Fact Sheet 23:
Online Shopping Tips:
E-Commerce and You
Send to Printer
Privacy Rights Clearinghouse
- Shop at Secure Websites
- Research the Website before You Order
- Read the Website's Privacy and Security Policies
- Be Aware of Cookies and Behavioral Marketing
- What's Safest: Credit Cards, Debit Cards, Cash, or Checks?
- Disclose Only the Bare Facts When You Order
- Keep Your Password Private
- Check the Website Address
- Don't Fall for "Phishing" Messages
- Be Aware of Dynamic Pricing
By just clicking a mouse or touching a screen, shoppers can buy nearly any product online -- from groceries to cars, from insurance policies to home loans. For many, the internet has taken the place of Saturday afternoon window shopping at the mall. Consumers expect merchants to not only make their products available online, but to make payments a simple and secure process. However, the same things can go wrong shopping online as in the real world. Sometimes it is simply a case of a computer glitch or poor customer service. Other times, shoppers are cheated by clever scam artists.
Just as shoppers should take measures to protect themselves in brick-and-mortar stores — such as protecting their PIN numbers when checking out and not leaving purses unattended — online shoppers also need to take sensible precautions. This guide offers advice on how to make your online shopping experiences enjoyable and safe.
How can you tell if a website is secure? Secure sites use encryption technology to transfer information from your computer to the online merchant's computer. Encryption scrambles the information you send, such as your credit card number, in order to prevent computer hackers from obtaining it while in transit. The only people who can unscramble the code are those with legitimate access privileges. Here's how you can tell when you are dealing with a secure site:
- If you look at the top of your screen where the website address is displayed, you should see https://. The "s" that is displayed after "http" indicates that website is secure. Often, you do not see the "s" until you actually move to the order page on the website.
- Another way to determine if a website is secure is to look for a closed padlock displayed on the address bar of your screen. If that lock is open, you should assume it is not a secure site.
Do business with companies you already know. If the company is unfamiliar, do your homework before buying their products. If you decide to buy something from an unknown company, start out with an inexpensive order to learn if the company is trustworthy.
Reliable companies should advertise their physical business address and at least one phone number, either customer service or an order line. Call the phone number and ask questions to determine if the business is legitimate. Even if you call after hours, many companies have a "live" answering service, especially if they don't want to miss orders. Ask how the merchant handles returned merchandise and complaints. Find out if it offers full refunds or only store credits.
You can also research a company through the Better Business Bureau or a government consumer protection agency like the district attorney's office or the Attorney General. Remember, anyone can create a website.
When you shop within the U.S., you are protected by state and federal consumer laws. You might not get the same protection if you place an order with a company located in another country.
You will want to think about the sensitivity of the data that is being compiled about you when you shop online. We cannot prescribe the best approach to take. Every consumer has a different interpretation of what is considered “sensitive.”
Online merchants as well as other sites watch our shopping and surfing habits by using cookies, a tracking system that attaches pieces of code to our internet browsers to track which sites we visit online.
Privacy advocates worry that as more and more data is compiled about us — without our knowledge or active consent — it will be combined to reveal a detailed profile, even our actual identities. This data is often collected to market goods and services to us, encouraging us to buy them. There are a number of companies that specialize in targeted online advertising called "behavioral marketing." Companies say consumers benefit by being exposed to more targeted advertising and that online merchants can make more money more efficiently by targeting the right shoppers.
What if your behavioral marketing profile is shared with others, without your permission? You might not care if a drug company shares your prescription drug information with a coupon service to save you money. But what if that same information were obtained by your insurer, resulting in more expensive health insurance coverage?
The safest way to shop on the internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation. When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges. You are rarely asked to pay this charge.
Make sure your credit card is a true credit card and not a debit card, a check card, or an ATM card. As with checks, a debit card exposes your bank account to thieves. Your checking account could be wiped out in minutes. Further, debit and ATM cards are not protected by federal law to the extent that credit cards are.
Using only one of your credit cards for online purchases can make it easier to spot fraudulent activity. Likewise, turning on text message or email alerts for purchases can be a great way to quickly detect fraud.
Online shopping by personal check leaves you vulnerable to bank fraud. Sending a cashier's check or money order doesn't give you any protection if you have problems with the purchase.
Never pay for online purchases by using a money transfer service. You could be transferring cash to a fraudster. Scammers will ask consumers to send them payment using a money transfer service such as Western Union or MoneyGram because they can get your cash fast and it’s difficult to trace. Legitimate sellers normally do not ask consumers to send payment that way. Money transfer services should only be used to send money to people that you know well, not to unknown sellers of merchandise online.
When placing an order, there is certain information that you must provide to the web merchant such as your name and address. Often, a merchant will try to obtain more information about you. They may ask questions about your leisure lifestyle or annual income. This information is used to target you for marketing purposes. It can lead to spam or direct mail and telephone solicitations.
Don't answer any question you feel is not required to process your order. Often, the website will mark which questions need to be answered with an asterisk (*). Should a company require information you are not comfortable sharing, find a different company that sells the product.
Providing your Social Security number is not a requirement for placing an order at an online shopping site. There is no need for the merchant to ask for it. Giving out your Social Security number could lead to having your identity stolen.
Many online shopping sites require the shopper to log in before placing or viewing an order. The shopper is usually required to provide a username and a password. Don't have your computer or device remember your password if a website has your payment information or other personal data.
Never reveal your password to anyone. When selecting a password, do not use commonly known information, such as your birthdate, mother's maiden name, or numbers from your driver's license or Social Security number. Do not reuse the same password for other sites, particularly sites associated with sensitive information. The best password has at least eight characters and includes numbers and letters.
The address bar at the top of your device's screen contains the website address (also called the URL, or Uniform Resource Locator). By checking that address, you can make sure that you are dealing with the correct company.
Don’t click on any link embedded within a potentially suspicious email. Instead, start a new internet session by typing in the link’s URL into the address bar and pressing “Enter” to be sure you are directed to a legitimate website.
Identity thieves send massive numbers of emails to internet users that ask them to update the account information for their banks, credit cards, online payment service, or popular shopping sites. The email may state that your account information has expired, been compromised or lost and that you need to immediately resend it to the company.
Some emails sent as part of such “phishing” expeditions often contain links to official-looking websites. Other times the emails ask the consumer to download and submit an electronic form.
Remember, legitimate businesses don’t ask for sensitive information via email. Don’t respond to any request for financial information that comes to you in an email. Again, don’t click on any link embedded within a suspicious email, and always call the retailer or financial institution to verify your account status before divulging any information.
Some online retailers use dynamic pricing to engage in price discrimination by charging different prices to different consumers for identical goods or services. When you purchase goods or services online, you may be paying a higher or lower price than another online customer buying the same item from the same site at the same time. While online shopping enables consumers to easily compare prices, it also allows businesses to collect detailed information about a customer's purchasing history and preferences. Online stores can use that information to customize the prices they charge you.
Amazon.com began experimenting with dynamic pricing in 2000. Different customers were offered different prices for the same product. Depending upon a consumer’s purchase history and other information, Amazon might offer different prices matched to a customer’s perceived willingness to pay a higher or lower price than the standard price.
While dynamic pricing has existed for a long time for time-sensitive products such as airline tickets, hotel room reservations, and rental cars, it’s difficult to justify the use of dynamic pricing for goods and services that are not of a time-sensitive nature.
Online merchants can easily implement dynamic pricing by placing cookies on a customer’s computer which will track the user’s past interactions with the site. By using this information, sites can customize their interactions based on your past activities. Online stores can read the cookies on your browser to determine what products or services you searched for and bought and how much you paid for them. This information helps them to predict how much you might be willing to pay for a product or service.
Some online stores may also consider other factors when determining pricing. For example, merchants might charge higher prices to customers who make repeated returns or demand extra service.
There are several ways that you may be able to defeat dynamic pricing. Obviously, do not log in to a site before you obtain a price quote. Be sure to clear the cookies from your browser before you visit a site. Utilize price comparison sites that check prices from multiple vendors. Finally, if you do log in to a site, try leaving items in your shopping cart for a few days, to see if the merchant offers any discounts.
Federal Trade Commission, Shopping Online
American Bar Association, Safe Shopping
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.