Column: How to ensure online shopping is s

Tuesday, August 19, 2008

Column: How to ensure online shopping is safe

By Associated Press

Q: With so much talk about Internet security problems and credit card fraud, how do I protect myself while shopping online?

A: One of the biggest risks in shopping online is clicking on a link to what appears to be a legitimate site but is, in fact, a forgery run by criminals interested in your credit card number and other personal information. An estimated $3.2 billion was lost to such "phishing" sites in the United States last year, according to a survey by Gartner Inc.

Watching out for fraudulent sites isn't hard, and is the crucial first step in a secure online shopping experience. The key in most cases is to type in the Web site's address independently, and not to follow links sent in e-mails, as those can often be malicious spam sent by the creators of the bogus sites.

Most Web browsers will alert you when you're navigating to known phishing sites or those serving up viruses, but the key word there is "known." Many harmful sites are set up and dismantled within 24 hours, so it's often a cat-and-mouse game to identify and block them before the criminals have a chance to inflict too much damage.

Also look for your browser's address bar to turn green; that's a sign the site you're visiting has paid for -- and passed -- an extra layer of background checks to verify it's a legitimate business. The so-called Extended Validation Secure Sockets Layer certificate is a new feature that also indicates the site is sending your data securely using proper encryption methods.

If a site doesn't have that feature, look for the traditional SSL padlock when you get to a site's order page, and click on that if you have doubts about the site's authenticity. It will identify the site's owner and the agency that issued the SSL certificate. The padlocks are not always foolproof, however, because scammers can spoof them.

Once you're comfortable that the site you're visiting is authentic, the question becomes: how do you pay for things?

Security experts recommend that you never use a debit card, because if criminals intercept the information, any charges are taken directly from your account and it takes longer to get the money back than if it were stolen from a credit card.

Experts also say it's helpful to have a dedicated credit card for online purchases. That makes it easier to monitor for fraudulent activity, since the payments aren't mixed up with daily purchases.

Banks are excellent at resolving cases of credit card fraud quickly, whereas it may take days or weeks to replenish a debit card account that's been drained by thieves.

Security experts also suggest setting up a separate e-mail account to register for online shopping sites, and use a different password for that account than your regular e-mail account.

The danger of linking all your online purchases to your primary e-mail account is that if hackers are able to steal your username and password for that site, they can then use that information to infiltrate your e-mail and get passwords for other accounts. A common way of doing that is to use the "forgot my password" feature on many sites and have the information e-mailed back to an account that they now secretly control.