Is Online Shopping Really Safe?

« The Night I Was Nearly Robbed: Situational Awareness & Safety Online (and Offline, too) | Main | Emsisoft Tool to Decrypt DecryptorMax »


Is Online Shopping Really Safe?

Kevin R. Smith


Although it may seem strange to some people, to others the very thought of using a credit card online seems pretty crazy. 

In fact, we talk to someone by phone at least once a week with this concern.

Pam, a New Hampshire resident, called this week asking,

"I want to buy one of the antivirus programs you review, but I'm uncomfortable buying online.

"I just don't like putting my credit card information in some website. I'd rather do it in person or by phone.

"Is there a way I can buy the software in a store, instead?"

In my view buying software online (and in fact all transactions online) are actually safer than those you do in a store.

(As the former CTO of a sizable credit card processing company, I can answer this question with some authority.)

Read on for the answer...

Why online transactions are actually safer

First, let's take a look at what really happens when you buy something in a store.

The fact is almost all credit card transactions, even those done in a store, happen entirely on the Internet. (We'll cover this more in a second.)

Second, when you buy software in a store, you have the huge hassle of going back to the store and dealing with that store's return policy for software.

Since nearly all stores prohibit customers from returning software once it's opened, your only recourse is to go back to the manufacturer and wait for them to issue a refund. (Oh, joy!)

In contrast, if you buy software online, the license key and a link to download are emailed to you. If you need a refund, you just get in touch with the company directly since they're the ones that sold you the software. Schlepping to the store involved? Zero.

Third, when you buy antivirus software in a box, what you're getting is weeks—maybe even months—old. Yes, the software will update itself automatically, but a heck of a lot of new viruses are developed between when the software was boxed up and when you bought it.

On the other hand, antivirus software purchased online is often the manufacturer's latest, greatest release.

Did you know...

Some companies use prison inmates to staff their customer support and answer lines?

Of course, they don't tell you that.

How does that make you feel about ordering by phone?

Before we get back to buying software in a store, let's talk about buying by phone. The problem with phone purchases is you're trusting the person to be honest on the other end of the line.

For the most part, they are. Other times, not so much.

The fact is, you're giving that person all your card details, even the security code from the back, so they've got everything--even your billing address. If they want to go on a seven state shopping spree or sell your info on the black market, you couldn't make it any easier.

OK, let's get back to what happens when you buy something in a store.

What Really Happens?

The super simple version of what happens goes something like this:

  • Your card is swiped in a credit card terminal or cash register, and then
  • The credit card number is immediately encrypted, and then
  • Shot to a "front end" processor, who then
  • Talks the store's bank, who then
  • Talks to your bank to get authorization to charge your card.

Later, a "back end" processor enters the picture, too, who also gets handed your card number via the Internet. [This is a simplified version of what happens, too.]

Any guess were all this happens? Online.

All of it.

For you sticklers for detail, yes, in some (increasingly rare) cases when you use your card in person, the transaction still happens via satellite or even via an old-school telephone connection.

And in any event, when those transactions come back to Earth, they, too, then make a journey across the Internet when the banks and credit card processors all talk to one another.


What's all this mean?

It means in-person purchases are ultimately no different than those that happen entirely online.

What's the real risk?

First, in most countries for there to be any liability, the bank has to prove you were at fault for the theft. If you're not at fault, the liability is usually $0.

What's more if you're in the U.S. your maximum liability is $50. (It's the law.)

And, in Canada, Australia, and most countries in Europe, liability is legally limited there, too. Usually, it's between $0 and $50/£50/€50.

The bottom line:

  1. All credit card transactions ultimately end up online
  2. Your credit card number and other info about the purchase is encrypted as it moves across the Internet
  3. Laws in most countries limit your liability to between $0 and $50/£50/€50.

Lastly, because of the encryption in use and the layer upon layer of security in place, in many ways it's MUCH safer to use your card online than it is to use a card in person in person in a lot of places.

How's that?

Consider: a restaurant.

When you're done with dinner, a waiter or waitress takes your card and disappears with it. For minutes at a time they're out of sight.

Sure, they return with your bill, and that* much you can make sure is correct, but what else they did with your card while they had it is anyone's guess.

So, if you're reluctant to use your credit card online, knock it off. Save the trip to the store and buy online. And, if you don't like the software, make the refund process easier on yourself.


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.