For years, consumers were nervous about shopping online, figuring that entering a credit card number into a website was scarier than offering the card in a store.
Times sure have changed. Online shopping is booming; Forrester Research predicts Americans will spend $89 billion online this holiday season, 13 percent more than last year.
And shopping online has proved safer than in-store buying in recent years. Some of the biggest recent data breaches have involved in-store payment systems, while major online breaches, like the one at eBay, usually don’t involve credit card data.
Nevertheless, security breaches can happen, so it is wise to take precautions when shopping online.
Special Section: Security
After a year of record-setting hacking incidents, companies and consumers are finally learning how to defend themselves and are altering how they approach computer security.
The best thing you can do is use a credit card, not a debit card, for online purchases. If your credit card number is stolen, your liability for unauthorized purchases is minimized, whereas a stolen debit card number can drain your bank account if you don’t notice or report the theft quickly enough.
In addition, look for sites that connect to the Internet securely. You can tell by looking for a green padlock symbol and the letters https (rather than http) in the URL bar. Prominent sites like Amazon or Etsy offer these sort of security measures. Note that some sites, like Best Buy, may not show the secure URL or icon until you start the checkout process.
If you encounter a site that doesn’t offer such security, don’t shop there, plain and simple.
Insecure websites may send your personal information in a way that can be easily intercepted by hackers. This is especially true if you are browsing on a public Wi-Fi network like those at coffee shops or airports. Avoid online shopping and other activities like banking on public networks — and if you must do those activities, certainly stay away from insecure sites.
You will probably have the best experience with major retailers and banks, which generally do a good job of protecting your information.
If you want to buy something from a smaller merchant, look for reviews on sites like the Better Business Bureau or Reseller Ratings. Or you can search for the item you want on shopping comparison sites like Google Shopping, Yahoo Shopping or Nextag, which compare retailers and will specify trusted sources.
You can take steps to protect your financial information at the sites where you shop, as well. For example, if you store your credit card information with sites like Amazon to ease checkout, protect that online account with a strong password, and don’t use the same password on other sites.
Also, be judicious about the sites where you choose to store credit card information. If you want your credit card number handy, some password vaults like LastPass and 1Password include autofill features, letting you store those numbers along with your address and other information for faster checkout.
Just make sure you have a strong password to log into those vaults and use a password on any computer or phone where you use those services.
Mobile payment services like Apple Pay are another secure method for online checkout. In apps that have integrated Apple Pay, you can check out by using your fingerprint to authorize a purchase, which will be charged to a credit card you have stored in Apple’s Passbook app.
The app you are using will never see your credit card information and, in some cases, you won’t even have to create a user account — meaning hardly any data trail at all.
As hackers grow ever more sophisticated, however, there may be times when you simply can’t protect yourself online. For example, this year’s Heartbleed vulnerability meant that sites supposedly protected by an extra security layer — those with that https in their URL — could actually be insecure, and the user would never know.
That’s why it is best to make sure you are as protected as you can be, by using credit cards, checking statements often and using strong passwords for online shopping.