After 5+ years of being a successful online reseller, 3Gstore has gained a lot of experience in making the online shopping experience as safe as possible for our customers. Unfortunately, not all online transactions are as safe as others, and we'd like to share our knowledge so that online shoppers understand what makes their transactions secure (or not) and what you can do to make sure your online purchases are safe!
This guide is generic and can be applied to just about any website that accepts payments for any sort of goods or services. We recommend that anyone purchasing online educate themselves and use these steps when purchasing with an online reseller for the first time - whether it's a major well-trusted shopping site or a brand new online store.
There are 7 tools that an educated online consumer should use to verify that your online purchases are safe:
- Look for the green bar at the top of your browser (why a SSL EV Certificate is crucial)
- Confirm the domain name when checking out - does it change?
- Utilize the WhoIs domain name tool to see how long the domain has been registered
- Check independent online rating companies like Google, Reseller Ratings, Bizrate, BBB, etc
- Is the site using an independent site to make sure they are secure from hackers?
- Google the phone number
- If anything seems amiss, use Google Check out or Paypal
Check out this video to SEE some of these tips in action (and read on for more info on each one!):
1. Green Bar in Browser
First, a little history: most web browsing has always been and still is completely unsecure. Many years ago, website owners began installing something called an SSL certificate onto their web servers, which allows the communication taking place on the website to be encrypted while it was being transmitted over the internet. Sounds great, right? The problem with SSL certificates is that ANYONE can get one in about 5 minutes, and it doesn't necessarily protect you. The data is encrypted but there is no guarantee that the vendor you are dealing with is safe or legitimate - your encrypted data could still be sent to a scammer! A few years ago, Microsoft introduced something called SSL Extended Validation (SSL EV), or "the green bar" feature. Unlike an SSL certificate, which anyone can get, it is very difficult to get a SSL EV certificate. The company that is requesting an SSL EV has to go through an extended validation process which includes an audit of their physical location, validation of their company/tax info, and lots of verification to make sure that the company is who they say they are. Individuals are NOT allowed to get a SSL EV Certificate, and companies are required to have been in business for many years in order to qualify for one.
If you are using any of the following browsers, you can look for the green bar at the top of the page:
- Internet Explorer 8 or greater (Win)
- FireFox 3.6 or greater (Mac or Win)
- Safari 4 or greater (Mac or Win)
See the below examples, which were viewed in a Firefox browser:
A site with the super-secure SSL EV "Green Bar":
A site with the traditional SSL "Blue Bar":
2. Domain change when checking out
You REALLY need to watch out for this one. Many inexperienced (or sneaky) web developers use this technique. It's an easy one to watch out for, though. When you check out, keep an eye at the domain name and confirm that you are still at the same site throughout the checkout process. Let's say you are shopping at OurStore.com - if that changes to SomethingElse.com as soon as you hit "check out", that's a problem! Sometimes, when you are taken to a different site to enter credit card or other personal information, the new site emails your information to the original site owner. This is a VERY insecure method and should be avoided at all costs. It is not safe at all to send credit card info via email. This is why switching servers during checkout is not good for the shopper!
We have found that during checkout on some sites, the shopper is taken to a site called aitsafe.com. With a little research, we noticed that this site provides an Extended SSL EV certificate (no green bar), and some sites are even using this server WITHOUT using SSL to collect credit card info. This is not good. aitsafe.com is likely a fine company themselves, but it's simply not a wise practice for online resellers to conduct business this way.
3. WhoIs Domain Name Lookup
When a domain name is first registered, the owner's name, address, and registration date are all saved. Every individual and company that registers a domain name has to go through a similar process, and this information is easy to look up - think of it like using the Yellow Pages to verify a store's information. http://whois.domaintools.com is an easy-to-use website that allows you to enter a domain name, and it will show you the information of the website owner. This is a great tool to help you confirm that the company you're buying from really is who they say they are. Tip for Mac Users, Open Applications -> Utiltities -> Terminal and type in "whois domain.com".
Verifying that the information on a company's website matches what they provided when they registered their domain is a good sign. If the registered address is a physical address, that is preferable to a PO Box.
Of course, the companies that register domains have figured out a way to make domain registration private, kind of like an unlisted phone number. If you are doing business with a company that has a private registration, you have to ask yourself - why doesn't this company want me to see their phone number or address? If you can see the domain owner's address or phone number, you at least have somewhere to go knocking if there is a problem, but a private registration may be a red flag.
Besides seeing if the information is hidden (or private), you can also see how long a domain name has been registered. If a domain name is private and was registered in the last few weeks or months, that could be a HUGE warning sign - perhaps the company goes around and scams people, closes up the offending domains, and opens another one next month.
In the example below, the domain name is hidden (it says "Private Registration"). The domain name was registered on Feb 28, 2006.
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: XXX.COM
Created on: 28-Feb-06
Expires on: 28-Feb-12
Last Updated on: 01-Mar-10
Private, Registration XXXX@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
4. Check Independent Online Rating Companies like Google, Reseller Ratings, Bizrate, BBB
If a company has an online store, many of them use the services of independent survey companies that allow the purchaser to rate their experience after purchasing a product. Many will give each shopper the option (it is opt-in, not required) to rate the company. If you agree, the independent company will contact you (via email) after you purchase to make sure that you got the item, how quickly it shipped, whether it was what you expected, and other general questions about your experience with the reseller. Once you rate your experience, your ratings and comments will be visible for future shoppers to see. Individual ratings are not that important, because there is always someone that will find something to complain about (don't necessarily discount an online store just because one shopper gave them a poor review), BUT the overall rating will be very telling. If a company is indeed a "bad apple", their overall rating will obviously show that. And if a company doesn't even offer a way to view their ratings or for you to rate your purchase, that can be a bad sign, too!
The most popular companies that rate are: Google Checkout , Reseller Ratings , BizRate.com and the BBB.org
5. Is the site using an independent site to make sure they are secure from hackers?
Everyone has heard of McAfee for protecting Windows computers - well, they also offer a similar service for web store owners, called "McAfee Secure". This service costs money for web store owners to use, and works like this: every day, McAfee probes and looks for security problems within a web store. If they find a problem, they immediately notify the web store owner. If the web store owner doesn't fix the problem within 24 hours, they could lose their "Secure" standing.
If you see the logo below, it indicates that the site you are on is secure from hackers. Of course, be sure to check the date that the web site was last scanned so you can make sure it's up to date!
6. Google the phone number
This is so obvious, but it can tell you so much about a company! Open Google and enter the phone number that the online store provides on their website (or the one you found in the WhoIs search) in the XXX-XXX-XXXX format and see what comes up. If this is a published number and there is mention of the phone number on different web pages, you will find results for the phone number. Google may also be able to match the address to the phone number for even additional information.
Another tool that can be used for the phone number is http://www.fonefinder.net. This web site will tell you the location of the phone number and what carrier is used; just enter the area code and prefix and you can see the location. This can also tell you if the phone number is a mobile number or a landline (do you want your online store's tech support to be a single cell phone number? How can they answer more than one call at a time or how can they take more then one order at a time?).
7. Use Google Check out or Paypal
If you are dealing with an online store that you have never dealt with before, you may be better off NOT giving your credit card information to them if possible. If the store accepts Paypal or GoogleCheckout, these are great alternatives to pay the merchant without revealing your credit card information. Paypal and GoogleCheckout allow you to set up an account and provide your credit card and personal information to them, and then they pay the merchant for you - the merchant NEVER gets your credit card info. Of course, your name, shipping address is revealed - how else could the online merchant ship your merchandise to you? - but your payment information remains private. One added feature of GoogleCheckout is that they can even shield your real email address from the online store. This is a nice benefit as it prevents the online store from sending you spam/email junk in the future.
We hope that you find this guide useful in determining which online stores are safe enough for your purchases! We are sure that there are other tips and tricks that experienced online shoppers have been using over the years, so please be sure to share and discuss them at the link below; we will keep this article updated with any other appropriate ideas that are discussed. Thank you and we wish you happy - and safe - shopping!
Discuss and share your tips at Purchasing Online Safely