- In This Article
-
- Know what security notices to look for
- Beware of sites that ask for more personal information than needed
- Use a credit card for purchase protection
PDF
share
printIn recent years, more people have found the Internet a convenient way to shop, pay bills and track banking activity. The world of electronic commerce, also known as e-commerce, has expanded our purchasing abilities from local retailers to worldwide companies and expedited our ability to shop while maintaining a busy schedule.
Unfortunately, things can go wrong while shopping in cyberspace. Sometimes it is simply a case of a computer glitch or poor customer service. Other times, shoppers are cheated by clever “cyber-crooks."
Check the Authenticity of the Website Address or URLAbove the website at the top of your screen is a rectangular window that contains the website address (also called the URL or Uniform Resource Locator). By checking that address, it can give you clues as to whether you are dealing with the correct company or a safe website.
Cyber-thieves have created websites that look convincingly like the sites of well-known companies. These sites capture the credit card numbers of unwary shoppers. The thieves then use the stolen credit card numbers to make fraudulent purchases in the shopper’s name. If these shoppers had checked the URL at the top of the screen, they could have noticed that it was not the same address as the real company.
Secure WebsitesSecure websites use security technology to transfer information from your computer to the online merchant’s computer. This technology scrambles (encrypts) the information you send, such as your credit card number, in order to prevent computer hackers from obtaining it “en route.” This reduces the number of people who can access the transaction information.
The following items shown on your web browser will indicate a connection to a secure web site.
https:// The “s” that is displayed after “http” indicates that the website is secure. Often, you do not see the “s” until you actually move to the order page on the website.
A closed yellow padlock displayed at the bottom of your screen. If that lock is open, you should assume it is not a secure site.
Do business with companies you already know. If the company is unfamiliar, investigate their authenticity and credibility. Conduct an Internet search (i.e. Google, Yahoo) for the company name. The results should provide both positive and negative comments about the company. If there are no results, be extremely wary.
Reliable companies should advertise their business address and at least one phone number, either customer service or an order line. Call the phone number and ask questions to determine if the business is legitimate. Ask how the merchant handles returned merchandise and complaints. Find out if it offers full refunds or only store credits.
You can also research a company in Internet yellow pages, through the Better Business Bureau (see listing below), or a government consumer protection agency, including the district attorney’s office or the state Attorney General. Perhaps friends or family members who live in the city listed can verify the validity of the company. Remember, anyone can create a website.
Shop in a store that has locations within the U.S. These stores must follow specific state and federal consumer laws. You might not get the same protection if you place an order with a company located in another country.
Website Privacy and Security PoliciesEvery reputable e-commerce website offers information about how it protects your personal information. It is usually listed in the section entitled Privacy Policy. You can find out if they intend to share your information with a third party or affiliate company. Do they require these companies to refrain from marketing to their customers? If not, you can expect to receive “spam” (unsolicited e-mail), mail or phone solicitations from these companies or others.
Look for online merchants who are members of a seal-of-approval program that sets voluntary guidelines for privacy-related practices. TRUSTe and BBBonline are two such programs.
Be aware that a strong privacy policy and membership in a certification program do not guarantee that the Web merchant will protect your privacy indefinitely. Policies change. The company could go out of business, or sell its customer database. The Web merchant might be purchased by another company with a weaker privacy policy.
Credit vs. DebitThe safest way to shop on the Internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation.
When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges. We recommend that you obtain one credit card that you use only for online payments to make it easier to detect wrongful credit charges and keep your other cards from being exposed.
E-commerce shopping by check leaves you vulnerable to bank fraud. Sending a cashier’s check or money order doesn’t give you any protection if you have problems with the purchase.
Make sure your credit card is credit-only and not a debit card or a check card. As with checks, a debit card exposes your bank account to thieves. Your checking account could be wiped out in minutes. Further, debit cards are not protected to the extent that credit cards are by federal law.
What Information to ProvideDisclose only the bare facts when you order. Never provide a Social Security number to a vendor. When placing an order, there is certain information that you must provide to the Web merchant such as your name and address. Often, a merchant will try to obtain more information about you. This information is used to target you for marketing purposes. It can lead to “spam” or even direct mail and telephone solicitations.
Don’t answer any question you feel is not required to process your order. Often, the website will mark which questions are mandatory with an asterisk (*). Should a company require information you are not comfortable sharing, leave the site and find a different company for the product you seek.
Confirmation of OrderAfter placing an order online, you should receive a confirmation page that reviews your entire order. It should include the cost of your order, your customer information, product information, and the confirmation number.
Print at least one copy of the confirmation page and the Web page(s) describing the item you ordered, as well as the page showing company name, postal address, phone number, and legal terms, including return policy. Keep it for your own records for at least the period covered by the return/warranty policy.
Often you will also receive a confirmation message that is emailed to you by the merchant. Be sure to save and/or print this message as well as any other email correspondence with the company.
Shipping and Return PoliciesA company must ship your order within the timeframe stated. If no timeframe is stated, you should inquire how long the delivery will take. This gives you an opportunity to cancel the order and receive a prompt refund or agree to any delay.
Here are key shipping considerations:
Does the site tell you if there are geographic or other restrictions for delivery?
Are there choices for shipping?
Who pays the shipping cost?
What does the site say about shipping insurance?
What are the shipping and handling fees, and are they reasonable?
Even under the best of circumstances, shoppers sometimes need to return merchandise. Check the website for cancellation and return policies.
Who pays for return shipping?
Is there a time limit or other restrictions to the return or cancellation?
Is there a restocking charge if you need to cancel or return the order?
Do you get a store credit, or will the company fully refund your charges to your credit card?
If the merchant only offers store credits, find out the time restriction for using this credit.
Don’t expect less customer service just because a company operates over the Internet. This is especially important if you are buying something that may need to be cleaned or serviced on occasion.
Does the merchant post a phone number and/or email address for complaints?
How long has the company been in business?
Will they still be around when you need them?
Is there an easy, local way for you to get repairs or service?
Is there a warranty on the product, and who honors that guarantee?
What are the limits, and under what circumstances can you exercise your warranty rights?
Heed the old adage, “If it looks too good to be true, it probably is.”
Are there extraordinary claims that you question?
Do the company’s prices seem unusually low?
Does the company’s phone go unanswered?
The use of a post office box might not send up a red flag, but a merchant who does not provide the company’s physical address might be cause for concern.
If any of these questions trigger a warning, you will be wise to find another online merchant or buy the product in a store.
Secure Payment Agents (SPAs)A “Secure Payment Agent,” as defined by the Identity Theft Resource Center, allows the consumer to control the use of all their sensitive personal information whether shopping, paying bills online, or registering at websites. A SPA has the ability to replace all of the user’s real personal information with anonymous data that becomes useless after a transaction and cannot be tracked back to the user. The following list includes items that ITRC has identified as some of the prerequisites SPAs should include:
Replaces the consumer's real personal identifying and financial information with anonymous data that is untraceable back to the consumer.
Eliminates phishing, both when visiting websites and receiving incoming email.
Verifies both consumer and device before allowing access to or use of the SPA.
Stores user data so it becomes useless if the SPA's database storage system is breached.
Merchants must be able to send and consumers to receive, purchase/shipment confirmations without delay, extra steps or the use of supplemental devices.
Authentication method must be “Multi-Authentication” using attributes of:
Who You Are
What You Have
What You Know
Identity thieves are increasingly using the Web to scam you and gather credit card, checking account, debit card or Social Security numbers. Be aware of this trend.
Check your credit card bills carefully for several months after purchasing on the Internet. Look for purchases you did not make. If you find some, immediately contact the credit card company and file a dispute claim.
Order your credit reports at least once a year and check for accounts that have been opened without your permission.
“Electronic Signatures”A recent federal law enables shoppers to verify online purchases with merchants using an “electronic signature.” Usually, this process is nothing more than clicking on a box that says you accept the terms of the order. The Electronic Signatures in Global and National Commerce Act, also known as the E-Sign Act, is a complex law. Read the Terms of Agreement carefully before completing the transaction.
ResourcesListed below are websites that provide additional information about shopping online:
The FBI’s Internet Fraud Complaint Center allows you to report suspected cases of Internet and e-commerce fraud.
- The Better Business Bureau certifies Web merchants with a privacy seal of approval. You can research merchants through the BBB and also report e-commerce fraud problems at these sites.
Created by the U.S. Food and Drug Administration to provide shopping tips for buying online prescriptions and over-the-counter drugs on the Web.
Copyright © 2011, Identity Theft Resource Center®. All rights reserved. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to ITRC@idtheftcenter.org. This fact sheet should not be used in lieu of legal advice. This article is referenced as "Fact Sheet 103: Online Shopping" on the Identity Theft Resources Center website.
