One of the most frequent questions that my computer clients ask me is “Is it safe to shop online?”
The only way to be completely safe when shopping online is … don’t do it. But that would be a case of throwing the baby out with the bathwater, akin to saying “I won’t go outside because I don’t want to be run over by a bus”.
The strategy that I, myself, have adopted is to apply a few tests and questions to any website that I’m considering purchasing from. I then balance how comfortable I feel about giving my financial details to that website with the importance of the purchase. So, sometimes I will buy online and sometimes I won’t. One important consideration is that it’s not just the cost of the specific purchase that is at stake. If something goes wrong, you can lose much more than the cost of the purchase: your card details might be fraudulently used and you might incur any amount of cost and inconvenience in sorting it out.
So, my own list of considerations looks like this:
- I would never – ever – give financial or confidential information to a web page whose address does not begin with “https”. Look at the address of the web page at the top of your browser. Unsecure pages start with “http”. Secure ones start with “https”. The “s” means that the data being transmitted is encrypted. Any website asking for confidential information via an unsecure page is either criminal or criminally negligent. I make no apology for repeating this advice (see this previous post on assessing websites).
- If I don’t know the website I’m buying from then I will do some Googling and/or other investigation to satisfy myself that the website is genuine and that the product/service they are offering is also genuine. Obviously, if a Google search on “Wobbly Products” returns loads of results that refer to customer complaints then I probably won’t proceed with the purchase. A similar test is to google the contact phone number and see what comes up (put the phone number in inverted commas in the search box – eg “07961 387564”).
- I may scour the website for evidence of their physical location. If I can’t find an address and the telephone number is non-geographical (eg it starts with 0845 or 0870) then that will reduce my confidence. Mind you, it is now possible to attach a number that looks like a UK landline number to a Skype account, so seeing a UK landline number is no guarantee that the vendor has a traceable physical presence in the UK.
- I look to see where the website is located. The last few characters in the website address – after the final dot – MAY (but may not) indicate the country in which the website is registered (eg UK, IE (Ireland), CA (Canada)). These last few characters of the website address are called the “top level domain”. A full list of top level domains can be found here. You may feel more confident about doing business with an unknown UK website than an unknown one registered in an unlikely part of the world.
- I have previously used a “prepaid Mastercard” to buy something from a website that I didn’t really trust. Prepayment cards are good because they enable you to make a purchase online without risking your debit or credit card details. The way these cards work is that you buy them from newsagents (or suchlike) with whatever sum you want “preloaded” onto them. You also pay a one-off sum (I think it’s about a fiver) that covers the retailer’s costs, margins etc. So far, so good. There is a nasty sting in the tail, though, in that if you don’t spend the amount loaded onto the card in the first month or so, the value of the available balance is reduced automatically. I seem to remember that I “preloaded” a card with about £20, spent about half of it online but then found the next time I tried to use it that the balance had evaporated! So, it would probably be wise to weigh up the pros and cons before using such a payment method and definitely check the terms and conditions of the card to see if they are acceptable to you.
This isn’t the first time I’ve blogged on the subject of online security. It may seem as if I’m paranoid or it may seem that the internet is too dangerous a place to venture into. My experience – from both my own internet activities and those of my clients – is that taking reasonable steps to safeguard your finances brings the risks down to acceptable levels, but you must concentrate on what you are doing – eg by always checking that any web page that asks for your credit card details is secure.
Maybe an analogy will help. Suppose you knew someone who had spent their entire life in a small village and they were thinking of making a visit to Oxford Street to do some shopping. Would you tell them not to come because it’s too dangerous and they’d get fleeced, robbed, ripped off? Of course not – but you might suggest taking some reasonable precautions, such as making sure their wallet or purse isn’t on show. You might even suggest that the “perfume shop” offering incredible “closing down bargains” is just that – incredible. But you wouldn’t tell them not to come to London just because there are some chancers here who try to take advantage of the unwary. Well, I think the same sort of judgement applies to buying online. My advice is to be reasonably careful, but to do it if you want to.
PS: never give financial details to ANY website (even Amazon or Marks & Spencer or any other household name) from a public computer (such as in an internet cafe). You have no way of knowing if your every keystroke is being recorded for later misuse.