Since businesses like Amazon and eBay first burst upon the scene in the mid-1990s, shopping via the Internet has grown from a quirky way to find a few items to a convenient way to purchase just about anything. As we approach the first major holiday season with people wary of exposure, travel difficulties and social distancing within families, shopping on the Internet is the preferred option for many people, including many who are not experienced online shoppers.

While shopping online instead of at the mall can certainly lower the risk of exposure to COVID, it does, however, increase the risk of exposure to other dangers, such as hackers looking for personal information, malware, and identity theft.

Safe Online Shopping Tips

Use credit cards, not debit cards

Debit cards are tied directly to your bank account. When you enter debit card numbers for an online purchase, if a hacker obtains those numbers they can potentially have access directly to your bank accounts and the funds within them. Credit cards offer slightly more protection because they are not tied directly to actual funds like a bank account and there are mechanisms to challenge unauthorized purchases.

Use third-party payment programs

Third-party payment apps like PayPal and ApplePay provide even more protection than using a credit card. With these apps, while you, as buyer, provide them with your credit card information, they do not provide that information to the online seller. Instead, the purchase is facilitated between the seller and PayPal or ApplePay. Therefore, it is more difficult for a hacker to obtain your financial information during the transaction and if the retailer gets hacked (remember Target?) your information is still safe, because the retailer never had it.

Shop secure sites only

Like the real world, the Internet has “bad neighborhoods.” Unencrypted, unsecured websites offer no significant buffer between you those who want your information. Therefore, you should only shop on secure websites and should verify that security before you enter any personal or financial information. The easiest way to tell whether a website is secure is to look at the full site address in your browser. If the first characters at the beginning of the address are “https,” then the site is secure. If the string does not contain that final “s” but only the characters “http,” the site is not encrypted and your information is potentially at risk.

Update your operating software

Windows or Apple iOS software updates can be burdensome. You must agree to terms of service, wait while downloading and installing, restart the computer or phone, and then go through “What’s New” tutorials. However, updates are provided for important reasons, many of which have to do with security bugs or holes. Still, most people put off updates as long as possible. Hackers know this and look for computers that have not been updated so they can exploit those bugs and holes. Keeping software up to date is one of the easiest and most effective things you can do to protect your information because it ensures you always have the most current security features. Every device has some means to check for operating system updates so you can use that feature to ensure you are up to date. Also, when you receive alerts about software updates, follow those alerts and get those updates.

Change and strengthen your passwords

Secure, unique passwords are the best defense to keeping your information secure. Too many people use one password for everything. The problem with that is that if that password is hacked, then the hacker has access to everything. The best thing to do is to have different passwords for each online account you keep. Further, the passwords should be strong, containing long strings of numbers, letters and characters. While this may sound difficult to accomplish (and remember!) there are secure password generators that will create unique passwords and safely manage them for you.

Shop at home

Free WiFi is nice. However, public networks, like at coffee shops, restaurants and airports, are not secure. Any information put out on a public network is easily intercepted. Therefore, you should not do any shopping, banking or login to other sensitive accounts such as investment accounts, health care accounts while on public networks. However, if you have a laptop and a phone, you can create your own private, encrypted hotspot through the phone. While not free like the public WiFi, at least the private, personal hotspot is secure.

Don’t click on links

Beware of links to deals that are too good to be true on social networking sites. Everyone has seen social media posts offering a $2,000 watch/guitar/cruise/greenhouse for $200. If something is too good to be true, it probably isn’t true.  Indeed, most of the websites behind those unbelievable offers are unsecure, unencrypted fronts for data and information theft. Before clicking on any links to deals like that, do some independent investigation by researching the site or the deal.

While there are additional measures you can take to enhance your online security, these listed above are very easy to put in place. Implementing at least one or two of them will likely substantially lower your risk of being a target of data or identity theft. Remember also that data and identity theft does not occur just around the Holidays, but is a 24/7/365 threat, so you should always be alert and up to date.

Businesses experiencing cybersecurity, data and privacy matters may contact  me at or by phone at 239-344-1153.