As you might expect, I get many questions from users concerned about online security. With regular news of identity theft, credit card fraud, and database hacking, many are understandably concerned about the security of their own information online, particularly when it comes to online shopping.
Some are so concerned, they actively avoid online shopping for fear of having their payment information stolen.
In my opinion, they should be more concerned about the security of their information offline.
Become a Patron of Ask Leo! and go ad-free!
There are very few risks that are unique to shopping online. Most of the risks apply equally well to shopping in person. Major data breaches, for example: large companies capture data regardless of how you shopped. Basic security is necessary in all cases, but there’s a strong argument that shopping online is more secure than its in-person counterpart.
Online shopping is ubiquitous
Most of us now take online shopping for granted. Some may even wonder why this article is needed at all.
The fact is, there are still many people who are afraid to shop at online merchants — even well-known, reputable ones.
Why? They’re convinced that the internet is full of hackers waiting to steal their credit card information as it goes by during an online transaction.
And yet, they’re quite willing to give the same payment information — along with an image of their signature, no less — to a stranger at a restaurant or a grumpy clerk in a retail store.
Risk versus risk
As I wrote in another article, “Most people have an overinflated sense of risk when it comes to threats they don’t understand.”
We’re most comfortable with black and white absolutes: yes or no, safe or unsafe. Unfortunately, the world isn’t black or white.
It’s important to realize there are risks, both online and off.
Unique risks online are few
There are very few risks unique to using your credit card online.
Yes, online shopping security issues do exist. Your device could have malware in the form of a keylogger, which records everything you type. And, while it’s extremely rare, your connection to an online merchant could be intercepted by someone watching and recording your payment information.1
Much more common, however, are things that apply regardless of how you use your credit card. The news reports we hear are major breaches at retailers and banks, where it doesn’t matter if you used your card online or in person. Most of those break-ins are caught and dealt with so quickly that if you or I are affected, it’s only to the extent that we might unexpectedly get a replacement credit card.
Offline risk is more common
I believe individual theft occurs more frequently offline.
- A clerk might make a copy of your card and signature.
- A dumpster diver could grab bank statements out of your trash.
- Someone might steal your new credit card out of your mailbox.
- You use your card at a cash machine or a store’s point-of-sale terminal, but a thief has hidden a “card skimmer” on the reader that steals your card’s information as you use it.
These offline methods are all much more common than individual online theft.
And even though we seem to hear about online theft on a semi-regular basis, there’s a strong argument saying they’re still fairly rare occurrences compared to the millions of cardholders and millions of transactions that happen every day.
Good sense implies good security
The fact is, regardless of where you use it, using your credit card represents risk. (But then, so does getting out of bed in the morning.)
Online or off:
- Shop with merchants you know and trust.
- Watch for things out of place, be it something odd about the card reader in a store or a missing https padlock on a website.
- Beware of phishing and other attempts to fool you into giving your personal information to those who would abuse it.
- Contact your credit card company whenever you think something may have happened.
My take is simple: shop online. I believe it to be safer than many in-person transactions.
Don’t let unfounded fear stop you from enjoying the convenience. I know I don’t.