You've settled on the perfect gift for that special someone. On clearance from Bobsyouruncle45, the new laptop computer is going to cost you a mere $65. Getting your Visa card out of your wallet, you click over to the checkout page and get ready to seal this spectacular deal.
Not so fast.
If you don't know from whom you're buying, and are simply praying for good luck after sending your payment over the Web, you're setting yourself up -- and not just for losing money. You're risking your personal information, and it's time for a rude reality check.
It makes sense that security is not always a bedfellow of convenience. Open 24 hours a day from anywhere in the world, online shopping sites entice consumers with an array of come-ons such as free shipping, comparison pricing, bargain deals and extra security features. Saving gas and being able to shop on your own schedule adds more to the online shopping appeal.
Yet, the question remains for the leery: Can online shopping be done safely?
How safe is online shopping?The Internet security experts we spoke with say "yes" -- on the condition that consumers abide by some basic safety tips.
Bigger names equal better protection. "Go with reputable companies you've heard of," says Jim Stickley, co-founder and vice president of engineering at TraceSecurity, a company that works with financial institutions to better their network security systems to deter identity thieves.
Stickley, who knows firsthand how easily sensitive information is stolen, says that if a deal sounds too good to be true -- say, $20 for that new iPod Nano -- it probably is. What's worse, it's probably an attempt to trick you into giving out personal information.
Steven Branigan, founder and president of CyanLine and author of "High-Tech Crimes Revealed : Cyberwar Stories from the Digital Front," agrees. He says that it's good to know the site you're going to, such as the bigger sites like Amazon.com. "These sites put their name on the line."
On the other hand, the fear factor hurts smaller merchants who might have better deals.
One comparison shopping site, buysafeshopping.com solves both problems by bonding qualified merchants for up to $25,000 with Liberty Mutual. BuySAFE puts merchants through a screening process to verify the merchant's identity, online sales experience and ability to deliver the purchased items. If a retailer passes that process, buySAFE is willing to stand behind them with their purse, says CEO and president, Jeff Grass.
Find a real personBottom line: If you can't get a human being on the phone or don't like what you're hearing, go shopping somewhere else.
Encryption doesn't equal security. Leah Ingram, author of "Gifts Anytime: How to Find the Perfect Present for Any Occasion," is a certified etiquette and protocol consultant. This expert gift-giver says one of the first things you should do before typing in your credit card information is look for the "plural URL." That is, when you go to the site's checkout page, the "http" in the URL should change to "https." A closed padlock or key should also appear on the page, letting you know your personal information will be encrypted or scrambled.
If you don't see either of these "locked" icons or a change in the URL, log out and shop elsewhere, says Ingram. The reason: "You can't be sure the site has a secure server, and you shouldn't take that risk," says Ingram.
Here's one tell-tale sign that you've entered a scammer's site: If you ever see numbers at the beginning of the URL, such as http://email@example.com%6AD%, it's probably a scam, says Stickley.
Still, even if you see a proof of encryption, such as the plural URL, you shouldn't equate that with the site's trustworthiness.
When sharing is a bad thing. Shared computers, such as the ones available to multiple strangers at computer centers, are a big no-no, says Branigan.
The danger is that hackers can insert a keylogger into the back of the keyboard, a device that looks like a harmless adapter. This monitoring device captures everything you type before it's encrypted. Sometimes installed as software, the device can be hard to detect. The best thing to do is avoid shared computers when typing in sensitive information.
Pay with a credit card. You've found a trustworthy site with a secure checkout page. Now you're ready to pay -- with what? Check, money order, debit card, credit card, cash or Monopoly money?
Plastic is safestWe got a resounding answer from the experts: Credit cards are the safest method for online purchases.
"The last thing you want to use is a debit card," Stickley says. "Most credit cards have protection on them -- if someone rips you off, you can dispute the charge. Debit cards pull money right from your bank account. It can take months to get your money back, if you ever see it again."
The beauty of using a credit card is that it's not just your money on the line -- it's the creditor's money, too. "If you have a problem with your transaction, the credit card company will go to bat for you to resolve it," says Ingram.
According to the Federal Trade Commission, federal law limits your liability to $50 in charges, should someone use your credit card fraudulently
Another option is making purchases through a third-party escrow service such as PayPal. Paypal Buyer Protection covers qualifying eBay purchases for up to $1000 at no additional cost, helping to guarantee your purchase.
After any sale, print and save all of your receipts and e-mail confirmations in case of a dispute.
If you are reluctant to give out your credit card number over the Internet, you have alternatives. Some credit card companies such as Discover Card, Citi and MBNA offer a secure online account number service -- a virtual credit card or virtual account number.
In the five years since Discover has offered virtual credit cards, they've had no incidences of credit card fraud or identity theft in situations where hacking has occurred, says Steve Furman, marketing director of e-commerce at Discover Financial Services.
There are alternativesBy providing merchants with a special credit card number instead of your real account number, your actual Discover account number is never exposed to scammers. Check with your credit card company to see if they offer this type of security feature.
Another security feature on the horizon is a one-time-use password token. The technology has been developed, but it's not in widespread use yet. To protect yourself, be wise in your choice of passwords. Use a combination of letters and numbers difficult to guess, suggests Chris Young of RSA Security, a company that has developed password tokens. Don't use a word or number someone else could figure out, such as your dog's name or birthday. Change your password frequently.
Suspect the suspicious. If you're at the checkout page and the site asks for your date of birth and Social Security number, be very careful.
"This combination can give people enough information to start applying for new credit cards in your name," Branigan says. What's scarier is the ease with which driver licenses can be purchased overseas -- for as little as $100. If that scares you, remember a simple rule of thumb: If anything seems suspicious, call the company and ask questions.
Also be wary of sending out credit-card information via e-mail or instant messaging, says Branigan. Neither is encrypted. Copies can remain on your mail server as well as theirs. Since you can't control who's looking at your information, stick to the site's secure transaction page.
Moment of truth: Is online shopping safer than shopping offline? The experts offer a silver lining to the cautionary warnings against online identity theft and credit card fraud.
Shoppers should be aware that as long as they are dealing with reputable companies, online transactions are far more secure than the face-to-face transactions people perform every day, says Stickley. Online transactions eliminate the middle man, such as the waiter who processes your credit card payment, so there are fewer people to physically see your private information.
Consumers who research companies before making purchases, watch for warning signs of fraud, use credit cards for purchases and keep receipts should be relatively safe. "They can be absolutely as confident as physically shopping in a store," says Branigan.