For the most part, shopping online is a low-risk activity, privacy-wise. That's because most shopping sites use a method of scrambling your credit card number and other information while it travels between your PC and the Web server called SSL (or Secure Sockets Layer); SSL makes it more difficult for someone "listening in" to the data flowing on the wire to intercept these sensitive numbers.
Shopping with a credit card is probably safest. When you use a credit card, you have the legal right to dispute any charge "if the product or service is misrepresented or never delivered," according to a MasterCard International online shopping guide. "If you pay by check or money order, by the time you realize there is a problem, your money will probably be gone."
Still, shopping online isn't completely risk-free. Criminals do indeed troll the Net for unprotected credit card info, addresses, and Social Security numbers. Fortunately, forewarned is forearmed.
Your credit card info is most vulnerable as it travels across the Net from your computer to an online store. Hackers can intercept your credit card numbers en route by running sniffer software on Web routers that act as traffic signals on the Internet. The sniffers can see all the bytes inside a packet and look for keywords such as password inside. Fortunately, most modern browsers support Web sites that encrypt, or scramble, data in transit. Before you shop, look for sites that say they use SSL encryption (a common standard among reputable e-tailers). When you enter a secure area of a Web site, you should see a small, locked padlock icon at the bottom of your browser window; always check for this when using an online shopping cart. And if at checkout an e-tailer offers to store your credit card information on its servers, just say no. Occasionally, hackers break into store computers and steal that sensitive customer information.
Get the toughest encryption available
Netscape browsers since Navigator 4.61 (the browser portion of Netscape Communicator) ship with 128-bit SSL encryption support (the toughest available). Determine which Netscape version you're currently running by clicking the Help menu in Netscape Navigator and choosing About.
If you use any version of Internet Explorer earlier than 5.5, you'll need to download the 128-bit SSL High Encryption Pack from Microsoft. Internet Explorer 5.5 or later doesn't require this download; all new browsers now ship with 128-bit encryption. You can determine your version by clicking the Help menu in IE and choosing About.
Know your store's reputation
If you're considering shopping from an online retailer for the first time, search the Better Business Bureau's BBBOnLine site first to see if other consumers have reported problems with the company. Also, read the store's shipping, privacy, and return policies to be sure that the site clearly lists the street address and telephone number of its corporate headquarters. (An e-mail address alone isn't sufficient; a real street address can help ensure you're not dealing with a fly-by-night operation.) Sites that claim positive ratings from consumer-friendly organizations such as BBBOnLine or TRUSTe should provide links back to the organization's own site where you can verify the records yourself.
Use a credit card (not a debit card) for purchases
Most banks now offer account holders ATM debit cards that sport a Visa or MasterCard logo. Since these cards function like credit cards, you can use them for most online credit card purchases. However, if someone were to steal your debit card number, he or she wouldn't merely run up a huge credit card debt; the criminal could conceivably drain your entire checking or savings account before you could say "Stop, thief!" By virtue of the Visa logo on your debit card, banks provide a fraud-protection refund policy (with a $50 deductible) for all cardholders, but it can take several months to get your money back, so it's best to avoid the risk altogether.
Try disposable income
Recently, the members of the credit industry (including American Express and Discover) devised a new tactic to prevent credit card fraud: the disposable credit card number. To get a disposable number, you simply register with your credit card company. Then, whenever you want to make an Internet purchase, you return to your credit company's site and enter the amount of the purchase into a form. The credit card company then provides you with a one-time only number that you can use for that specific purchase.
If you're considering banking online, you face many of the same issues that online shoppers do. To keep your account information safe as you send it back and forth between your PC and your bank, make sure your bank's Web site uses 128-bit SSL encryption for all transactions. Look for the telltale locked padlock icon; then, before you start using your online account, be sure you're running a browser version that supports SSL (see recommendations above).
You'll also want to make sure that your bank doesn't sell customers' names,
addresses, phone numbers, or other sensitive personal information to marketers.
This practice exposes you to junk mail and spam. Read your online bank's privacy
policy carefully to see who the bank shares information with and ask them to
opt you out of any information-sharing programs at the time you sign up for
an account. A federal law known as the Gramm-Leach-Bliley
act requires financial service companies to provide a way for customers to choose
not to let banks sell their customer profiles or to use them for marketing campaigns.
of its marketing programs, use them. This may be the only time that filling
out a Web form is likely to stop spam from entering your in-box! If your bank
doesn't give you an opt-out option, you may want to find another bank.