Online shopping is a godsend to busy consumers; grand entertainment for the homebound; and -- sometimes -- frightening to those who've experienced identity theft.
More than 92 million people made online purchases last year using credit cards, debit cards and services such as PayPal and Google Checkout. Most online shoppers did so without a problem. Some, however, were victimized by identity thieves.
Here's a rundown on the risks and solutions associated with the most popular ways to pay online.
1. Note encryption URLs
The most obvious way to identify a safe site is to look for an "https" URL, as opposed to a simple "http" URL. That extra "S" indicates security, meaning digital transmissions from the site are being encrypted.
2. Look for logos or seals
Security providers such as VeriSign and McAfee indicate a site is protected by a specific company. Verify the seal's legitimacy by clicking on it. A live link should take you to the security service's verification page. Security seals, however, are just a starting point, not a guarantee. Nor does the lack of a seal mean a site is necessarily risky.
3. Avoid spam links
Don't click on links embedded in spam e-mails. If you're suspicious of a site, run its name through a search engine and see if there are complaints from other shoppers. Even if this search indicates a link is safe, copy and paste the link into a new browser window (not a tab). If the e-mail doesn't reveal the URL, right-click on the link, select "Copy Link Location" (or "Hyperlink" or "Shortcut") and paste the URL into a new window.
4. Watch out for pop-ups
Back off if you get a pop-up or other warning indicating something is wrong with a site's SSL certificate. (This does not include pop-up ads, although you should set your browser to block unwanted pop-ups.) Professional, well-designed sites don't usually have expired certificates or other problems.
5. Go for the green bar
Shady sites can use encryption, so also check the address bar for a bit of green or the site-owner's name written in green. The green indicates the site has been vetted, belongs to a legitimate company and isn't a phishing site. You will certainly see green on larger e-commerce sites and on bank sites. Recent versions of major browsers all use green in some way to indicate the existence of another layer of security known as an "extended validation SSL certificate."
6. Get rid of malware
None of this encryption will help you if your computer is infected with keylogger malware. This scam downloads software without your permission that captures your keystrokes and screen images and sends them to hackers. Your only real line of defense is to use qualified security software and regularly install all recommended updates.
7. Guard against tab napping
Based on the term kidnapping, tab napping refers to stealing your banking information and preys upon those who open lots of tabs on their browser at the same time.
8. Manage your passwords
Store the login and personal data used in Web forms in an encrypted place on your computer with password management software. You can then safely enter this sensitive data onto online forms without retyping it each time.
9. Consider one-time cards
For extra protection, consider using one-time credit-card numbers that you can often set up with your card provider. WalletPop (www.walletpop.com; search for "one-time use credit-card number") explains in more detail how this works.
10. Use a credit card
Under the Truth in Lending Act, your maximum liability for unauthorized use of a credit card is only $50. Use your card for online purchases and your liability is a big, fat zero. Report fraud quickly, and banks typically will rapidly reverse the charges. In these tight times, however, banks are scrutinizing fraud claims more closely, so make sure you have all the details before calling.
11. Or try a debit card
Debit cards are riskier, because related transactions draw directly from your bank account and are subject to a different federal law. The Electronic Fund Transfer Act provides considerable protection from liability, but the level of protection diminishes as time passes. Happily, most debit cards also can be used as credit cards, providing you with more protection.
It's important to report unauthorized debit-card charges within two business days of discovering the problem so your liability is limited to $50 offline and zero for online transactions. Report the loss within 60 days of the date your bank sent the statement listing the bogus transactions, and your liability is capped at $500 for offline transactions and remains zero online.
If you miss those deadlines, however, your liability could be unlimited.
12. Sign up for pay services
PayPal, Google Checkout and BillMeLater offer useful additional security because you entrust your sensitive account information to just one company -- not to every online store you patronize. This is particularly useful if you frequently buy from eBay, Etsy or little-known merchants that likely don't have top-notch Web defenses. Fraudulent use of payment-service accounts, however, might be harder to prove and get your money back than if you use a credit card.
