Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

How to be Safe when Shopping Online

Online safety is something we all need to be concerned with. However, the safe use of credit cards online seems doubly important as we enter the holiday shopping period.

Consumers will spend roughly 1.2 trillion dollars in online shopping this year, according to Statista at That number is expected to double in the next four years. Almost all of the transactions will be paid with a credit card, a debit card, or PayPal.

Probably 99.9999% of the transactions will be handled flawlessly; the money in each transaction will be transferred from the buyer to the merchant without a problem. In fact, using a credit card online has been proven safer than using the same card in a store and much safer than carrying cash. However, a small minority of Web users still have a phobia about making purchases online with a credit card. It’s easy to make sure your payment is safe. Here are a few things you should always do to ensure your payment is made properly and securely.

1. Only purchase from secure web sites. When entering credit card information, look in the address bar of your web browser to verify that you are connected to a web site with an address that starts with “https” rather than the typical “http.” “Https” indicates that the merchant’s web site is using encryption technology to scramble your information when it travels through the Internet, rendering it useless to any hacker who can intercept the data as it travels.

Encryption is used daily by governments, banks, stock exchanges, and others to securely move billions of dollars online every day. If encryption is good enough for them to transfer billions of dollars, it probably is good enough for your transactions and mine.

2. When in doubt, shop from your home computer (or tablet or smartphone). When you use a public computer, such as at a library, at school, or possibly at work, information you send and receive may remain behind, or be “cached,” in the computer. There are methods to clear the caches before you finish, but the easiest and safest method is to not use a computer that is later accessible to others. Shopping only from a computer that is accessible only to you avoids the problem.

3. Verify the online merchant. If you don’t know much about the merchant that is offering the product you want, check the company’s reputation. The Better Business Bureau at is the best-known and probably the most reliable reference. A major drawback is that the information may be several months old. The BBB carefully verifies everything before publishing information, and that takes time. If a merchant recently had a single dishonest employee who stole credit card numbers, the report may not appear on for several months. promptly offers reviews that are written by previous customers. Epinions is a platform for people to share their experiences—both good and bad. With millions of consumer reviews, ratings, and comments, presents you with high quality content based on how helpful other users have found it. Beware of one thing, however: and other review sites frequently contain very biased reviews written by the merchants themselves or by their competitors. A merchant may use a fake name to post glowing reviews about the company’s services and derogatory reviews claiming bad things about competitors. I suggest you score the reviews in the same manner as the scoring performed by Olympic judges: throw out the highs, throw out the lows, and then use the remaining scores to find a reasonable analysis.

On eBay, always verify a seller’s feedback ratings.

4. Always use a credit card or PayPal; never send a check through the mail or use a wire transfer. Checks are often stolen from the mail. If cashed, you may lose the money. Some banks offer fraud insurance on checking accounts while other banks do not. The so-called “free checking accounts” almost never include insurance against theft or fraud. If in doubt, contact your bank to determine if your checking account is insured.

With credit cards, U.S. Federal laws protect consumers from fraudulent use if the fraud is reported promptly (usually within 60 days). In addition, a credit card or a PayPal payment allows the buyer to dispute a charge if the merchant hasn’t provided the product or service as described. (See the footnote below for details.) In contrast, checks and wire transfers have almost no such protection. If you pay by check and do not receive satisfaction from the merchant, your choices are limited at best.

Debit cards may look like credit cards, but they are not treated the same in the eyes of the law. A debit card is essentially a digital check. It receives the (limited) protections of checks, not the protection of Federal laws concerning credit cards. A few years ago, many security experts warned shoppers not to use debit cards because of the fewer protections available. That was true at the time but things have changed since then. Today, both VISA and MasterCard offer the same protection to debit cards as they do to credit cards. I now use debit cards online without hesitation because of the protection being offered. If you are in doubt about your debit card, contact your bank and ask if your debit card is insured against fraudulent transactions.

5. Be alert! Sign up for online and mobile banking from your bank to keep a daily eye on your account. Most banks will send email notices to you, either immediately or daily, whenever a charge is made to your account. If you see something unusual, contact the bank immediately. Identity thieves often make a low-dollar “test charge” to see if a credit card works. If successful, the thief then returns later to make a high-dollar charge. However, such tactics are easily thwarted if you question a low-dollar charge immediately. Reading email reports of your charges makes such verification simple and only requires a few seconds each day.

With a few simple precautions, you can have a very merry and secure holiday shopping season!
Footnote: The following is an excerpt from an article I wrote a few weeks ago that seems especially relevant to shopping online safely:

VISA credit cards and debit cards are fully insured against fraudulent purchases, both online and in person, with no deductible charge. Details are available at:

MasterCard (including both debit cards and credit cards) is fully insured against fraudulent purchases, both online and in person, with no deductible charge. Details are available at:

American Express: Use the American Express card online or off, and you won’t be held responsible for any fraudulent charges. Period. If someone uses your American Express card without your consent, you’ll never pay any part of the fraudulent charges. See

Discover Card: You’re not responsible for any unauthorized charges on your account—online, offline, anytime, anywhere, with absolutely NO deductible. See

In all cases, you are not liable for credit card fraud.

For example, a couple of years ago I received a notice from one of my credit card companies, Capital One 360, that stated, “If fraud happens, you won’t pay for any charge on your Credit or Debit Card that you didn’t authorize. It’s that simple.” I will not use any credit card or debit card that does not have a similar policy. Luckily, all the major credit card companies do have similar policies.

Even better, PayPal provides DOUBLE insurance. PayPal insures all online transactions against fraud. In addition, if the PayPal transaction is funded by a credit card, that credit card company also provides similar insurance. You won’t get paid double the amount of your loss, but you are assured that the two companies will work together to make sure you always get 100% of your money back. Details may be found at:

I trust PayPal even more than the credit card companies because Paypal never tells the merchant your credit card number. With a normal credit card, your card number is usually sent to the merchant, where a dishonest employee may be able to see it and use that number fraudulently. In contrast, PayPal doesn’t send the credit card number to the merchant. Instead, PayPal simply gives the merchant the name and required identifying information of the buyer and then simply deposits the funds into the merchant’s account. The credit card information is never exposed to anyone outside of PayPal (and even then, only to a very few bonded and insured employees of Paypal).

In my mind, PayPal is more secure than any of the major credit card companies.

Categories: Credit Cards, Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.