process and ship your order, but there is a limit to what they should require you to disclose. Never trust a merchant that asks for an employee ID number, social security number, bank account number (this may be safe with Amazon or PayPal, but you should hesitate to give this number directly to a vendor), salary or tax information, or anything that may identify your family or friends.

4. Subscribes to safety certifications

If you want to be extra secure when it comes to shopping online, it may be worth it to invest a little time and research into the standards your merchant has in place to handle your private information. You may find that many vendors outsource this part of their business to safety experts.

cb-logoFor example, here at Emsisoft we don’t process our own customers’ payment information. Instead this is handled by Cleverbridge. Cleverbridge is certified with Safe Harbor, a commerce framework that was developed by the U.S. Department of Commerce.

Additionally, most secure vendors comply to payment card industry data security standard (or PCI DSS). PCI DSS is a standard put forth by the Payment Card Industry Security Standards Council, which was formed in 2006 by American Express, MasterCard, Discover Financial Services, JCB and Visa International.

The PCI DSS has 12 requirements for compliance, which includes regular testing of security systems, encrypting transmission of cardholder data, and maintaining a firewall configuration among other things. If you are unsure of how a vendor stores data and keeps customer information safe, it’s best to send an email and check to see if they are PCI DSS compliant or certified.

While a certification does not mean that the vendor is completely safe with your information, it does mean that there are some standards and protocols in place to prevent a data breach, as well as to minimize damage in the event of one. Consider reading the privacy policy of your merchant of choice to get a sense of the type of systems they have in place.

5. Has trusted site seals

192071-BBB-LogoThere are a number of trust seals that can give a good indication on a vendor’s trustworthiness. Which one to look for depends on your location.

For example, in Europe the Trusted Shops awards certified shops with a European trustmark to allow customers to shop online with confidence. Every shop that gets this trustmark has been screened thoroughly on a number of criteria, including buyer protection.

The TRUSTe seal is another commonly used seal for online stores that focuses on privacy protection. TRUSTe assesses, monitors, and certifies websites, mobile apps, websites_0912141cloud, and advertising channels to allow companies “to safely collect and use customer data to power their business”. Additional site seals are the Better Business Bureau (US) and the “Norton Secured” badge.

6. Has happy customers

Certifications are not the only way to know whether a vendor is trustworthy or not. Checking a merchant’s reputation is very easy online, and it can make a huge difference in maintaining your privacy.

Go to your search engine of choice and type in <vendor> review, or <vendor> experience. Make sure to read reviews from about a dozen different sites if possible, because review sites can be fraudulent as well! Sometimes fake reviews and sites are created to support scam vendors, so be wary if all reviews are unrealistically perfect. 

Online shopping safety checklist

Knowing that vendors are responsible for your privacy may have you feeling powerless and overwhelmed. But if you follow the list of safety guidelines below, you’ll greatly reduce your chances of financial fraud:

You can never completely protect your information online unless you avoid the web entirely! This is obviously an extreme measure and we don’t recommend it. Instead, we recommend making informed choices about what payment options you use online, what information you choose to share, and which merchants you do business with.

The online shopping landscape will continue to change, and the specific requirements and standards for a safe vendor will as well. But something that won’t change is that there will always be someone trying to get a hold of your money. So be vigilant and stay educated, and you’ll remain ahead of the curve.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great, theft-free day!

Arief Prabowo

What to read next