Online Shopping – Just How Safe Is It?

As you might expect, I get many questions from computer users concerned about their security. With regular news of identity theft, credit card fraud, and database hacking, many people are understandably concerned about the security of their own information online, particularly when it comes to online shopping …

… so much so, that some actively avoid online shopping for fear of having their payment information stolen.

In my opinion, they should be more concerned about the security of their information off-line.

Become a Patron of Ask Leo! and go ad-free!

Online shopping is ubiquitous

Most of us now take online shopping for granted. I suspect some may even wonder that this article is needed at all.

The fact is, there are still many people who are afraid to shop at online merchants – even well-known, reputable ones.

Why? They’re convinced that the internet is full of hackers just waiting to steal their credit card information as it goes by. They’re quite willing to give that same payment information – along with an image of their signature, no less – to a stranger at a restaurant or a grumpy clerk in a retail store.

Risk versus risk

As I wrote in another article, “most people have an over-inflated sense of risk when it comes to threats they don’t understand”.

Using a Credit Card OnlineOn top of that, we’re most comfortable with black and white absolutes: yes or no, safe or not safe. Unfortunately, the world isn’t black or white.

It’s very important to realize that there are risks either way, online or off.

Unique risks online are few

There are very few risks that are truly unique to using your credit card online.

Yes, online shopping security issues exist. Your device could have malware in the form of a keylogger, which records everything you type. And yes, it’s extremely rare, but your connection to an online merchant could be intercepted by someone watching and recording your payment information.1

Much more common, however, are things that apply regardless of how you use your credit card. The news reports we hear are major breaches at retailers and banks, where it doesn’t matter if you used your card online or off. In fact, most of those break-ins are caught and dealt with so quickly that if you or I are affected, it’s only to the extent that we might unexpectedly get a replacement credit card.

Offline risk is more common

I believe individual theft occurs more frequently off-line.

  • A clerk might make a copy of your card and signature.
  • A dumpster diver could grab your bank statements out of your trash.
  • Someone might steal your new credit card out of your mail box.
  • You use your card at a cash machine, but a thief has hidden a “card skimmer” on the reader that steals the information on your card as you use it.

These off-line methods are all much more common than individual online theft.

And even though we seem to hear about online theft on a semi-regular basis, there’s a strong argument that says they’re still fairly rare occurrences, compared to the millions of cardholders and millions of transactions that happen every day.

Good sense implies good security

The fact is, regardless of how you use it, using your credit card represents risk. But then, so does getting out of bed in the morning.

Online or off:

  • Shop with merchants you know and trust.
  • Watch for things out of place, be it something odd about the card reader in a store, or a missing https padlock on a web site.
  • Beware of phishing and other attempts to fool you into giving your personal information to those who would abuse it.
  • Contact your credit card company whenever you think something may have happened.

My take is simple: shop online. I believe it to be generally safer than many physical in-person transactions. Online or offline, the risks are generally lower than you might believe.

Don’t let unfounded fear stop you from enjoying the convenience. I know I don’t.

Podcast audio

Play

Footnotes & references

1: Even over https connections, though that’s significantly rarer.

19 comments on “Online Shopping – Just How Safe Is It?”

  1. Let me start by saying thanks for a great piece.
    I totally agree with what you said.

    In fact, I feel more secure giving my info to Amazon or Newegg or Sears or any of the many places I shop online than I do giving it to someone who looks like a crackhead in a dimly lit restaurant.

    Thanks again Leo and keep up the good work.

  2. Shopping online is relatively safe, but there are still a lot of risks. Leo, check out buysafeshopping.com, where every every seller has passed a business inspection process; agreed to allow buysafe to monitor their performance in every transaction with buyers; and paid for a surety bond from Liberty Mutual to guarantee each bonded transaction up to $25K. It’s the only way to shop safe online!

  3. hello sir,
    i have a question, how about someone just use my credit card information to shop online, to buy gadgets. can i be able to trace the person who use it and where he/she address it for delivery? thanks

    No. This is something you should leave to the appropriate authorities.

    Leo
    09-Mar-2012
    • I take your question a little differently that Leo. You can do some checking to see if it is someone you recognize, THEN give that information to the authorities for follow up.

  4. Leo, what do you think of these new services that offer mobile devices and apps that enable small businesses to process credit card transactions on their smartphone? How safe is this for the consumer?

    The concept concerns me so I’d be very interested to read your thoughts.

    I don’t have any direct experience but everything I’ve heard about them is good. Certainly it need be no riskier than handing your credit card to a clerk in a store.

    Leo
    27-Nov-2012
  5. Here is my comment about online ordering versus ordering over the phone.
    Years ago I was uncomfortable putting out my credit card information over the Internet. So I called the 800 number to place a phone order with a customer service representative. After she was done taking my order, I asked her a question. I asked her what did she do with the information that I just gave her about my name, address, telephone number and credit card information. She answered by saying that she entered everything into her computer so the information could be processed and sent over the Internet. From that time on, I have just placed my orders through the Internet since it was done by the customer service representative anyway. In the 15 years that I have been doing this using various credit cards, I’ve yet to have a problem with someone stealing my information.

    • “Online Shopping – Just how safe is it?” Probably safer than in a shop.
      I’d trust the online ordering much more than giving my credit card number over the phone. Online ordering from a legitimate company strong strong encryption and other safeguards to protect your credit card. I’ve had my credit card compromised twice. I think it was at a gas station (not at the pump) and a restaurant. In any case both charges were reversed with 5 minute phone calls.

  6. Have used Amazon and the like for years, with no problems. But now live overseas where Amazon either won’t deliver or very expensive. Took the plunge and used AliExpress, sort of the Chinese Amazon. Fantastic service, excellent prices and free delivery to most places in the world. Bye bye Amazon!

  7. I only saw the ‘https’ mentioned in footnote/reference #1. I think its more important than that. I have seen small hotel sites in other countries without it, just a http://www._____.com. I place a bigger weight on the https secure sites personally.

  8. One GREAT tool I’ve used for almost 10 years now is Citi’s “Virtual Account Numbers” (VANs). VANs are an online system that allows you to create credit card numbers to be used for a specific vendor. You can specify the dollar limit, and the expiration date (from 1-12 months from the current month). For one-time uses, you just create a VAN for the exact amount you want the vendor to have, if the vendor tries to charge more than your specified amount, the system rejects it (just as though you gave them an invalid number). This keeps vendors from adding on additional charges (like higher S/H than originally specified) without your explicit approval.

    For vendors with recurring charges (like phone bills, common online merchants that you buy from frequently, etc.), you create a VAN with the latest expiration date (12 months from creation) and keep at least a 1 cent balance in the VAN (so the first time you use it, you approve an amount 1 cent more than you are going to charge). That 1 cent balance keeps the card active. Then when you want to charge something to that same vendor, just ‘reload’ the VAN with the new amount (again with 1 cent more), and charge it. This allows you to keep credit card numbers on file with the vendor (just like a normal credit card), but they can’t charge against it until you put in the the money. Also, once a vendor uses a specific VAN, only that vendor can reuse it. So if you accidentally give an existing VAN to the wrong vendor, they won’t be able to charge against it. For subscription type services, you don’t have to worry about your card being charged in future months/years without you explicitly putting more money into the account.

    You can also use this system for vendors you pay over the phone (I use one for my dentist). You give them the VAN over the phone, just like you would your actual card number, and they charge against it. Even if they write the number down on a stray piece of paper, and someone goes through the trash, the number will be useless because only the original vendor can reuse it, and if it’s only for a one-time use, there won’t be any more money in the VAN account anyway.

    As far as I know, only Citi currently offers this option (and not with all of their cards, so make sure you ask). Citi has both MasterCard and Visa (my VAN is with their MasterCard, I don’t know if they also provide it with their Visa accounts). Discover and American Express used to offer similar services, but they dropped them years ago. If anyone knows of another credit card company that provides a similar service, post it here (and say what you like and/or don’t like about it).

    As I said, I’ve used this for almost 10 years, and it has really helped me feel much more comfortable giving out my credit card number (which is always just a VAN) either online or on the phone.

    • Thanks for the heads up on that. I have a Citi card and following up on your suggestion I activated the service. I don’t have a problem with most legitimate e-merchants, but it sounds great for those services which offer a free service but ask for a credit card number to “verify”, or even a subscription service which automatically renews if you forget to cancel.

      • I use a velocity credit card and what I like is every transaction that is made either by card or over the phone within seconds of the transaction I get an SMS telling me all the details of the transaction, even when I’m overseas and a priority number to contact if I don’t recognise the transaction.

  9. I’ve used eBay with Paypal about 11 years with nary a hitch. I rarely shop with online merchants that don’t take Paypal, that require a credit card number, but all the ones I regularly use and really need do take Paypal. My credit card has been compromised twice in 3 years just from using it at local stores, so I don’t use it at such places anymore except for a couple that I have reason to trust. I use cash only for most groceries and for all restaurants, and *never* give my card to a server that carries it out of my sight to process. All this works well for me and I actually get most things online instead of going out and looking all over town for something, a real advantage due to advanced age and the accompanying decreasing vitality.

  10. Not an advertisement at all, I have used an Amex Serve card for all online purchases for the past 2.5 yrs. In NY they charge no fees, no minimum balance and when I got it the card was even free. There are fees in other states and not sure if the card is free anymore, but it a very simple way to limit any financial exposures you may feel you might have shopping online. You can set up sub accounts, attach it to a checking account etc. I just usually just stop at CVS and add cash and it is instantly in the account. Like I said not an ad, just my personal experience with some thing that works for me.

  11. To what Bill said. I too have been using Paypal for over 10 years and have not had a single issue that was not resolved. In fact I use the above
    mentioned Amex Serve card as my payment card for Ebay.

  12. My online rule is only purchase from someone who you know you can walk into their office (might be on the other side of the country, but there is a legitimate office you can go to).

    Some of the offline retailers bother me … even big name trusted retailers (Home Depot is only one example; there are others). You return a product and they don’t ask for your credit card to reverse the charge. Why? They kept it on file. Then what happens? Someone hacks their servers and steals customers’ credit cards.

  13. Have been doing business with Amazon for years and have never had an issue despite receiving notices from Google about “Amazon hackings”.

  14. Never had a credit card problem either online or offline. Did use a debit card at only two locations, and someone used my debit number to pay their utilities. The bank caught it and reversed it immediately.

Leave a reply: