How to keep your information safe while shopping online?

This article explains how, by following only a few rules of thumb, you can safely and confidently shop and pay bills online.

One of the biggest conveniences of the Internet age has been online shopping. With only a few clicks, you can find nearly any product that exists, anywhere in the world, and have it arrive on your doorstep in a matter of days, often at lower prices than you would find at a local brick and mortar store. But we’ve all heard stories about people having their identities stolen, and it is understandable that many people may be hesitant to type in a credit card number and other personal information into a website. This article explains how, by following only a few rules of thumb, you can safely and confidently shop and pay bills online.

Rule #1: Stick to reputable websites

A company you know is usually safer than one you don’t. You don’t have much to worry about from companies like Amazon or Ebay, who have been engaged in e-commerce for decades now. These companies rely on their good reputations to do business and tend to take online safety very seriously. Not only that, but as well-known and very profitable companies, they are liable for data breaches and fraud facilitated by their platforms and can generally be relied on to keep your information safe and to deliver on products and services they offer. And when breaches do happen, they will let their customers know as quickly as possible. Some well-known online retailers include, but are not limited to:

  • Amazon
  • Ebay
  • Uber
  • Lyft
  • Instacart
  • Grubhub, Uber Eats, DoorDash


Additionally, nearly all traditional brick and mortar stores, like Wal-Mart and Target, have online stores as well, and these should be considered safe and reputable too.


In general, if you’ve heard of the company before, it’s probably safe.


Rule #2: Make sure you are on the right website

One of the most common ways to steal someone’s identity online is through a type of scam known as “phishing” (pronounced like “fishing”). This is a strategy where the scammer creates a website that at first glance looks exactly like one that is well-known and reputable, with the idea that someone looking to buy something from a trusted site could be fooled into giving their information to the scammer instead. Generally, this is done by setting up a website with an address that is very similar to a reputable site, such as “” instead of “”. The way to protect yourself is to double-check the web address to make sure everything is typed correctly.

Phishing Scam sample
  Image source: GCFGlobal

Rule #3: Make sure the site is encrypted

Encryption is a mathematical technique that hides your data in other data. It makes it so you can safely type your credit card information into a site and be confident that no one else besides you and the retailer are able to see your information. Over the last decade, there has been a major push towards the adoption of a particular form of encryption widely used on the Internet known as SSL, such that almost every site out there is protected from eavesdropping. This means that it is no longer especially dangerous to, for example, log in to your bank’s website on a public wifi network.


You do need to make sure that SSL encryption is enabled, though. Most modern web browsers will warn you if the site isn’t encrypted. You can verify this on most web browsers by looking for a padlock icon in the address bar. 


On Chrome, you can click on the padlock to see details, but in general, the padlock indicates that the site is encrypted correctly and you can be confident that your communications with this site will be safe from eavesdropping. Another way to check is to click on the web address bar, which will expand the address to its full length. If you see that the website begins with “https://”, then it is secure; if it says “http://” (without the “s”), then it is not encrypted. This doesn’t mean the site is inherently dangerous, but it does mean that anyone with the technical skills can see what you are doing, so don’t share any private or sensitive information with these sites.


Note that the presence of the lock icon or “https://” address does not mean the site is genuine; you still have to verify the address against phishing scams as discussed above. But it does mean that any information shared with that site will only be visible to you and that website. That means that if the site is genuine, you should be safe.


Rule #4: Use a good password

Another common way people have their information stolen is through password leaks. Generally, this happens when criminals manage to get ahold of data from a single website. Generally, this data does not include passwords, but something called a hash, which is derived from the password but isn’t identical. If you have a strong password, determining what it is from the hash is impossible. If your password is long and full of random characters, it can easily take the most powerful computers in the world longer than the entire lifespan of the universe to crack it. But if it is short and simple and based on common dictionary words, it may only take a matter of seconds to break it. The best way to prevent this is to choose a strong password from the beginning.


If you are using Chrome, you may notice that when you sign up for a new account on a website, Chrome will offer to suggest a strong password and remember it for you. You should almost always do this. Passwords generated this way will always be more secure than something you came up with yourself, even if you’re trying to come up with random letters (the human brain is incapable of doing this properly). Additionally, this frees you from having to remember a password complicated enough to be secure, and doesn’t require you to physically write them down.


If you are the victim of a data breach, any reputable site will inform you (generally by email) that this has happened. If it does, be sure to change your password as soon as possible, especially if you re-use passwords on different websites, as many criminals will attempt to use discovered logins on other websites as well. If you notice unusual purchases on your bank statement, be sure to call your bank as soon as possible to dispute the charges.


Doing your shopping and banking on your computer is not only more convenient than doing it in-person, but, perhaps contrary to expectations, if done correctly, it is actually a lot safer than offline shopping. For example, it is significantly safer to put a credit card into a website than it is to send a check through the mail (where your bank account numbers are fully and prominently printed on the bottom). It also cannot be physically stolen in the same way as cash.


By following these rules of thumb, you can confidently buy and sell goods online.


By Zach Peterson & Digital Navigator team, Computer Reach