At $100, the laptop you just found online makes for an amazing deal. Good thing you finally left those big retail Web sites and searched on smaller ones whose domain names you’ve never heard of. Otherwise, you would have never discovered this incredible price.
The Web site itself looks legitimate, too. Its checkout page has legal disclaimers and asks for the usual billing and shipping information. It says it’s secure.
But is it?
If you don’t know from whom you’re buying, and are simply praying for good luck after sending your payment over the Web, you’re setting yourself up — and not just for losing money. You’re risking your personal information, and it’s time for a rude reality check.
It makes sense that security is not always a bedfellow of convenience. Open 24 hours a day from anywhere in the world, online shopping sites entice consumers with an array of come-ons such as free shipping, comparison pricing, bargain deals and extra security features. Saving gas, and being able to shop on your schedule, adds more to the online shopping appeal.
Yet, the question remains for the leery: Can online shopping be done safely?
The Internet security experts we spoke with say “yes” — on the condition that consumers abide by some basic safety tips.
1. Bigger names equal better protection.
Stickley, who knows firsthand how easily sensitive information is stolen, says that if a deal sounds too good to be true — say, $20 for an iPod Nano — it probably is. What’s worse, it’s probably an attempt to trick you into giving out personal information.
Steven Branigan, founder and president of CyanLine and author of “High Tech Crimes Revealed” agrees and says that it’s good to know the site you’re going to, such as the bigger sites like Amazon.com. “These sites put their name on the line.”
On the other hand, the fear factor hurts smaller merchants who might have better deals.
One comparison shopping site, buysafeshopping.com, solves both problems by bonding qualified merchants for up to $25,000 with Liberty Mutual, Travelers and ACE USA. BuySAFE puts merchants through a screening process to verify the merchant’s identity, online sales experience and ability to deliver the purchased items. If a retailer passes that process, buySAFE is willing to stand behind them with its purse, says Jeff Grass, CEO and president, and Rob Caskey, senior director of buyer marketing.
2. When in doubt, check them out.
“If they don’t list phone numbers and only have an e-mail address, that’s a huge red flag,” Stickley says. “Call the phone number and see if it goes to voice mail. Anyone can have voice mail set up.”
Bottom line: If you can’t get a human being on the phone or don’t like what you’re hearing, go shopping somewhere else.
|— Updated: Nov. 7, 2006|
3. Encryption doesn’t equal security.
If you don’t see either of these “locked” icons or a change in the URL, log out and shop elsewhere, says Ingram. The reason: “You can’t be sure the site has a secure server, and you shouldn’t take that risk,” says Ingram.
Here’s one tell-tale sign that you’ve entered a scammer’s site: If you ever see numbers at the beginning of the URL, such as http://email@example.com%6AD%, it’s probably a scam, says Stickley.
Even if you see a proof of encryption, such as the plural URL, you shouldn’t equate that with the site’s trustworthiness.
4. When sharing is a bad thing.
The danger is that hackers can insert a keylogger into the back of the keyboard, a device that looks like a harmless adapter. This monitoring device captures everything you type before it’s encrypted. Sometimes installed as software, the device can be hard to detect. The best thing to do is avoid shared computers when typing sensitive information.
5. Pay with a credit card.
We got a resounding answer from the experts: Credit cards are the safest method for online purchases.
“The last thing you want to use is a debit card,” Stickley says. “Most credit cards have protection on them — if someone rips you off, you can dispute the charge. Debit cards pull money right from your bank account. It can take months to get your money back, if you ever see it again.”
The beauty of using a credit card is that it’s not just your money on the line — it’s the creditor’s money, too. “If you have a problem with your transaction, the credit card company will go to bat for you to resolve it,” says Ingram.
According to the Federal Trade Commission, federal law limits your liability to $50 in charges, should someone use your credit card fraudulently.
|— Updated: Nov. 7, 2006|
Another option is making purchases through a third-party escrow service such as PayPal. Paypal Buyer Protection covers qualifying eBay purchases for up to $1,000 at no additional cost to buyers, helping to guarantee your purchase.
After any sale, be sure to print and save all of your receipts and e-mail confirmations in case of a dispute.
Discover Card says since they first offered secure online account numbers they’ve “had no incidences of credit card fraud or identity theft in situations where hacking has occurred.”
By providing merchants with a special credit card number instead of your real number, your actual Discover account number is never exposed to scammers. Check with your credit card company to see if they offer this type of security feature.
Another security feature on the horizon is a one-time-use password token. The technology has been developed, but it’s not in widespread use yet. To protect yourself, be wise in your choice of passwords. Use a combination of letters and numbers difficult to guess, says Chris Young, senior vice president and general manager of the consumer solutions division at RSA Security, a company that has developed password tokens. Don’t use a word or number someone else could figure out, such as your birthday or dog’s name. Change your password frequently.
6. Suspect the suspicious.
“This combination can give people enough information to start applying for new credit cards in your name,” Branigan says. What’s scarier is the ease with which driver’s licenses can be purchased overseas — they can be purchased for as little as $100. If that scares you, remember a simple rule of thumb: If anything seems suspicious, call the company and ask questions.
Also be wary of sending out credit card information via e-mail or instant messaging, says Branigan. Neither is encrypted. Copies can remain on your mail server as well as theirs. Since you can’t control who’s looking at your information, stick to the site’s secure transaction page.
The final word
People should be aware that as long as they are dealing with reputable companies, online transactions are far more secure than the face-to-face transactions people perform every day, says Stickley.
Online transactions eliminate the middle man, such as the waiter who processes your credit card payment, so there are less people who physically see your private information.
Consumers who research companies before making purchases, watch for warning signs of fraud, use credit cards for purchases and keep receipts should be relatively safe.
“They can be absolutely as confident as physically shopping in a store,” says Branigan.
|— Updated: Nov. 7, 2006|