Security & Privacy

6 Cyber Security Tips for Holiday Shopping Online

Posted on by

Christmas shopping online gift theft

Christmas is just a few weeks away and you’re probably busy shopping online to get gifts for everyone on your list. You probably do some of your shopping in brick-and-mortar stores, but shopping online can be a lot easier and can save you time. After all, when having trouble finding the right gifts in local stores, many people commonly find success shopping from online stores—items that are out of stock in local stores may be available from a reseller in another state or country.

For the most part, shopping online is safe, at least if you use familiar, reputable websites. But once you stray from the usual vendors, you need to take special precautions to make sure that when you enter your credit card data you’re not giving it to scammers. Here are 6 cyber security tips to ensure that your online holiday shopping is safe.

Make sure the website is secure

The most important thing to do when you’re entering credit card details online is to make sure this data is sent securely. This means that, instead of your browser just sending the 16-digit card number in clear, it is encrypted, so no one sniffing network traffic can intercept it. There’s an easy way to check this in web browsers: They all have a way of showing you that a secure HTTPS connection has been made.

In general, web browsers display a padlock icon. Below, you can see how this looks in Safari, Chrome, and Firefox.


Google Chrome secure padlock icon

Mozilla Firefox secure padlock icon

Sometimes you will see an indication of an even stronger level of security, Extended Validation SSL. Web browsers generally indicate this by displaying not just the name of the domain, but the full company name, and showing it in green:


Make sure that any time you are entering information—such as credit card or bank account information—you see the padlock and/or the green company name. You should also look for this any time you go to a website which offers to let you pay with PayPal; the login page for PayPal should always indicate that it is secure.

Use secure passwords

Most websites that sell you things require you to create an account when you make your first purchase. You enter your name, your address, your phone number, and some payment information. The website then asks you to enter a password. Make sure to use a secure, unique password for each website. Don’t use the same password that you use for other websites; if someone gets a hold of that password by hacking one company’s servers, they’ll try to use it on other major merchants’ websites. And if those websites have stored your credit card number, cyber-criminals will be able to make purchases on your dime.

A good way to do this is to let Safari recommend a password. It then stores the password in your secure keychain, making it available to you later, on all your Apple devices that are signed into the same iCloud account.

Safari suggested password

Don’t shop on public Wi-Fi networks

It might save you time to do some shopping when you’re in an airport, a coffee shop, or some other location on a free, public Wi-Fi network. But this isn’t a good idea. Unless you use a VPN (virtual private network), which encrypts all data from your computer or mobile device, people can sniff the network, grabbing data to look for usernames, passwords, credit card numbers and more.

Use PayPal

I don’t want to recommend one payment system over another, but if you go to an unfamiliar website to buy something, you might want to think twice about giving them your credit card number. The site may not be malicious, but it just may not have good enough security, and your information may be compromised later.

Use PayPal for safe online shopping

Many websites let you pay using PayPal. If you have a PayPal account, you can pay with your balance, but if not, you can route your credit card payment through PayPal, which offers additional security. PayPal doesn’t send the credit card number to the website; they just confirm that the payment was made. Just make sure that, when you are sent to a PayPal payment page, that it really is PayPal. As I pointed out above, modern browsers show PayPal’s name in green in addition to the lock icon.

Don’t buy from websites you’ve never heard of

You are looking for that hard-to-find item a couple of days before Christmas. It’s sold out everywhere, except on some website you found doing a Google, Bing or DuckDuckGo search. Is it safe to buy from that website? It’s hard to know.

In many cases, small independent resellers run honest businesses on the web. But in other cases, scammers may set up websites to attract people looking for unavailable items. If you are tempted to buy from a website you’ve never heard of, search the web for the name of the company and see if you can find anyone talking about it before giving them any payment information.

Lots of small businesses also sell on eBay and Amazon; check there for anything you can’t find on your usual shopping sites. Their sales policies protect you.

Check prices in another browser

In all of the above tips, I have told you how to avoid being robbed. In this one, I’m going to help you make sure that you’re not being taken advantage of. Some merchants display different prices for people who are logged into their websites and those who aren’t. They may display a lower price for new customers, to try and draw them in. If you’re looking at an expensive item, check the same page in a different browser where you are not logged into your account. You might be surprised. If you find a different price, add the item to your shopping cart and then log in; you’ll be able to buy the item at a lower price.

So, enjoy your holiday season, but use these tips to stay safe shopping online, and make sure the whole holiday season is festive.

Further Reading: 

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →