Seven tips for safer online shopping

By Allstate Identity Protection

When you shop online, there’s a risk of identity theft and fraud. Cybercriminals may try to swipe your personal info or sell you bogus goods. Before you share sensitive details online, make sure the site is trustworthy. Look for URLs that display a trust seal and begin with “https” (the “s” stands for secure). Be wary of deals that seem too good to be true, and pay with a credit card for added protection.

It can be incredibly convenient to purchase something with a few clicks or taps. But online shopping poses risks, too. 

As we head into the holiday season, it’s important to be aware of those risks, especially since we’re shopping online more than ever — and online purchase scams are up.  

Unfortunately, fraud can turn into identity theft. But by following these best practices when you shop online, you can minimize your risk. Need more good news? Most of these techniques — like setting stronger passwords and using two-factor authentication — can be implemented in just a few minutes, and they help keep you safe all year round. 

1. Shop only on secure sites

Before you share personal details online, especially payment information, make sure the site is trustworthy. Look for URLs that display a trust seal and begin with “https” (the “s” stands for secure). You can also check for a locked padlock in the address bar, which signals that information you send through the site is kept private.


2. Avoid purchasing on public Wi-Fi

Public Wi-Fi is not always secure, meaning you can’t assume the data you share will be encrypted, or scrambled into code, making the original information unreadable for unauthorized users. 

When you’re using an open network — like the free Wi-Fi offered by your neighborhood coffee shop, for example — it may be possible for criminals on the same network to see your details. That’s why it’s best to save shopping and other sensitive transactions for home. 

It’s worth noting that it pays to be cautious with public computers, too. If you must make a purchase on a shared device, sign out of your accounts and visit the browser’s “Settings” page to delete all cookies when you’re done. 

3. Safeguard sensitive information

The fewer personal details you can provide, the better — so think twice before entering information that you don’t absolutely have to share. 

Whenever possible, avoid entering your details into gift registries and giveaways. When it’s time to pay, you can check out as a guest rather than creating an account. When you use a guest account, the retailer may be less likely to store your information, which could later be leaked in a breach. 

If you’re a frequent shopper with a particular site, making an account may seem unavoidable. Just remember to create strong, unique passwords for sites that store your billing information or personal details. 

4. Use a credit card or Click To Pay

Paying with credit rather than debit may give you a better chance of protesting bogus charges; the Fair Credit Billing Act, a 1974 consumer protection law designed to guard against unfair credit billing practices, gives purchasers the right to dispute unauthorized credit charges over fifty dollars.

If you want to play it even safer, enroll in the free service Click To Pay, a unified online payment system created jointly by the four major credit card companies, Visa, MasterCard, American Express, and Discover. Click To Pay prevents fraud through tokenization, in which a unique code — instead of your credit card number — is shared between your bank and merchant. Tokenization may increase your security by decreasing the number of times your credit information is revealed in transactions.

A digital wallet, such as Google Pay or Apple Pay, can also provide an extra layer of protection: users pay with their phone or through an app, and their billing details are encrypted in the process

5. Practice good privacy hygiene

Always use two-factor authentication, consider a password manager, and keep your software up to date. If you follow these basic best practices, you’ll be harder to hack than the next guy, and cybercriminals are known to seek out low-hanging fruit.

6. Embrace a healthy skepticism

Some cybercriminals attack retailers directly to capture customer data. Other scammers, known as phishers, try to lure you away from legit sites onto malicious pages that capture and steal your information. 

Phishing sites and emails may closely resemble those of the companies they’re spoofing, so be on the lookout for these tell-tale signs: 

  • Misspelled words 
  • Blurred images
  • A pushy or threatening tone urging immediate action 
  • Deals that seem too good to be true
  • Hidden or misleading hyperlinks (to see a link’s true destination, hover your mouse over the text before clicking)
  • Websites that only sell one item: scammers are setting up spoof sites for items sold out everywhere else

7. Use an identity protection service

It’s no secret that over the last two years, fraud has reached record heights.

As online shopping rates have soared, cybercriminals have been quick to take advantage. During the first half of this year alone, the Federal Trade Commission received more than 208,000 reports of fraud related to online shopping or reviews, with losses totaling more than $202 million dollars. Plus, data breaches are at an all-time high.

Whenever personal or financial information is exposed — whether it’s through a data breach or a shopping scam — there’s a risk of identity theft.

If you’re an Allstate Identity Protection member, we’ve got you covered. Our Customer Care team is on call 24/7 — even on holidays.

Our Identity Specialists have experienced the historic fraud wave firsthand. If you’re ever unsure about an online purchase, they can advise on whether or not something’s a scam. And, if you’re experiencing true identity theft, they’re here to manage the recovery process from start to finish, until your identity is returned to pre-theft status.

Consider this our gift to you: You’ll never have to spend this season — or any season, for that matter — untangling identity theft alone.