Written by: Craig Haynie

If you are reading this blog article chances are you shop online. Personally, I couldn’t imagine a world without eBay, God bless Pierre Omidyar and the guy that had an affinity for broken laser pointers.

Those of us whose profession is in IT usually have a natural talent for sensing when it’s safe to buy from a website or not. It comes from seeing the ins and outs of what makes a website work, work better, and work securely. However for most it’s a shot in the dark. To get a feel for the security of the company you plan to buy from you should watch for these things:

Does the site LOOK safe? This may seem a bit silly but seriously, does the site look like it was designed by a 3rd grader? (I say 3rd grader because we all know that most 5th graders are self taught code ninjas who can design circles around 40 year old’s 😉 ) If you wouldn’t hand your money to a PERSON that looked like the human equivalent of this website why would you poke your 16 digits into this crayon box of a cash register? If it stinks, cover your nose with one hand while putting your wallet away with the other.

Does the site WORK? If the site is full of links that take you nowhere, is missing product descriptions, has no product images, has broken pages, or site errors, etc. run. Whoever started this site is at their real job right now. They are not even making sure the site is functional, much less secure.

Look for the padlock When non encrypted data passes from your PC to the website you are browsing it travels in plain text which means that anyone who makes it a point to capture this data can see exactly what information you are submitting to the site. This is normal (the non encrypted part, not the capturing and seeing part). This is typically not important until you start sending sensitive data to the website by completing checkout forms, etc. Once you begin the checkout process on a website, or are on any page where you are asked to enter sensitive information, the communication should be secure using Secure Socket Layer (SSL) data encryption. It is outside the scope of this article to explain how that works but trust me when I say it’s good, wonderful, and necessary! To know that you are on a secure page you should look for “https” in the address bar and a padlock at the top or bottom of your browser window. This will alert you that the site is secured by an SSL certificate. You can click the lock to view information about the certificate such as the level of encryption, who issued the certificate, etc.

Look for security logo’s There are companies that specialize in verifying and monitoring a website’s security. McAfee and HackerSafe are among them. These companies will check the company out to make sure their site is secure and will monitor it daily to ensure it stays that way. What’s more, these services cost thousands of dollars per year. If the company is using one of these services it is likely they care about security and are selling enough product to afford the service. NOTE: Seeing the logo is not enough. Anyone can copy the image of the logo from someone else’s website and display it on theirs. You need to look at the date that is displayed on the logo (look at the one on our homepage) to make sure it is current and also click the logo to be taken to the security company’s website to verify they are a client.

Is there a phone number on the site? I would be lying if I said that a company must put a number on their site to be legit, however if there is no phone number on the site there is a reason. Think about it, if you had a website selling a product what would be the reason you wouldn’t list a phone number? Here are a few reasons that come to mind:

– The owner of the site has a day job, the site is a hobby, and they cannot accommodate or be “bothered” with phone calls, probably because they are at work. It may seem obvious but do you really want to buy from a seller in this situation?
– The seller gets a million phone calls a day concerning problems with orders or problems with product quality, etc and rather than finding a solution to the problem they found a solution to the symptom (the phone calls).
– The whole thing is a scam. It’s not difficult to setup a simple e-commerce website, especially for someone who is out to defraud the public and does this frequently. It’s not as likely as the other reasons but it’s possible.

The company should also have a physical address on thier site (unless they operate outside of time and space in which case a daily UPS/FedEx pickup would be difficult and you would likely not receive your product). There is a difference in someone “in the business” of selling XYZ and someone who is taking a stab at a new career. You should be able to tell the difference.

Ask Others If you are still unsure about the website you want to buy from you should ask around, search the web, post in a forum, etc. For instance, we sell Cisco and network related products so if you wanted to know more about us you could post in a technology related forum like Tek-Tips or Experts-Exchange, etc. Asking others that may have bought from the company in the past is a great way to learn about them. Search the web for the company’s name, you might find a customer complaint on a forum. Finding one complaint doesnt mean the company is not to be trusted but it can confirm a fear if you already had doubts. For instance, if you searched the web for complaints about Walmart you are sure to find one, but that doesnt mean they are not a good company.

Trust your gut If you don’t have a good feeling about the company, keep looking. There are plenty of honest and dependable retailers on the web and there is generally no reason for you to be stuck buying from just one. If you are set on buying from the company and it’s just their site that you don’t trust, give them a call. There are plenty of otherwise great companies with horrible websites. You should still be diligent when buying from a company over the phone to make sure they are legit but I suspect that if you were on the fence before calling you will fall one way or the other when they answer (or don’t answer) the phone.

Be safe .. I don’t want to see you on the evening news.  : )

Comments: 2