Online shopping can be incredibly efficient, fast and easy, with almost any item available from retailers’ websites. They may offer free shipping, next-day delivery and streamlined returns—but that doesn’t mean an online retailer’s site is as secure as it should be. Any online retailer, no matter how large and technologically advanced, may fall victim to sophisticated hackers breaching its cybersecurity defenses. If a retailer’s website is successfully hacked, then consumers’ personal accounts, including financial information, are also at risk.

The U.S. government agency, the Federal Trade Commission (FTC), takes in millions of reports annually from consumers about problems they experience in the marketplace, such as various crimes and unethical—but not provable criminal—behavior. Since some crimes and harmful situations go unreported, the number of consumers who are harmed by crooks is likely to be much higher than the reports indicate. The reports are stored in the Consumer Sentinel Network (Sentinel), a secure online database. Since 1997, Sentinel has collected tens of millions of consumer reports about fraud, identity theft and other consumer protection topics. The FTC publishes this data annually in its Consumer Sentinel Network Data Book (CSN Data Book), which is available to the public at no charge. During 2023, Sentinel received 5.4 million consumer reports, which the FTC sorted into 29 top categories, and the data showed that “The states with the highest per capita rates of reported fraud in 2023 were Georgia, Florida, Nevada, Delaware and Maryland.”

For fraud types reported to the FTC in 2023, “Online Shopping and Negative Reviews” ranked fourth on the list of 29 types of fraud.

With shopping fraud so prevalent, what can you do to enhance your security during online shopping? Here are a handful of suggestions:

Tip #1: Shop at well-known websites

• Generally, it’s a good idea to begin looking for an item at a well-known, trusted retailer’s website that may be more likely to have robust security built in, but beware of typing in an incorrect name or address that might send you to an imitation site run by scammers.
• If the product isn’t available at the big-name retailer, then check with more specialized sellers, but first seek out reviews by customers from several different review websites. Good reviews aren’t a guarantee of high quality, and negative reviews may not mean that the seller is performing poorly for all customers, but thorough research is often quite helpful. However, even nationally known retailers can sometimes have shady, unethical third-party sellers operating on their site, something that the federal government is trying to fix. According to the U.S. government agency the Federal Trade Commission (FTC), in late June 2023, the Integrity, Notification and Fairness in Online Retail Marketplaces for Consumers Act—the INFORM Consumers Act—took effect. The Act “requires online marketplaces to protect consumers from counterfeit, unsafe, and stolen goods by verifying their high-volume third-party sellers’ identities, and making it easier for consumers to report suspicious marketplace activity.” The Commission is responsible for enforcing the Act along with U.S. states partners to enforce accountability of the Act with online marketplaces.

Tip #2: Create strong passwords for shopping accounts

• Make your passwords more complicated; don’t use numbers or words that could be easy to guess. Terms of endearment, streets, neighborhoods, city and states, birth or anniversary dates, colleges, nicknames, names of pets, hobbies and sporting team names are just a few of the most common components of passwords to avoid since they are obvious. Use random letters, symbols, numbers, words from other languages, a mix of upper-case and lower-case letters, and scramble them together to be more complex. Choosing randomly means avoiding any sort of pattern, such as using numbers or letters in a sequence, such as 1234 or ABCDE.
• Make your passwords longer. Longer passwords are just harder to guess or hack. Instead of being brief, be lengthy and use sentences, quotes, phrases, and then mix in numbers and symbols.
• Change your passwords more frequently. Most people keep using the same passwords for months or years because it’s easier than taking time to change passwords and remember them. Try changing your passwords every three months, and if that schedule isn’t practical, extend it to every six months—but not longer than that.
• Do not recycle passwords; make them new and fresh. There is a much greater risk for your security by reusing passwords for different accounts; if one account is breached then all the other accounts with the same password are at risk. Passwords all need to be unique.

Tip #3: Use multi-factor authentication to limit access

• Turn on multi-factor-authentication (MFA) for shopping sites if they offer this feature. More and more websites now offer—or mandate—multi-factor authentication. MFA involves several verification steps before the user is allowed to access their accounts; you have to prove that you’re you instead of a hacker breaking into your accounts. Multi-factor authentication often uses either a Personal Identification Number (PIN) or a passcode (often six numbers and letters) that is texted or emailed to you, a call to your cellphone, or a fingerprint or facial scan on your mobile phone before you can get access to your shopping account. /li>

Tip #4: Look for confirmation that the website—or at least its payment page—is encrypted

• Look at the full website address for the retailer; specifically, examine it carefully to see if the address starts out with this prefix: https:// instead of only http://; an example is https://www.deltacommunitycu.com/. The s in https:// means that the website is encrypted with a Secure Sockets Layer (SSL) that should protect your private information from being exposed to hackers. SSL creates what should be a secure channel between your device and a website that would be very difficult to break into or intercept. The site may also display visual confirmation of SSL with a very small icon of a locked padlock showing up on the left side of the website address. Be extremely cautious of entering payment information for any site that doesn’t indicate that your personal details, including those from your financial account, are encrypted.

Tip #5: Avoid shopping on public wi-fi networks and use a Virtual Private Network

• It’s probably a good idea to avoid using public wi-fi networks for online shopping, even if they are free. Many people may connect automatically to a public network if the service is free (stores, hair salons, hotels, restaurants, airports and other venues may offer them). However, a free network from a service provider you don’t know and have no reason to trust may mean you are shopping on an insecure wi-fi network that could expose mobile phones or computers to malware or real-time hacking. So, what are options if you must shop and the free wi-fi may be a bit sketchy? You can use a Virtual Private Network (VPN) to lessen the risks of a public network on a computer or cellphone; actually, it’s a good idea to always use a VPN on a computer or phone.

Tip #6: Have your credit card company email or text you every time your card is used

• One of the best methods for monitoring your spending habits and preventing fraud is to get notified by your credit card company every time you use the card. Most credit card issuers offer almost immediate notifications for every transaction on your card, usually by email or text. Always knowing when your card has been used means that bogus charges from an identity thief can be detected quickly; you can then contact the credit card company to deactivate the card and get in touch with credit bureaus to add notes to your credit reports or freeze your credit cards.

Tip #7: Use a credit card instead of debit card

• There are U.S. laws that limit personal financial liability for fraudulent credit card charges, which must be paid at some future time. Debit cards may not have the same amount of protection, and with a debit card, money—instead having a pending charge—is withdrawn directly from your account. This means that a crook with your debit card credentials could be able to empty out a checking, savings or other account tied to the debit card.

Did you know that Delta Community offers a monitoring service, PrivacyGuard, that can help provide enhanced security for your accounts?

Consider an identity theft monitoring insurance policy. If you’re a frequent online shopper, then it may be helpful to look at investing in an identity monitoring plan to help keep your personal and credit information safer. Delta Community Credit Union and its wholly owned subsidiary, Members Insurance Advisors, now offer members identity protection plans from PrivacyGuard.¹ All PrivacyGuard plans offer comprehensive tools such as credit monitoring, dark and public web monitoring of your personal information, activity alerts and access to fraud resolution experts.²

Contact Delta Community immediately if you’re worried about your accounts

• If you think your Delta Community accounts have been compromised, immediately ontact our Member Care Center via our toll-free number at 800-544-3328 with whatever details you have, including dates, amounts of money, email messages, email addresses, text messages, phone numbers and names.
• Please remember that Delta Community will never call, text or email you to ask for your checking, savings, investment, ATM, debit or credit card account number or password, your telephone access (IVR) PIN, one-time passcode or other confidential personal information.

Do you want to know more about personal online safety?

More information on protecting yourself and your accounts—along with practical financial advice—is available from free Delta Community Financial Education Center webinars on many different money-related topics. You can visit the Financial Education Center's Events & Seminars page to register for its no-cost, on-demand webinars.

Delta Community’s blog and its security and privacy center regularly have recommendations for enhancing online personal security:

• Avoid fake check scams.
• Learn check-writing tips.
• How to hang up on imposter scams, part 1.
• How to hang up on imposter scams, part 2.
• Did you know that only scammers get paid with gift cards or cryptocurrency?
• Think for a minute, and then don’t click 'unsubscribe' from spam emails and texts—managing spam.
• Learn how to make your mobile and online payments safer.
• How to protect yourself online while working or learning from home.
• Why to question your security questions.
• ​How to secure your home network.
• You should know how to tell if someone’s stolen your identity and how to prevent it.
• How to get a stronger password and use a password manager.
• Be on the lookout for phishing, smishing and vishing attacks.
• Be vigilant for spoofed phone calls.
• Harden your email account against an attack.

¹The benefits in PrivacyGuard are provided by Trilegiant Corporation.

²View important product benefit information and restrictions