Eight security tips for shopping online this holiday season

Here are EDS’ eight tips for jolly and worry-free online shopping:

1. Know the online merchant. It is always best to know the reputation of the companies you choose to do business with. If you are not familiar with the online retailer, be sure to check the Web site for contact details, including a physical address and phone number. Also, look to see if the site is a member of a trust mark or trust seal program. This certifies the business meets certain business standards set in place by the program.

2. Ensure you are shopping at a secure Web site. A secure Web site uses encryption technology to scramble the information you send, such as your credit card number, in order to prevent identity thieves from gaining access to it as it travels through the Internet. Secure Web site addresses also include “https://” at the beginning of the address — the “s” indicates the Web site is secure. Also, look for a closed padlock displayed in your browser’s toolbar or on at the bottom of your screen. If the lock is open or not present, this may be a sign that the site is not secure. Even on a secure site, do not send any more financial information than is necessary to complete the transaction. Always keep a paper copy of the transaction for your records.

3. Review privacy and security policies for the companies you do business with online. All reputable companies post a privacy and security policy or statement on their Web site. This should tell you what information the company collects, how it is used and what is shared. If you are concerned about your information being shared with other companies, make sure there is an option to keep your information confidential.

4. Be proactive in protecting your security. Install commonly available security tools such as anti-virus software, anti-spyware software and a personal firewall. These programs and the computer’s operating system must be maintained with the most recent patches or updates. Probably the most common — and most easily remedied — security problem in home computers is out-of-date software.

5. Do not use personal information for passwords. Using information such as Social Security numbers, birth dates, names, common words, e-mail addresses or telephone numbers as passwords can make you an easy target. Be sure your passwords contain at least eight characters and include numbers or symbols. To avoid misuse, do not write down passwords.

6. Monitor online activity regularly. If you conduct business online, review your account statements regularly and consider using a separate credit card for online purchases or payments to ensure all transactions are in order. By reviewing online statements, transactions and your credit report frequently, you could detect a theft and limit its damage. Identity thieves typically use stolen information for only a short period of time to avoid being caught. If you suspect a security breach, act quickly by contacting the companies you do business with immediately. The Federal Trade Commission’s identity theft Web site is a great resource for information on identity theft, including advice and guidance if your identity is stolen.

7. Be aware that international security and privacy standards may be different. When you shop in the United States, you are protected by state and federal consumer laws. These laws may not apply if you place an order internationally. If it is not a reputable merchant and there is a problem, it may be difficult for you to resolve the issue. You should print out and date a copy of terms, conditions, warranties, item description, company information and even confirming e-mails, and save them with the records of your purchase. Also, look at your purchase as soon as you receive it and contact the seller as soon as possible if you discover a problem.

8. Beware of “phishing” e-mails that appear to be from trusted merchants. Phishing is one of the fastest-growing forms of online fraud for identity thieves. Phishing e-mails appear legitimate, often addressing you by name, which makes them even more convincing. Thieves sending these e-mails usually ask you to click on a link in the email that takes you to a phony Web site — if you are interested, it is best to go to the site yourself by typing the Web site name directly into your browser rather than clicking on the link provided in the e-mail. A skeptical attitude toward unsolicited e-mails is always the best policy, especially if you have never done business with a company before receiving an e-mail solicitation from it.