Even before the coronavirus pandemic, online shopping was booming. Now, it’s more popular than ever before. According to the ONS, online purchases accounted for 24% of all retail sales in December 2019 and grew to 32% in May 2020 during the lockdown.
But online shopping isn’t without risks. Whether you’re one of the many people who do the bulk of their shopping online or only use it occasionally, you should take precautions to protect your data and reduce the risk of fraud.
Here, we offer a few tips to help make online shopping safer and more secure.
Ten tips for safety and security when shopping online
Always use a unique password
It’s extremely important to have unique passwords for all your online accounts — especially anything like online shopping profiles which may contain personal data — because you cannot guarantee that any particular service is going to keep your password from falling into the wrong hands. And if your passwords are all the same it only takes one leak to expose all your accounts.
...and make sure you create strong passwords
As well as being unique, passwords must also be strong to reduce the risk that they could be guessed or cracked.
Passwords should be long (at least eight characters, but more is better) and must not be something that is easy to guess by either a person or a computer. That means you should not have a password that’s just a single word. It should also not be something that anyone could figure out from some cursory research; for example, “gunners” would be a poor choice for someone whose Facebook page loudly proclaims their allegiance to Arsenal.
Ideally, a random collection of letters, numbers, and special characters are best. If you need a password that is strong and memorable, string together a series of words into a nonsense phrase.
Always enable multi-factor authentication
Multi-factor authentication (MFA) is a feature supported by many services that bolsters the security of online accounts.
With MFA, you must provide an additional form of verification alongside the password. Typically, this will be in the form of a code that is generated in an authenticator app (such as Google Authenticator) or sent in an email or text message.
MFA is an extremely effective security feature because it means that even if someone obtains your password they will still be unable to access the account without also possessing the secondary authentication method (or somehow bypassing the system).
Use MFA whenever it is available on all accounts and services. You’ll usually find it in the “Security” section of your account settings. It may also be called two-factor authentication or 2-step authentication.
However, it is important to note that not all MFA methods are equal. Text messages are the least secure option because it is shockingly easy to carry out a “SIM swap” attack where a phone number is transferred to another SIM card. Email is better, assuming your email account itself is properly secured, but an authenticator app is the best choice.
Don’t provide more information than necessary
When registering for a service or website, only provide the bare minimum personal information required to use it. You don’t know where that data may end up, and you don’t want to give up too much info if someone gains unauthorised access to your account.
Don’t store payment information in your account
Lots of websites will offer to store payment information for a quicker checkout the next time. But while that may be convenient, if someone else gets in they might be able to embark on a shopping spree using your card.
You’re also trusting that the store is properly storing that data so it won’t be spread over the internet in the event of a data leak, and that is by no means guaranteed.
Use a password manager
A password manager is a software application that securely stores logins and other important details so you don’t need to write down or remember anything. They run in a web browser to auto-fill forms and automatically save new account details when they’re created, and mobile apps extend the same functionality to your phone. Password managers also offer additional features such as password generators, data leak alerts, and secure password sharing.
With a password manager, you’ve got no excuse not to use long, strong, and unique passwords for every account. You can also save card details in there instead of storing them in your online shopping accounts.
To learn more about these essential tools and get some recommendations on the best options, read our guide to password managers.
Pay with a credit card for items over £100
The section 75 rule provides additional protection for any items worth between £100-£30,000 bought using a credit card. It means you can claim a refund from the credit card company if there's a problem and the retailer cannot or is unwilling to help.
This applies to any purchase on a credit card — not just online — but it does provide extra peace of mind for online shopping if you’re concerned about ordering a high-value item.
However, you do need to be aware of the payment processor loophole which means that section 75 does not apply if you used a third-party payment processor such as Paypal or Google Pay.
Don’t use a card linked to your main bank account
Separate online purchases from funds used for rent, mortgage, utilities, and other crucial payments by using a card linked to another account. Then if your card details are stolen and used fraudulently it will only impact the balance on the shopping account.
The new generation of app-based banks such as Starling and Revolut are particularly useful for this purpose. For one, they give instant notification of payments, so you can catch a suspicious charge right away. Some also offer a virtual card which provides a debit card number you can use to shop online. And they come with handy budgeting features to help control spending.
Keep software up to date
Always install software updates as soon as they’re available. As well as adding new features, updates will fix security flaws that could expose private data and open you up to fraud.
It is especially important to do this for your operating system, web browser, and anti-virus software. Whenever possible, configure your software to automatically install updates or at least notify you that a new update is available.
Only shop on encrypted sites
When shopping online look for ‘HTTPS’ in the site address, and check that your browser has a padlock symbol in the address bar and is not displaying any errors or alerts. This means that the website is encrypted and any data you send (such as credit card details) is secure.