How to prevent online shopping fraud

With the blogs in this series I want to reach not only my typical audience, security professionals, but especially less security aware people to help them improve their personal security. If you think the content is helpful for people you know, share it with them!

Online shopping fraud is a major problem. Europol recently closed 3300 websites in a EU-wide operation against trafficking of counterfeit goods. And it's not only fake goods. During the Christmas period of 2017 only, UK customers lost more than £11 million due to online shopping fraud. If you take the tips in this post into account you can reduce the risk of becoming a victim.

Only use trustworthy websites

It's most secure to only shop on known trusted websites. If you don't know a particular online shopping site, first do some research.

  • Check the reputation of the website. If a website has a lot of negative reviews, don't use it. Note that a website with only good reviews doesn't mean that it can't be a scam. Criminals manipulate these reviews.
  • You can always contact a consumers association when you doubt about the legitimacy of a particular webshop.
  • Security seals mean nothing. It's not because an online shop has a "safe and secure" seal on its website that it's trustworthy. Criminals can and will put this kind of seals on their websites to make it look more legit.

And remember

  • What's too good to be true mostly isn't true. A site offering products at prices that are incredibly low often implies that the products are fake or you probably will get scammed.
  • A website over HTTPS doesn't mean that the owners have good intentions. It still could be a phishing site. If you want to know more about HTTS, do read this post.

If you doubt about a particular online shop it's better not to buy from it. But even trusted websites might get attacked by criminals and infected with malware that steals your credit card information. Whenever you notice that malicious transactions are done with your credit card block it immediately.

Online payments

For online payments always use a credit card, it has several advantages over a debit card:

  • Credit cards have an insurance against fraud. The issuer of the credit card will reimburse you for the amount that was fraudulently withdrawn from your account.
  • When you pay with a credit card, the money is not directly withdrawn from your account. This gives you time to dispute fraudulent charges and the bank can block the payment while they investigate the incident.
  • Some credit cards also offer additonal insurance for your online purchases. If the goods are damaged or the wrong product is delivered and the vendor doesn't take his responsibility the insurance ensures that you get your money back.

To detect fraudulent transactions early, it's important to check your credit card balance and bank statements on a regular basis.

Some other basic security measures you should take:

  • Never do payments on public computers because this entails several security risks. For instance shoulder surfing or the computer could be infected with malware stealing your credit card data or login data.
  • Never do payments when you are connected to a public wireless network. Use your mobile data connection instead or set up a VPN connection.
  • Enable two-factor authentication for all your (online shop) user accounts.
  • Only do payments on HTTPS websites.

The less personal data the better

  • Only provide the necessary data when you order via an online shop (or any other online service). If you want your purchases delivered at home it's logical that they need your home address. But they certainly don't need to know your real date of birth. Leave all personal data that's not relevant for getting your purchased delivered blank or fake it in case of mandatory fields.
  • Don't store your credit card information online. Websites sometimes offer to store your credit card data to use them in future transactions. This convenience might result in your credit card data being stolen from the servers of the online retailer.
  • Don't store credit card information in the browser. Disable the automatic filling of credit card data and remove stored credit card data. In Google Chrome you can do this by browsing to chrome://settings/payments.

In Firefox browse to about:preferences#privacy and uncheck "Remember search and form history" in the "History" section.

In Safari go to "Preferences" and select "AutoFill". Uncheck all options to remember form data also the one for "Credit cards".

General best practices

Try to keep your devices clean. If a device is infected with malware criminals could possibly steal your usernames and passwords and credit card data.

Make sure that:

  • You have an antivirus solution installed on your devices. For mobile devices the risk is lower and for iOS it doesn't make a lot of sense to install antivirus apps. Read this post for more info about antivirus on mobile devices.
  • You keep your devices up to date, update operating systems and apps.

But even in your local store you could be at risk

This is not a form of online shopping fraud, but I think it's still worth mentioning. Even if you have to pay in your local store you must be cautious. In 2016 in some Walmart stores credit card skimmers were found.

Whenever you have the option to pay with a mobile app do so. This eliminates the risk of credit card skimming.


Be careful when you buy something online. Hopefully these tips help you to reduce your risk when shopping online. Whenever you're in doubt about the legitimacy of a website, look for an alternative.

That's it for today. Tomorrow I'll give you more actionable security tips. In the meantime stay safe online!

John Opdenakker

John Opdenakker

Blogger | #Infosec | #AppSec | Security awareness | Occasional Public Speaker | Cycling | Running | Enjoying life