Safe Online Shopping: a Tech Expert’s Tips

Ladies and gentlemen start your browsers – it’s the holiday shopping season. But wait, you are being safe in your shopping habits, aren’t you?

I’m willing to bet that many of you are spending at least a bit of your time and money shopping on the Web this season. Sure beats the endless mall mobs, if you ask me! I’m quite content doing the lion’s share of my shopping online. But online safety is always a primary concern, especially with all the URL-laden email advertisements and such we all receive. It’s all too easy to click on a link that takes our browsers to “botnet land.”

Sure, we’ve all heard about the perils of clicking on emails, but that latest email from an unknown retailer sure caught our attention, right? A big screen HDTV for how much?!

So, let’s explore some things you can do to make your holiday shopping a bit safer—and less likely to result in a credit card bill next month with thousands (or more) of dollars of charges you didn’t make. In fact, there are a few simple steps you can take today that will go a long way to allowing you to be safe and confident in your online holiday shopping.

Disable or Restrict Active Content

Arguably the Web’s biggest vulnerability, active content (e.g., Javascript, Flash, ActiveX, Java) running in browsers is a launch vector for much of today’s malware. Most browsers do little to prevent active content from running by default—sure, they all have a “Allow Javascript” button and such, but that’s hardly a usable control. If we turn off all Javascript (and other active content), almost all of today’s Web sites will not function for us, so that’s hardly a “solution” to our safe shopping issues.

If you’re using Firefox or Internet Explorer, you’re in luck. We can quickly and easily restrict which sites may run active content and disallow all others in both of these browsers. (No doubt some other browser can do this as well.)

For Firefox, just install NoScript (from http://noscript.net). It’s a free plug-in that disallows all active content from all sites by default. You then allow trustworthy sites one at a time as you care to—and this only need be done once per site, because NoScript will remember your settings. Quite simply, it’s one of the best free security enhancements I’ve ever seen. Great stuff.

For IE users, you need to tweak your “security zones” a bit—just click tools‡Internet Options‡Security. Disable all of the ActiveX, JavaScript, etc., settings in your “Internet” zone. Now, add trustworthy sites one at a time to your “Trusted sites” zone. It’ll take a little trial-and-error, but it’s not too hard to figure out, and you can always restore the defaults by clicking on the “Default Level” button.

In both IE and Firefox cases, “trustworthy sites” should consist of sites you want to do business with. With NoScript, you can even temporarily enable JavaScript on sites you want to try out, but aren’t yet convinced you want to do business with.

Centralize Your Payments

Chances are pretty good you’ll be entering your credit card data on several sites this holiday season. Each time you do that, there’s an exposure to fraudulent activity.

First off, be sure you want to do business with the site you’re connected to. Use consumer rating sites like BizRate to see what other customers say about the sites, especially if you’ve never done business with them before.

Then, consider using a payment centralizing service like PayPal to reduce how many sites see your credit card information. It’s a couple extra steps when you pay for an item, but if nothing else, it means you’ll have fewer places to keep organized when and if you change credit card account numbers later on.

Use a Local Password Vault

In addition to storing credit cards on a slew of sites, you’ll probably be asked to register on many of the sites where you’ll do business this holiday season. If you’re like many people, you’ll use a single username—perhaps your home email address—and a single password that you can easily remember, and you’ll use these on all the sites you frequent.

You probably even know that this isn’t a great idea, but you do it anyway because it makes things easier and less complicated. Does that sound familiar?

Well, there’s a better way. Consider installing and using a local password vault system. There are hundreds of these available for free or for cheap on Windows, Mac OS X, and Linux. Pick one that has gotten great consumer reviews.

I find 1Password works great for my OS X needs. What these products have in common is they store all your passwords safely in one place on your computer. That single password store is then itself password protected—remember this password, it may be the last password you’ll never need! Most of the products can also generate long and random passwords. So, when you sign up for a new account at your favorite on-line merchant, use your password vault to generate (say) a 40-character random password and then remember it in your password store.

Now, whenever you visit that site, your password vault will remember the password and will fill it in on the site’s login page. This way, you can have different and very secure passwords on every site you use, without having to remember them all. Just remember that one password. (I can’t emphasize this enough.)

Do these simple things—today—and I’m confident your online shopping environment will be substantially safer, as well as more organized. You can find free or cheap solutions to all three of the above. You’ll only regret not doing these things.

Adapted from Esecurityplanet.com.