Skip to content

Ways to Stay Safe While Shopping Online

Don't let cyber criminals scam you during the holidays

Woman shopping online at home, Stay Safe Online This Holiday Season


Shopping online can be convenient, but keep your guard up to avoid scams and identity theft.

We've come to expect convenience, speed and selection — not to mention deals — when shopping online. And we can expect purchases will arrive in days — if not hours.

Subscribe to the AARP Money Newsletter for more on scams and consumer protection

No wonder consumers are projected to spend as much as $117 billion online this holiday season in November and December alone, or about $12 billion more than last year, according to a forecast by the National Retail Federation. Indeed, e-commerce is growing faster than retail sales overall.

Unfortunately, that's something scam artists and cybercriminals know all too well.

Online fraud is a big and ever-changing reality. Internet merchants have seen the volume of successful fraud attempts rise, along with the cost of fraud, as a share of annual sales, according to the 2016 LexisNexis True Cost of Fraud Study. Retailers' costs related to fraud rose 9 percent year-over-year as of February for online sales, and 12 percent for sales from mobile devices, the study found. Cellphones pose their own set of fraud and security concerns.

Retailers are fighting back with added layers of security, but scammers still find new ways to breach systems. Credit card issuers are on the verge of eliminating card counterfeiting with the new "chip and pin" technology, but that protects only in-store purchases, says Tricia Lines Hill, senior vice president of business development and marketing for First Atlantic Commerce, which helps merchants and banks protect against fraud. Meanwhile, hackers are rushing to cash in on stolen data from magnetic strip cards.

"It's hard to know who you're dealing with on the other end of an online transaction," says Susan Grant, director of consumer protection and privacy for the Consumer Federation of America. "You have to be aware there are people out there whose intentions are to take your money and give you nothing in return."

Online shopping isn't going away. But neither are scammers. So whether shopping by computer or smartphone, here are nine steps to protect your money and privacy.

Check out unfamiliar sellers or websites

There's a level of comfort with big brands' online channels. But when it comes to unfamiliar merchants, search the web to make sure that sites are legitimate and reliable. Look for reviews for sites that rate products and services, including or, and for gripe sites such as

See also: Keep wi-fi hackers out

While problems crop up at even the best of sites, there's a distinction between mistakes and true scams. Start with a Google search, suggests Hemanshu Nigam, a Los Angeles-based cyber security expert and CEO of SSP Blue, which helps companies with cybersecurity. See what others are saying. Scams will be called out quickly.

Also, watch out for pop-up ads, which often lead to fake websites designed to steal credit card data, says Lines Hill. Most legitimate businesses today won't use them.

Make sure websites are secure

Even savvy shoppers can easily overlook the URL address. Sites that start with “https://” are secure, while sites beginning with “http://” are not, and hackers can intercept personal and payment information. Do not buy anything from an “http://” website, Nigam says. Another sign that a site is secure: a closed padlock or an unbroken key icon in the address bar or at the bottom of your browser window.

Do business with merchants that comply with the Payment Card Industry Data Security Standards (PCI DSS). Those that follow the guidelines will clearly describe goods and services; state terms and conditions of refund, return and delivery policies; and explain handling of cardholders’ information. Merchants should display a physical address, email or phone number.

“If the merchant is not taking the time to have this information on the site and do everything that’s required of them, that means they’re probably not doing much to protect your data either,” Lines Hill says.

Avoid buying online over public Wi-Fi

Catching up on news on the web or reading e-books can help pass time at the airport, but don’t do any online shopping while you’re there. The same goes for restaurants or any setting with public Wi-Fi, where hackers might lurk and steal data. You should never enter your credit card data over a network that might not be secure. And in any online arena, never, ever give out the PIN number that goes with the new chip credit cards.

Set up a separate email account for shopping
Managing email sometimes seems like a full-time occupation. But there’s an argument to be made for using a separate account for online purchases while reserving regular email for everything else, Nigam says. All your shopping emails will stay organized in one account. And if hackers breach an online retailer’s system and steal email information, you’ll have shielded the rest of your email.

Strengthen passwords

Your birth date or your grandchild’s name might be an easy password to remember. But it also may be easy for hackers to figure out and gain access to all your information. Don’t use the same password on every bank and credit card account, says Monica Eaton-Cardone, chief operating officer of Chargebacks911, a dispute mitigation company.

A strong password typically has eight digits and a mix of uppercase and lowercase letters, numbers or other characters. Set electronic reminders to change your passwords about once a month.

Don’t click on email links

Clickbait is everywhere on the internet. Don’t fall for it when it comes in an email asking you to update your account information or password. Consumers should be wary of any unsolicited email encouraging them to shop somewhere, especially from unfamiliar senders, Lines Hill says.

Even if the email comes from a merchant you think you know, it may be a counterfeit version and part of a scam. When in doubt, don’t click. Call the company instead.

Choose credit, not debit

Pay in a way that offers the most protection. With credit cards, you have broader rights for disputing charges than with debit cards.

Avoid options such as Western Union and MoneyGram, which are meant to send money to family and friends, not to pay legitimate businesses, Grant says. 

And sites that ask you to buy a prepaid gift card and provide the card number are likely fraudulent. Scammers will try to access prepaid card numbers online because payment is almost instant. It’s like putting cash in an envelope and sending it to a stranger.

Install antivirus software

Protect your laptop and desktop computers from viruses. If you don’t want to buy software, free versions are available, such as Avast Free Antivirus 2016, AVG AntiVirus Free or Microsoft Windows Defender. Set it up to update automatically, Nigam says.

Protect your mobile phone

Smartphones can be a particular target. When you buy a new one, choose an option in the settings to lock your data — which does not happen by default. And before you trade in the phone, switch it to factory reset to erase all your information.