6 tips for safe online shopping

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

At $100, the laptop you just found online makes for an amazing deal. Good thing you finally left those big retail Web sites and searched on smaller ones whose domain names you’ve never heard of. Otherwise, you would have never discovered this incredible price.

The Web site itself looks legitimate, too. Its checkout page has legal disclaimers and asks for the usual billing and shipping information. It says it’s secure.

But is it?

If you don’t know from whom you’re buying, and are simply praying for good luck after sending your payment over the Web, you’re setting yourself up — and not just for losing money. You’re risking your personal information, and it’s time for a rude reality check.

It makes sense that security is not always a bedfellow of convenience. Open 24 hours a day from anywhere in the world, online shopping sites entice consumers with an array of come-ons such as free shipping, comparison pricing, bargain deals and extra security features. Saving gas, and being able to shop on your schedule, adds more to the online shopping appeal.

Yet, the question remains for the leery: Can online shopping be done safely?

The Internet security experts we spoke with say “yes” — on the condition that consumers abide by some basic safety tips.

1. Bigger names equal better protection.
“Go with reputable companies you’ve heard of,” says Jim Stickley, co-founder, CTO and vice president of engineering at TraceSecurity, a company that works with financial institutions to better their network security systems to deter identity thieves.

Stickley, who knows firsthand how easily sensitive information is stolen, says that if a deal sounds too good to be true — say, $20 for an iPod Nano — it probably is. What’s worse, it’s probably an attempt to trick you into giving out personal information.

Steven Branigan, founder and president of CyanLine and author of “High Tech Crimes Revealed” agrees and says that it’s good to know the site you’re going to, such as the bigger sites like Amazon.com. “These sites put their name on the line.”

On the other hand, the fear factor hurts smaller merchants who might have better deals.

One comparison shopping site, buysafeshopping.com, solves both problems by bonding qualified merchants for up to $25,000 with Liberty Mutual, Travelers and ACE USA. BuySAFE puts merchants through a screening process to verify the merchant’s identity, online sales experience and ability to deliver the purchased items. If a retailer passes that process, buySAFE is willing to stand behind them with its purse, says Jeff Grass, CEO and president, and Rob Caskey, senior director of buyer marketing.

2. When in doubt, check them out.
If you go with an unknown merchant or Web site, contact someone there who can verify the company’s privacy policy for you before you make a purchase. Ask if they’ll send you a catalog.

“If they don’t list phone numbers and only have an e-mail address, that’s a huge red flag,” Stickley says. “Call the phone number and see if it goes to voice mail. Anyone can have voice mail set up.”

Bottom line: If you can’t get a human being on the phone or don’t like what you’re hearing, go shopping somewhere else.

— Updated: Nov. 7, 2006

3. Encryption doesn’t equal security.
Leah Ingram, author of “Gifts Anytime: How to Find the Perfect Present for any Occasion,” is a certified etiquette and protocol consultant. This expert gift-giver says one of the first things you should do before typing in your credit card information is look for the “plural URL.” That is, when you go to the site’s checkout page, the “http” in the URL should change to “https.” A closed padlock or key should also appear on the page, letting you know your personal information will be encrypted or scrambled.

If you don’t see either of these “locked” icons or a change in the URL, log out and shop elsewhere, says Ingram. The reason: “You can’t be sure the site has a secure server, and you shouldn’t take that risk,” says Ingram.

Here’s one tell-tale sign that you’ve entered a scammer’s site: If you ever see numbers at the beginning of the URL, such as, it’s probably a scam, says Stickley.

Even if you see a proof of encryption, such as the plural URL, you shouldn’t equate that with the site’s trustworthiness.

“It just means the session is encrypted,” says Stickley. He likens the mistaken belief to believing that someone owns a house just because that person can lock the front door. It means nothing. To verify the site’s trustworthiness, he advises calling the company to ask about its privacy policy.

4. When sharing is a bad thing.
Shared computers, such as the ones available to multiple strangers at computer centers, are a big no-no, says Branigan.

The danger is that hackers can insert a keylogger into the back of the keyboard, a device that looks like a harmless adapter. This monitoring device captures everything you type before it’s encrypted. Sometimes installed as software, the device can be hard to detect. The best thing to do is avoid shared computers when typing sensitive information.

5. Pay with a credit card.
You’ve found a trustworthy site with a secure checkout page. Now you’re ready to pay — with what? Check, money order, debit card, credit card, cash or Monopoly money?

We got a resounding answer from the experts: Credit cards are the safest method for online purchases.

“The last thing you want to use is a debit card,” Stickley says. “Most credit cards have protection on them — if someone rips you off, you can dispute the charge. Debit cards pull money right from your bank account. It can take months to get your money back, if you ever see it again.”

The beauty of using a credit card is that it’s not just your money on the line — it’s the creditor’s money, too. “If you have a problem with your transaction, the credit card company will go to bat for you to resolve it,” says Ingram.

According to the Federal Trade Commission, federal law limits your liability to $50 in charges, should someone use your credit card fraudulently.

— Updated: Nov. 7, 2006

Another option is making purchases through a third-party escrow service such as PayPal. Paypal Buyer Protection covers qualifying eBay purchases for up to $1,000 at no additional cost to buyers, helping to guarantee your purchase.

After any sale, be sure to print and save all of your receipts and e-mail confirmations in case of a dispute.

Credit shy?
If you are reluctant to give out your credit card number over the Internet, you have alternatives. Some card companies such as Discover Card, MBNA, Bank of America and Citi offer a secure online account number service — a virtual credit card or virtual account number.

Discover Card says since they first offered secure online account numbers they’ve “had no incidences of credit card fraud or identity theft in situations where hacking has occurred.”

By providing merchants with a special credit card number instead of your real number, your actual Discover account number is never exposed to scammers. Check with your credit card company to see if they offer this type of security feature.

Another security feature on the horizon is a one-time-use password token. The technology has been developed, but it’s not in widespread use yet. To protect yourself, be wise in your choice of passwords. Use a combination of letters and numbers difficult to guess, says Chris Young, senior vice president and general manager of the consumer solutions division at RSA Security, a company that has developed password tokens. Don’t use a word or number someone else could figure out, such as your birthday or dog’s name. Change your password frequently.

6. Suspect the suspicious.
If you’re at the checkout page and the site asks for your date of birth and Social Security number, be very careful.

“This combination can give people enough information to start applying for new credit cards in your name,” Branigan says. What’s scarier is the ease with which driver’s licenses can be purchased overseas — they can be purchased for as little as $100. If that scares you, remember a simple rule of thumb: If anything seems suspicious, call the company and ask questions.

Also be wary of sending out credit card information via e-mail or instant messaging, says Branigan. Neither is encrypted. Copies can remain on your mail server as well as theirs. Since you can’t control who’s looking at your information, stick to the site’s secure transaction page.

The final word
Moment of truth: Is online shopping safer than shopping offline? The experts offer a silver lining to the cautionary warnings against online identity theft and credit card fraud.

People should be aware that as long as they are dealing with reputable companies, online transactions are far more secure than the face-to-face transactions people perform every day, says Stickley.

Online transactions eliminate the middle man, such as the waiter who processes your credit card payment, so there are less people who physically see your private information.

Consumers who research companies before making purchases, watch for warning signs of fraud, use credit cards for purchases and keep receipts should be relatively safe.

“They can be absolutely as confident as physically shopping in a store,” says Branigan.

— Updated: Nov. 7, 2006