Online shopping during the upcoming holiday season is expected to grow from last year, with one survey indicating 69 percent of respondents will be purchasing holiday gifts online, up from 64 percent in 2009.1 Faster Internet access speeds, coupled with enhanced functionality and deployment of mobile devices are just a few factors that may contribute to consumers' increased use of the Internet for holiday shopping. Before going online, however, it's important to understand the potential security risks and what precautions to take.
The following tips are provided to help consumers stay safe while shopping online using their personal computing device:
Secure your computer.
Make sure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and are receiving automatic updates from the vendor. If you haven’t already done so, install a firewall before you begin your online shopping.
Upgrade your browser.
Upgrade your Internet browser to the most recent version available. Review the browser’s security settings. Apply the highest level of security available that still gives you the functionality you need.
Secure your transactions.
Look for the "lock" icon on the browser's status bar and be sure “https” appears in the website’s address bar before making an online purchase. The "s" stands for "secure” and indicates that the communication with the webpage is encrypted. Also look for a broken key symbol indicating a non-secure connection. Some browsers can be set to warn the user if they are submitting information that is not encrypted.
Be wary of potential scams.
If the online offer sounds too good to be true, it probably is. Cyber criminals will look to take advantage of the volume of online shoppers to temp users to fall prey to online scams.
Use strong passwords.
Create strong passwords for online accounts. Use at least eight characters, with numbers, special characters, and upper and lower case letters. Don’t use the same passwords for online shopping websites that you use for logging onto your bank, home or work computer. Never share your login information with anyone.
Do not e-mail sensitive data.
Never e-mail credit card or other financial/sensitive information. E-mail is like sending a postcard and other people have the potential to read it. Beware of emails requesting account or purchase information. Delete these emails. Legitimate businesses don’t solicit information through email.
Ignore pop-up messages.
Set your browser to block pop-up messages. If you do receive one, click on the "X" at the top right corner of the title bar to close the pop-up message.
Do not use public computers or public wireless to conduct transactions.
Don’t use public computers or public wireless connections for your online shopping. Public computers could potentially contain malicious software that steals your credit card information when you place your order. Criminals could be monitoring public wireless networks for credit card numbers and other confidential information.
Review privacy policies.
Make payments securely.
Pay by credit card rather than debit card. Credit/charge card transactions are protected by the Fair Credit Billing Act. Cardholders are typically only liable for the first $50 in unauthorized charges. If online criminals obtain your debit card information they have the potential to empty your bank account.
Use temporary account authorizations.
Some credit card companies offer virtual or temporary credit card numbers. This service gives you a temporary account number for online transactions. These numbers are issued for a short period of time and cannot be used after that period.
Select merchants carefully.
Limit your online shopping to merchants you trust. Confirm the online seller's physical address and phone number beforehand. If you have problems, concerns, or questions regarding a merchant, check with the Better Business Bureau or the Federal Trade Commission. Don’t forget to review merchant’s return policies to avoid product return issues.
Keep a record.
Keep a record of your online transactions, including the product description and price, the online receipt, and copies of every e-mail you send or receive from the seller. Review your credit card and bank statements for unauthorized charges.
What to do if you encounter problems with an online shopping site:
If you have problems shopping online, contact the seller or site operator directly. If those attempts are not successful, you may wish to contact the following entities:
- the Attorney General's office in your state (www.naag.org)
- your county or state consumer protection agency
- the Better Business Bureau at: www.bbb.org
- the Federal Trade Commission at: www.ftc.gov
For additional information about safe online shopping, please visit the following sites:
For more information, please visit the monthly cyber security newsletter tips at:
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. Organizations have permission--and in fact are encouraged--to brand and redistribute this newsletter in whole for educational, non-commercial purposes.