Unfortunately for us, it doesn’t appear that Google provides a list of Trusted Stores. Users must therefore discover these resources on their own.
2) Ensure That You’re Browsing the Secure Site (SSL/TLS)
For years we have been taught that padlock icons indicate a website is secure. This is incorrect. The only padlock icon that indicates anything can be found in the URL bar (which may appear different, depending on your browser):
But what does this padlock mean? It means that the website is leveraging SSL/TLS. Simply put, your information is encrypted before being transported; this helps keep other users on your network from reading the data you submit to the website.
It’s important to ensure that the application is leveraging SSL when browsing the following areas of the website:
- Account Creation
Just take a look at the URL bar in your browser. Look for the padlock. If the padlock is red or the browser issues any warnings, do not use that site. Either of these conditions indicate that there is a problem with the implementation, and any data you transmit may be intercepted.
One thing worth noting: if padlock icons appear on the webpage itself (not in the URL bar of the browser), it indicates nothing about the site’s security. They can be placed on the page by the administrator or via other means and can be used in an effort to trick victims into thinking that the site is secure.
Just seeing the green padlock icon isn’t always enough of a verification. Websites can implement SSL/TLS in a large number of ways, some which are inherently insecure and offer little protection. If you want to know for sure how well a site utilizes SSL/TLS, run a test via SSLlabs.com. This service will attempt to rate/grade the SSL/TLS implementation of the provided website.
I would only recommend using sites with an overall rating of C or better.
Unfortunately, SSL/TLS doesn’t protect from all malicious cases. It may still be possible for attackers to hijack your session or intercept sensitive data. Be sure to read tip #5: Shop from Home.
3) Your Computer may be the Weakest Link!
Keep in mind, online shopping requires the use of your personal computer or mobile device. Without those, you can’t shop online! This, however, introduces more risks that are often overlooked. If your device is not secure, it doesn’t matter how secure/safe the site or service is, your information may still be compromised.
Ensure that your computer is up to date before creating accounts or making purchases. Perform regular virus scans using a tool such as Avast and use ad-blocking plugins such as Adblock Plus to prevent malicious browser advertisements.
If your device is already riddled with malware, your credit card information has likely already been compromised. Keep an eye on your bank account statements. Look for suspicious transactions, particularly those less than $20.00. Fraudulent charges occur frequently in small denominations to avoid detection.
4) Don’t Use Your Debit Card!
In the security community, we always consider the worst-case scenario. Always assume that you will be compromised, so have a backup plan. As we saw with Target in 2013 and Home Depot in 2014, it’s quite likely that at some point your billing information may be exposed.
Credit cards generally offer more assurance in the event that your information is disclosed, such as automated fraud protection and charge disputing. With debit transactions, you may be liable for all unauthorized charges.
For more information on when to use credit cards versus debit cards, please refer to this Lifehacker article.
For the truly paranoid, I recommend using pre-paid debit cards that you can purchase at any retailer/gift card vendor. When these cards are compromised, big deal. You’re only on the line for as much $ as you loaded on the card.
Another great service to consider trying is Bank of America’s ShopSafe or a similar alternative. This service is only available to Bank of America account holders, and it can generate a temporary 16-digit account number which can be used in online shopping transactions. This removes the risk of compromising your account.
5) Shop at Home, Not in Public
Although it may sound nice to head down to your local cafe and do some last minute online holiday shopping, please, don’t do it! Most cafes offer free Wi-Fi, many of which are considered “secure” by requiring users to enter a password before connecting.
Many users are not aware of the risks associated with using wireless internet. It’s scary how much information a malicious user can obtain by sniffing the internet in a cafe. If you’re not sure what I mean, read the article Here’s Why Public Wi-Fi is a Public Health Hazard. In summary, attackers can generally hijack your account, steal information, and make purchases on your behalf.
So even though it’s very tempting to kill 30 minutes doing some online shopping, please wait until you get home.
When you’re about to dig into online shopping, please remember the tips outlined in this guide: only use trusted sites; ensure that you’re browsing the secure version of the site (SSL/TLS); update your computer and perform regular maintenance; use credit cards instead of debit cards; and shop at home.