A Paranoid Buyer’s Guide to Shopping Online

The Internet can be a very intimidating place, with many people using the anonymity it provides to do nefarious things. Since its inception, millions of people have fallen victim to scams and hackers that have stolen their identities and made purchases in their name.

As much as we like to acknowledge that online purchases are safer than ever, we also must give heed to those who say that you’re still better off walking into a brick and mortar store. But for those who are hesitant to make an online purchase out of safety concerns, there are ways to minimize the risks involved in making transactions across the Web.

What Makes Safety So Challenging


In the 90s the Internet had a massively poor reputation for being a den full of scammers. Since then, banks and other organizations have put their heads together in an effort to make it easier to make transactions on the Web without too much fuss or worry with regards to safety.

However, hackers are always trying to stay one step ahead of these methods and sometimes even succeed in stealing customer information from companies, making it difficult to actually make the Internet a safe place for people to make online purchases.

It’s also probably worth mentioning the fact that hundreds of millions of people around the world have their credit and debit card data somewhere on the Web. In America alone, this total reaches 94 million, which is a bit under a third of the entire country’s population.

Looking for HTTPS Isn’t Enough

While it’s imperative that you look for the “HTTPS://” before the URL on your address bar to ensure that your data is encrypted while you make a transaction, it’s not enough to tell whether you are being scammed or not. To get the certificate necessary to use HTTPS on your website, you only need to prove that you own the domain but not that you’re a legitimate business (read more on this here).

While it may be safe to make a purchase online from a retailer you know with absolute certainty is legitimate, unknown retailers can still scam you and use an encryption (HTTPS) certificate on their site. The authority that gave them the certification will often try to combat this, but you may still fall victim to scams regardless.


Fortunately for you, there are other types of certificates that can only be used by businesses that are vetted and completely legitimate. You can tell a business is using this certificate if its name appears on the address bar before the “https://” rather than just displaying a green lock and/or the word “Secure.”

Diversify Your Credentials

The problem with credit and debit cards on the Internet is that they are just one number. And that number is the sole thing that stands between any entity and your bank account. Once it is revealed, every penny you have at the bank is vulnerable and fair game to anyone.

PayPal is similar in that you have one account tied to all your money. But there’s one crucial difference here: changing your PayPal password is easy, but doing the same to your debit card number is a process that requires interacting with your bank. It could get complicated rather quickly.

Instead of giving out your CC info to every online retailer, it is better to use a “throwaway” number that you can invalidate at your whim. There are startups like Privacy┬áthat offer services like these and Visa has also recently rolled out with a token service that does something similar.

Retailers Don’t Need a Lot of Info About You


There are two things an online store needs before you complete a purchase: a way to send you their product and a way to receive your payment. This includes your address, your name, your phone number (in case they need to contact you about the delivery), and your debit card credentials. Any other information they ask for is superfluous and you should never give it away.

So things like your passport number, your ID number, your SSN, and any other identifying information should never be in the hands of a simple retailer. This is reserved only for government institutions, banks, and other entities that actually require this data to ensure that you’re not an identity thief. Assume the worst if some Amazon wannabe asks you for this information.

Other Things You Should Avoid

When parting with your money, you should always make sure that the transaction is as private as possible. Avoid making purchases in public, at a public computer, or with any sort of unencrypted WiFi. Yes, that means that even if you make a purchase from your home under an unencrypted WiFi connection, you might as well be doing it at an airport. The idea here is to lock down everything as much as you possibly can.

Do you have other ideas for safer online shopping? Let us know in a comment!

Miguel Leiva-Gomez
Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox