Fact Sheet 23:
Online Shopping Tips:
E-Commerce and You


Send to PrinterSend to Printer
Copyright © 2000-2016
Privacy Rights Clearinghouse
Posted December 2000
Revised July 2016
  1. Introduction
  2. Shop at Secure Websites
  3. Research the Website before You Order
  4. Read the Website's Privacy and Security Policies
  5. Be Aware of Cookies and Behavioral Marketing
  6. What's Safest: Credit Cards, Debit Cards, Cash, or Checks?
  7. Disclose Only the Bare Facts When You Order
  8. Keep Your Password Private
  9. Check the Website Address
  10. Don't Fall for "Phishing" Messages
  11. Be Aware of Dynamic Pricing
  12. Resources

1. Introduction

By just clicking a mouse or touching a screen, shoppers can buy nearly any product online -- from groceries to cars, from insurance policies to home loans. For many, the internet has taken the place of Saturday afternoon window shopping at the mall. Consumers expect merchants to not only make their products available online, but to make payments a simple and secure process. However, the same things can go wrong shopping online as in the real world. Sometimes it is simply a case of a computer glitch or poor customer service. Other times, shoppers are cheated by clever scam artists.

Just as shoppers should take measures to protect themselves in brick-and-mortar stores — such as protecting their PIN numbers when checking out and not leaving purses unattended — online shoppers also need to take sensible precautions. This guide offers advice on how to make your online shopping experiences enjoyable and safe.

2. Shop at Secure Websites

How can you tell if a website is secure? Secure sites use encryption technology to transfer information from your computer to the online merchant's computer. Encryption scrambles the information you send, such as your credit card number, in order to prevent computer hackers from obtaining it while in transit. The only people who can unscramble the code are those with legitimate access privileges. Here's how you can tell when you are dealing with a secure site:

  • If you look at the top of your screen where the website address is displayed, you should see https://. The "s" that is displayed after "http" indicates that website is secure. Often, you do not see the "s" until you actually move to the order page on the website.
  • Another way to determine if a website is secure is to look for a closed padlock displayed on the address bar of your screen. If that lock is open, you should assume it is not a secure site.

3. Research the Website Before You Order

Do business with companies you already know. If the company is unfamiliar, do your homework before buying their products. If you decide to buy something from an unknown company, start out with an inexpensive order to learn if the company is trustworthy.

Reliable companies should advertise their physical business address and at least one phone number, either customer service or an order line. Call the phone number and ask questions to determine if the business is legitimate. Even if you call after hours, many companies have a "live" answering service, especially if they don't want to miss orders. Ask how the merchant handles returned merchandise and complaints. Find out if it offers full refunds or only store credits.

You can also research a company through the Better Business Bureau or a government consumer protection agency like the district attorney's office or the Attorney General.  Remember, anyone can create a website.

When you shop within the U.S., you are protected by state and federal consumer laws. You might not get the same protection if you place an order with a company located in another country.

4. Read the Website's Privacy and Security Policies

Every reputable online website offers information about how it processes your order. It is usually listed in the section entitled “Privacy Policy.” You can find out if the merchant intends to share your information with a third party or affiliate company. Do they require these companies to refrain from marketing to their customers? If not, you can expect to receive “spam” (unsolicited email) and even mail or phone solicitations from these companies.

You can also learn what type of information is gathered by the website, and how it is — or is not — shared with others. The online merchant’s data security practices are also often explained in the Privacy Policy, or perhaps a separate Security Policy.

However, be aware that a strong privacy policy does not guarantee that the merchant will protect your privacy forever. Policies can change. The company can file for bankruptcy and sell its customer data base. The merchant might be purchased by another company with a weaker privacy policy.

You will want to think about the sensitivity of the data that is being compiled about you when you shop online. We cannot prescribe the best approach to take. Every consumer has a different interpretation of what is considered “sensitive.”

5. Be Aware of Cookies and Behavioral Marketing

Online merchants as well as other sites watch our shopping and surfing habits by using cookies, a tracking system that attaches pieces of code to our internet browsers to track which sites we visit online.

Persistent cookies remain stored on your computer while session cookies expire when you turn the browser off. Online merchants use cookies to recognize you and speed up the shopping process the next time you visit. You may be able to set your browser to disable or refuse cookies but the tradeoff may limit the functions you can perform online, and possibly prevent you from ordering online.  Generally, you will need to enable session cookies to place an order.

Privacy advocates worry that as more and more data is compiled about us — without our knowledge or active consent — it will be combined to reveal a detailed profile, even our actual identities. This data is often collected to market goods and services to us, encouraging us to buy them. There are a number of companies that specialize in targeted online advertising called "behavioral marketing." Companies say consumers benefit by being exposed to more targeted advertising and that online merchants can make more money more efficiently by targeting the right shoppers.

What if your behavioral marketing profile is shared with others, without your permission? You might not care if a drug company shares your prescription drug information with a coupon service to save you money. But what if that same information were obtained by your insurer, resulting in more expensive health insurance coverage?

6. What's Safest: Credit Cards, Debit Cards, Cash, or Checks?

The safest way to shop on the internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation. When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges. You are rarely asked to pay this charge.  

Make sure your credit card is a true credit card and not a debit card, a check card, or an ATM card. As with checks, a debit card exposes your bank account to thieves. Your checking account could be wiped out in minutes. Further, debit and ATM cards are not protected by federal law to the extent that credit cards are.

Using only one of your credit cards for online purchases can make it easier to spot fraudulent activity.  Likewise, turning on text message or email alerts for purchases can be a great way to quickly detect fraud.

Online shopping by personal check leaves you vulnerable to bank fraud. Sending a cashier's check or money order doesn't give you any protection if you have problems with the purchase.

Never pay for online purchases by using a money transfer service.  You could be transferring cash to a fraudster.  Scammers will ask consumers to send them payment using a money transfer service such as Western Union or MoneyGram because they can get your cash fast and it’s difficult to trace. Legitimate sellers normally do not ask consumers to send payment that way. Money transfer services should only be used to send money to people that you know well, not to unknown sellers of merchandise online.  

7. Disclose Only the Bare Facts When You Order

When placing an order, there is certain information that you must provide to the web merchant such as your name and address. Often, a merchant will try to obtain more information about you. They may ask questions about your leisure lifestyle or annual income. This information is used to target you for marketing purposes. It can lead to spam or direct mail and telephone solicitations.

Don't answer any question you feel is not required to process your order. Often, the website will mark which questions need to be answered with an asterisk (*). Should a company require information you are not comfortable sharing, find a different company that sells the product.

Providing your Social Security number is not a requirement for placing an order at an online shopping site. There is no need for the merchant to ask for it. Giving out your Social Security number could lead to having your identity stolen.

8. Keep Your Password Private

Many online shopping sites require the shopper to log in before placing or viewing an order. The shopper is usually required to provide a username and a password. Don't have your computer or device remember your password if a website has your payment information or other personal data.

Never reveal your password to anyone. When selecting a password, do not use commonly known information, such as your birthdate, mother's maiden name, or numbers from your driver's license or Social Security number. Do not reuse the same password for other sites, particularly sites associated with sensitive information. The best password has at least eight characters and includes numbers and letters.

9. Check the Website Address

The address bar at the top of your device's screen contains the website address (also called the URL, or Uniform Resource Locator). By checking that address, you can make sure that you are dealing with the correct company.

Don’t click on any link embedded within a potentially suspicious email. Instead, start a new internet session by typing in the link’s URL into the address bar and pressing “Enter” to be sure you are directed to a legitimate website.

10. Don't Fall for "Phishing" Messages

Identity thieves send massive numbers of emails to internet users that ask them to update the account information for their banks, credit cards, online payment service, or popular shopping sites. The email may state that your account information has expired, been compromised or lost and that you need to immediately resend it to the company.

Some emails sent as part of such “phishing” expeditions often contain links to official-looking websites. Other times the emails ask the consumer to download and submit an electronic form.

Remember, legitimate businesses don’t ask for sensitive information via email. Don’t respond to any request for financial information that comes to you in an email. Again, don’t click on any link embedded within a suspicious email, and always call the retailer or financial institution to verify your account status before divulging any information.

11. Be Aware of Dynamic Pricing

Some online retailers use dynamic pricing to engage in price discrimination by charging different prices to different consumers for identical goods or services. When you purchase goods or services online, you may be paying a higher or lower price than another online customer buying the same item from the same site at the same time. While online shopping enables consumers to easily compare prices, it also allows businesses to collect detailed information about a customer's purchasing history and preferences. Online stores can use that information to customize the prices they charge you.

Amazon.com began experimenting with dynamic pricing in 2000. Different customers were offered different prices for the same product. Depending upon a consumer’s purchase history and other information, Amazon might offer different prices matched to a customer’s perceived willingness to pay a higher or lower price than the standard price.

While dynamic pricing has existed for a long time for time-sensitive products such as airline tickets, hotel room reservations, and rental cars, it’s difficult to justify the use of dynamic pricing for goods and services that are not of a time-sensitive nature.

Online merchants can easily implement dynamic pricing by placing cookies on a customer’s computer which will track the user’s past interactions with the site. By using this information, sites can customize their interactions based on your past activities. Online stores can read the cookies on your browser to determine what products or services you searched for and bought and how much you paid for them. This information helps them to predict how much you might be willing to pay for a product or service.

Some online stores may also consider other factors when determining pricing. For example, merchants might charge higher prices to customers who make repeated returns or demand extra service.

There are several ways that you may be able to defeat dynamic pricing. Obviously, do not log in to a site before you obtain a price quote. Be sure to clear the cookies from your browser before you visit a site. Utilize price comparison sites that check prices from multiple vendors. Finally, if you do log in to a site, try leaving items in your shopping cart for a few days, to see if the merchant offers any discounts.

12.  Resources

Federal Trade Commission, Shopping Online

American Bar Association, Safe Shopping

Content type: 
Copyright © Privacy Rights Clearinghouse. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. For distribution, see our copyright and reprint guidelines. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse.