Navigation skipped

Tips for safe online shopping

The convenience of online shopping often comes with concerns about security. Get our tips for safe online shopping before you place your next order.

Updated
6 min. read

Shopping online has changed the way we buy things. To many, the internet has become the go-to place for clothes, furniture, office supplies and much more. According to a Statista study, by 2024 Canadians were spending more than $3 billion in online shopping per month.

If you’re a frequent online shopper, you understand the ease, convenience and speed of online shopping. A simple search gives you access to pretty much everything you’re looking for, often available for next-day delivery.

But while online retail continues to grow, fraudsters continue to find new ways to take advantage of shoppers trying to find the next best deal. Still, there are steps you can take to protect yourself.

1. Limit your online shopping to reliable retailers

How can you tell if a website is trustworthy or not? Seeing “https” in the URL is a good first step. If you enter a site that doesn’t have "https" in the address bar, your data is at greater risk of being shared with a malicious entity.

There are also a few extra security steps that you should take when you visit a site:

  • Make sure the URL is correct and has no spelling mistakes. Scammers will try to take advantage of you typing in a hurry and misspelling a word in the URL to direct you to a fraudulent site. They’ll even go as far as making a fake website look exactly like a real one to get you to share your information.

  • Check the site’s security certificate. Click on the locked padlock icon or tune icon and look for the field stating, “Connection is secure”. Clicking this will give you more information regarding the connection and validity of the certificate.

2. Create unique passwords for your accounts

Although it might seem convenient to re-use passwords, it is important to set a different password for each of your online accounts to help protect yourself. When choosing a password, never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Remember to never share your passwords with anyone, change them regularly, and always change default passwords provided by a manufacturer.

As a rule of thumb, a strong password ranges between 8 to 30 characters and combines:

  • letters (uppercase and lower)

  • numbers

  • and special characters (like $,#, @, !, %, &, *)

Remember: Change your passwords every 90 days, never reuse passwords across sites and don’t reuse old passwords.

3. Question unbelievably good deals

Everyone loves a good deal. People rush to place orders on things that are heavily discounted online. However, if the price seems too good to be true, it most likely is.

Not sure how to spot a fake deal online? Look for these warning signs:

  • The site asks you to pay upfront in order to unlock the deal or receive a discount coupon.

  • You can’t pay with a secure method like your debit card, credit card or payment apps.

  • The site has a vague or nonexistent return/refund policy.

For example: If you notice a website is offering luxury brands of jewellery, clothes, or electronics for incredibly cheap prices, know that there’s a chance you’re paying for a defective item or an item you won’t receive at all. You also may not be able to get refunded for the item if you contact the seller.

4. Safeguard your devices and internet browsers

If you happen to miss the signs of an unsafe website, set up your device and internet browser to do the work for you. You can install security software for your computer, phone and tablet to get alerts whenever you enter a harmful site or click on a malicious popup. As for your browsers, we recommend you choose strong security settings and install the latest updates as soon as they’re available.

Here’s a cool little tidbit: As a BMO customer, you get access to security software for your devices from our leading tech partners.

5. Avoid online shopping in public

Public Wi-Fi is every fraudster’s best friend. Shopping online while connected to a public network can be risky because there’s no guarantee on who’s running it and who can access it. Fraudsters can pose as the café, restaurant, or mall you’re in to trick you into joining their network and get a hold of your information.

Cybercriminals can also intercept your online activity when you connect to public Wi-Fi. This includes your emails, browsing history, social media accounts and login credentials, which could compromise your private details.

Avoid using free Wi-Fi in public places, especially if you need to bank, shop or work online.

“If you notice a transaction you didn’t make on your bank statement, contact us immediately.”
A woman calling her bank to report unusual activity on her account

6. Use mobile payment apps

Mobile payment apps (or digital wallets) like Apple Pay and Google Pay are considered more secure for online shopping than directly entering your card details at checkout. This is mainly due to these apps’ tokenisation mechanism that’s specifically designed to prevent credit or debit card fraud online.

So how does tokenisation work?

Mobile payment apps use a unique one-time code (or “token”) to process online transactions without revealing your account details to the retailer. This means you don’t have to enter your card number when checking out, and instead, the app uses the token it generates as a way to represent your card.

Your actual account number is held in a secure token vault and won’t be shared with the store. So even if the transaction is intercepted by a fraudster, they’ll only be able to access this temporary token and not your real card information.

Keep in mind: If you’re using a payment app on your phone, be sure to restrict the permissions of other apps so that they can’t access your private and financial info from your digital wallet. Also, be sure your phone passcode is secure!

    7. Watch out for holiday-related phishing, smishing and vishing attempts

    Fraudsters use the holidays – and promises of special deals – to send enticing email (phishing), text (smishing), QR code (quishing) and voicemail (vishing) lures to try to obtain your personal information, steal your money, or get you to click on a link to download malicious software. If you receive an email, text or QR code advertising a great deal, don’t click any links or open any attachments – visit the website directly for the safest shopping experience.

    8. Be aware of what you share

    Be suspicious of online stores that ask you to provide your date of birth, Social Insurance Number (SIN), or other confidential information they don’t need to sell you a product.

    Keep in mind that some online stores might ask you for additional info through a series of challenge questions that you’ve personally set up beforehand. Only you will know the answer to these questions and they’re simply used as a way to verify your identity when you sign in to your account.

    9. Keep tabs on your online banking transactions

    Be sure to check your bank statements regularly. If you notice a transaction that you didn’t make on your bank statement, it might be a sign of fraudulent activity and you should contact your bank immediately.

    You can also set up alerts from your bank to get notified whenever a transaction is made with your card.

    The bottom line

    As more retailers and customers rely on online shopping, there’s no doubt that the internet has become the place to buy and sell things. Still, it’s important to be proactive about your security. If you have any suspicion about a website, leave it and shop somewhere else. At the end of the day, trust your gut and be smart about where you enter your card details to get the most out of your online shopping.

    Unusual activity on your account?

    Let us know.

    Report Fraud

    Related articles

    Travel tips for keeping your personal and business info safe

    Need to travel for a business trip? Keep these tips in mind to make sure confidential information you carry with you is safe in transit.

    8 tips for keeping your kids safe online

    We’re spending more time online than ever, and our kids are no exception. As online learning and socializing increases, use these tips to help keep your kids safe on the Internet.

    Have questions?

    • Make an appointment
    • 1-844-837-9228
    • Find a branch