Tips for safe online shopping
The convenience of online shopping often comes with concerns about security. Get our tips for safe online shopping before you place your next order.
Shopping online has changed the way we buy things. To many, the internet has become the go-to place for clothes, furniture, office supplies and much more. According to a Statista study, by 2024 Canadians were spending more than $3 billion in online shopping per month.
If you’re a frequent online shopper, you understand the ease, convenience and speed of online shopping. A simple search gives you access to pretty much everything you’re looking for, often available for next-day delivery.
But while online retail continues to grow, fraudsters continue to find new ways to take advantage of shoppers trying to find the next best deal. Still, there are steps you can take to protect yourself.
1. Limit your online shopping to reliable retailers
How can you tell if a website is trustworthy or not? Seeing “https” in the URL is a good first step. If you enter a site that doesn’t have "https" in the address bar, your data is at greater risk of being shared with a malicious entity.
There are also a few extra security steps that you should take when you visit a site:
Make sure the URL is correct and has no spelling mistakes. Scammers will try to take advantage of you typing in a hurry and misspelling a word in the URL to direct you to a fraudulent site. They’ll even go as far as making a fake website look exactly like a real one to get you to share your information.
Check the site’s security certificate. Click on the locked padlock icon or tune icon and look for the field stating, “Connection is secure”. Clicking this will give you more information regarding the connection and validity of the certificate.
2. Create unique passwords for your accounts
Although it might seem convenient to re-use passwords, it is important to set a different password for each of your online accounts to help protect yourself. When choosing a password, never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Remember to never share your passwords with anyone, change them regularly, and always change default passwords provided by a manufacturer.
As a rule of thumb, a strong password ranges between 8 to 30 characters and combines:
letters (uppercase and lower)
numbers
and special characters (like $,#, @, !, %, &, *)
Remember: Change your passwords every 90 days, never reuse passwords across sites and don’t reuse old passwords.
3. Question unbelievably good deals
Everyone loves a good deal. People rush to place orders on things that are heavily discounted online. However, if the price seems too good to be true, it most likely is.
Not sure how to spot a fake deal online? Look for these warning signs:
The site asks you to pay upfront in order to unlock the deal or receive a discount coupon.
You can’t pay with a secure method like your debit card, credit card or payment apps.
The site has a vague or nonexistent return/refund policy.
For example: If you notice a website is offering luxury brands of jewellery, clothes, or electronics for incredibly cheap prices, know that there’s a chance you’re paying for a defective item or an item you won’t receive at all. You also may not be able to get refunded for the item if you contact the seller.
4. Safeguard your devices and internet browsers
If you happen to miss the signs of an unsafe website, set up your device and internet browser to do the work for you. You can install security software for your computer, phone and tablet to get alerts whenever you enter a harmful site or click on a malicious popup. As for your browsers, we recommend you choose strong security settings and install the latest updates as soon as they’re available.
Here’s a cool little tidbit: As a BMO customer, you get access to security software for your devices from our leading tech partners.
5. Avoid online shopping in public
Public Wi-Fi is every fraudster’s best friend. Shopping online while connected to a public network can be risky because there’s no guarantee on who’s running it and who can access it. Fraudsters can pose as the café, restaurant, or mall you’re in to trick you into joining their network and get a hold of your information.
Cybercriminals can also intercept your online activity when you connect to public Wi-Fi. This includes your emails, browsing history, social media accounts and login credentials, which could compromise your private details.
Avoid using free Wi-Fi in public places, especially if you need to bank, shop or work online.
6. Use mobile payment apps
Mobile payment apps (or digital wallets) like Apple Pay and Google Pay are considered more secure for online shopping than directly entering your card details at checkout. This is mainly due to these apps’ tokenisation mechanism that’s specifically designed to prevent credit or debit card fraud online.
So how does tokenisation work?
Mobile payment apps use a unique one-time code (or “token”) to process online transactions without revealing your account details to the retailer. This means you don’t have to enter your card number when checking out, and instead, the app uses the token it generates as a way to represent your card.
Your actual account number is held in a secure token vault and won’t be shared with the store. So even if the transaction is intercepted by a fraudster, they’ll only be able to access this temporary token and not your real card information.
Keep in mind: If you’re using a payment app on your phone, be sure to restrict the permissions of other apps so that they can’t access your private and financial info from your digital wallet. Also, be sure your phone passcode is secure!
7. Watch out for holiday-related phishing, smishing and vishing attempts
Fraudsters use the holidays – and promises of special deals – to send enticing email (phishing), text (smishing), QR code (quishing) and voicemail (vishing) lures to try to obtain your personal information, steal your money, or get you to click on a link to download malicious software. If you receive an email, text or QR code advertising a great deal, don’t click any links or open any attachments – visit the website directly for the safest shopping experience.
8. Be aware of what you share
Be suspicious of online stores that ask you to provide your date of birth, Social Insurance Number (SIN), or other confidential information they don’t need to sell you a product.
Keep in mind that some online stores might ask you for additional info through a series of challenge questions that you’ve personally set up beforehand. Only you will know the answer to these questions and they’re simply used as a way to verify your identity when you sign in to your account.
9. Keep tabs on your online banking transactions
Be sure to check your bank statements regularly. If you notice a transaction that you didn’t make on your bank statement, it might be a sign of fraudulent activity and you should contact your bank immediately.
You can also set up alerts from your bank to get notified whenever a transaction is made with your card.
The bottom line
As more retailers and customers rely on online shopping, there’s no doubt that the internet has become the place to buy and sell things. Still, it’s important to be proactive about your security. If you have any suspicion about a website, leave it and shop somewhere else. At the end of the day, trust your gut and be smart about where you enter your card details to get the most out of your online shopping.