7 Savvy Online Shopping Safety Tips

Strategies to keep your financial data safe during the holiday shopping season and beyond.

a black man uses a credit card to purchase something on his phone with coffee cup in foreground
When making online purchases, use your credit card rather than your debit card. 
WAYHOME studio / Shutterstock

The holiday season is upon us, which means many of us will start shopping for gifts online. But e-commerce is not without its own risks: The FBI confirms that cybercrime is a serious problem, and is only getting worse. Fortunately, there are effective ways to protect yourself while you shop online.

1. Use a credit card, not a debit card.

A debit card is a direct line to your cash. If hackers gain access to your debit card, they can swiftly empty your bank account. Depending on when you discover and report the crime to your bank, you could be liable for $500 or more of the stolen funds. Fraudulent credit card charges, on the other hand, incur less liability. They’ll typically be refunded to you in full.


2. Shield your financial data.

“Don’t let your browser or an e-commerce site save your credit card information,” advises cybersecurity expert Corey Nachreiner, the chief security officer of WatchGuard Technologies. “Sure, it’s a pain to re-enter your payment details at every purchase, but that extra work protects your card if that site—or your computer—is ever breached.” Nachreiner also recommends using a single credit card for all of your online purchases to make it easier to monitor for unauthorized charges. Alternatively, many consumer technology experts—Nachreiner included—urge online shoppers to use digital wallets such as PayPal, Apple Pay, or Google Pay. These payment services mask your financial data, so you won’t have to share your personal information with every site you patronize.

Smart Tip: Whether you’re shopping or just surfing online, always use basic internet safety guidelines, including securing your passwords, enabling two-factor authentication, updating software often, and engaging with the privacy settings on your social media channels. Here are more ways to protect your online privacy.

3. Be wary of public Wi-Fi.

Avoid public Wi-Fi when spending money or entering personal information online. Cybercrooks can easily intercept your transactions to snag your credit card number, bank account password, and other sensitive information. If you must use public Wi-Fi—at an airport, hotel, library, or café—encrypt your data by using a virtual private network (VPN). (The set-up process is similar to other apps, but note that most VPN services charge a monthly or annual fee.)

blue place order button on a website with mouse hovering over

Before you enter payment information, make sure the site is secure. Look for "https" in the URL.

iamwayclick / Shutterstock

4. Consider the source.

As the number of counterfeit products peddled online increases, especially on Amazon, consumers should always pay attention to the source, says Chris Hauk, a consumer privacy champion at Pixel Privacy. “Amazon is less likely to be selling a counterfeit item than a third-party vendor using Amazon’s marketplace.” Hauk also recommends reading the item’s description carefully. “Look out for vague language, and read the reviews as well,” he notes.

5. Beware of fake apps.

Counterfeit apps try to mimic the real thing in order to steal your financial information or install malware onto your device, according to the Federal Trade Commission. Get your apps directly from the company’s website or, if downloading from an app store, read the reviews and confirm the app has been around for a while before you start to download. If you notice anything off, such as spelling errors or a strange looking logo, trust your instincts.

6. Check your online statements.

Every month—or every week during the holiday shopping season—review your credit card and bank statements to look for suspicious activity. Even an unknown charge for a nominal amount should be noted, according to the FDIC. Cybercriminals in possession of your credit card number often start by making tiny purchases to see if anyone’s paying attention. If you spot any charges you don’t recognize, call your bank or credit card company immediately to dispute them. The issuer will most likely refund you the amount in question, temporarily freeze your account, or cancel your current card and issue a new one.

7. Avoid getting pharmed out.

You probably know about phishing, but have you heard of pharming? It’s a form of fraud in which you’re automatically redirected (read: without your consent) from a legitimate site to a bogus site that exists solely to steal your personal information. To protect yourself from this scam, make sure that you’re on a secure URL, which always starts with “https” instead of “http,” before entering payment info. (The “s” in "https" stands for “secure.”) Also, avoid sketchy looking vendors—those with spelling errors, strange fonts, or images that don’t look quite right—don’t click on ads offering deals that seem too good to be true, and search new online retailers on the Better Business Bureau (BBB), says Nachreiner. “If there’s a history of scams or issues, you can sometimes get a hint of them from the BBB,” he adds.

This article was first published in November 2020 and last updated in November 2023.