Top Security Tips for Online Shopping

With the year’s biggest shopping season upon us, consumers are getting ready to take advantage of enticing discounts and offers from a range of e-commerce websites and applications. Naturally, this is also the peak time of year for fraudsters and cybercriminals who try to trick shoppers with fake deals, hack into their accounts to steal gift cards, reward points and discount codes, and extract personally-identifiable information (PII) that they can further abuse.

Shoppers should follow the tips listed below to prevent the possibility of being cheated and defrauded when shopping online.  

Shop at reputed sites and avoid lookalike sites with similar URLs and appearance.

Scammers often develop fly-by-night sites that use names and URLs that are very similar in their spelling to the names of well-known sites to trick shoppers.

Use authorized shopping apps from Apple’s App Store and Google’s Play Store.

Fraudsters try to trick unsuspecting users with spoofed shopping apps that imitate the look and feel of popular apps. Fake apps put consumers at risk of account takeover, financial loss, and exposure of personal information. Search for and download apps only from authorized app stores and never click on links offering app downloads from unknown or suspicious sources.

[You may also like: The Grinch Who Almost Stole Black Friday]

Watch out for deals that look too good to be true.

Don’t fall for unrealistically low prices, which are likely to be bait-and-switch offers that provide you with a product that is not exactly what you wanted and expected.

Make sure the website’s address starts with ‘https’ and look for the lock icon in your browser’s address bar.

The lock icon in your browser’s address bar and the ‘https’ before the website address indicate that your connection to the website is encrypted and secure to prevent your information from being captured in transit.

Look for websites and apps that have additional security measures to defend against bots.

Leading e-commerce websites and apps usually have bot mitigation measures to prevent access by malicious bots. Use portals that have security measures to prevent bots, such as CAPTCHA challenges, which ask visitors to identify objects in images, or decipher short strings of text, or click on a checkbox to confirm that they are human. Most leading portals use a range of other specialized bot mitigation measures apart from CAPTCHAs.

[You may also like: Retailers, How Much of Your Holiday Traffic is Actually Human?]

Provide as little personal information as possible.

Reputable e-commerce portals generally do not ask for your Social Security Number or other details that are not necessary to carry out transactions (such as your mother’s maiden name and so on). Provide the bare minimum personal data that is required and avoid websites and apps that ask for more information than practically required.

Use strong and unique passwords, preferably with MFA (Multi-Factor Authentication).

Use a different password for every website, and if the website or app offers it (as most leading sites do) we encourage you to turn on its MFA option ─  usually found in its Security settings ─  for secure log-in and an additional layer of account protection. After that, you’ll have to set up an MFA app such as Google Authenticator or Authy to receive the MFA security code you’ll need every time you log in to those sites.

Regularly check your bank statements.

Watch out for suspicious transactions and charges that you do not recall making, and promptly report any unauthorized transactions to your bank or payment service.

[You may also like: The Growing Threat of Payment Fraud for Online Retailers]

Do not shop via insecure public Wifi networks, and use a VPN (Virtual Private Network) if possible.

Avoid making financial transactions using public Wifi connections, as hackers and fraudsters can easily snoop on your private data using a variety of common hacking tools. A VPN provides additional security by encrypting all data being received and transmitted from your phone or PC.

Use credit cards and services like PayPal instead of debit cards.

Unlike debit cards which are directly linked to your bank account, credit cards and payment services usually provide more protection, less personal liability, and quicker resolution of claims.

Use a virtual credit or debit card.

Instead of providing your actual credit or debit card number and CVV code, take advantage of services such as Apple Pay, Google Pay, Venmo and others, which allow you to make payments without revealing your actual payment card number, or generate virtual card numbers that are only valid for a single transaction, and hence worthless to cybercriminals who use bots to try to extract your payment card details and other personal information for their benefit.

Be wary of very lucrative offers sent via email.

Watch out for ‘phishing’ emails that offer lucrative deals, but are actually meant to trick shoppers in various ways, including revealing their log-in credentials, payment card data, or other personal information that can be further abused by criminals. Always check to ensure whether such emails are sent from authentic sources, and look out for telltale signs of fraud, such as errors in spelling and grammar, as well as website addresses that have minor variations to make them look like a reputed brand, but may have an “i” instead of an “l” or similar discrepancies. When in doubt, just go directly to the brand’s website to confirm the authenticity of such offers.

Check to see if your shopping site or app is badged as PCI-DSS compliant for secure payment processing.

PCI-DSS (Payment Card Industry Data Security Standard) compliance is mandated by leading credit card issuing networks for organizations that accept and process credit card payments and cardholder data. Shop at portals that comply with PCI-DSS for assurance of stringent security and fraud prevention measures for your payment card data.

Read “The Ultimate Guide to Bot Management” to learn more.

Download Now

Neetu Singh

Neetu Singh is a cybersecurity solution lead with Radware. In her role, she specializes in application security and threat intelligence, working closely with Radware's product and threat research teams. Here she has led marketing initiatives, partnerships, collaborations, and campaigns for enterprise and SMB markets. She frequently writes about cloud trends, industry 4.0 and SMAC (social, mobile, analytics and cloud) among other topics. Neetu holds an MBA in marketing from NMIMS University in Mumbai.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center