Online Shopping and Payments

See also: Online Banking

In the 25 years since Amazon was founded, online shopping (or e-commerce) has become ubiquitous. Almost every ‘real world’ retailer now has an online presence, and there are many more online-only retailers like Amazon. Purchases are now little more than a click away.

Alongside the expansion of online shopping, we have also seen an expansion of online payment platforms. Supported by a relaxation of banking regulations—and you can find out more about this in our page on Online Banking—more and more providers now offer payment services via smartphone app or an account on your laptop.

This page explains more about how to stay safe when shopping online or making payments with online providers.

What is e-commerce?

E-commerce is defined simply as commercial transactions carried out electronically, over the internet.

How safe is e-commerce?

Six years ago, 80% of investigations on data breaches related to payment cards were from point-of-sale payments in shops. In 2020, that figure had fallen to 20%, and 80% of all investigations were related to e-commerce, online shopping. Having said that, in 2020, there was also a huge growth in e-commerce because of lockdowns around the world, and much less visiting ‘bricks and mortar’ shops.

However, e-commerce is probably significantly safer than using an ATM (cashpoint). One report suggested that 92% of ATMs were vulnerable to some kind of hack.


E-commerce may be via retailers’ own sites, or marketplaces such as Amazon, Etsy or eBay. It may also use a range of payment systems.

Online Payment Methods

There are three main ways to make a payment online:

  • Using a credit card;
  • Using a debit card; or
  • Using an online payment service provider such as PayPal.

These options all have advantages and disadvantages.

Using a credit card is good because your liability is limited if your card details are stolen. The precise details of the limitation vary by country or region, because they are set out in regulations—but you can be reasonably confident that you are protected against theft and fraud of your card details.

However, there is still a risk of theft, so you may want to consider keeping one credit card that you only use online. This will mean that if you need to cancel it, you will still have other payment options until a replacement can be sorted.

Debit cards are convenient because you are not left with a potential bill at the end of the month. Many banks offer similar protection to credit cards. However, if your card details are stolen, any fraudulent payments will be taken direct from your bank account, which may cause problems such as overdraft fees or inability to make other payments.

If possible, therefore, use a credit card if you want to use a card to pay online.

The third option is third-party payment services such as PayPal. These allow you to provide a credit or debit card number to the payment service provider, and NOT the merchant. Your card details are therefore only held in one place, rather than (potentially) hundreds. This limits the potential for your card details to be stolen.

You can increase the protection available by using a credit card via your payment service provider. This means that your liability is limited AND your card details are held in fewer places. It also means that if you have a dispute, you have options to go to both the payment provider and your credit card company.

WARNING! BACS transfers are NOT protected

Some retailers do not have online payment facilities. Instead, they ask you to pay with a direct bank (BACS) transfer. Some also allow you to go to the shop to collect your goods, and pay by card, cheque or cash when you get there. This is often true for small retailers (for example, voluntary groups), because the charge for online payment provision can be prohibitive.

This is fine if you know the shop exists—for example, if you have previously visited it, or it is a reputable organisation.

However, it is NOT a good idea to make a BACS transfer without knowing that the shop exists. You are NOT protected in the same way as if you make a payment by credit or debit card, and you may be unable to recover the money if the transaction turns out to be fraudulent.

Indeed, even if you know the shop exists, it is worth checking with the shop that this website is genuine. Call or email them first—and find the number or address via an independent source, NOT the e-commerce site.

Preventing Problems When Shopping Online

When you walk into a store in real life, you know that the goods exist. You can pick them up, touch them, and check their quality. When you pay, you are given the goods in return.

Even then, you may still have problems.

The goods might turn out to be very poor quality, or not what they look like (fake or counterfeit goods, for example). Even if there is no problem with the goods, you may be unable to get a refund, only an exchange, if you simply decide you don’t want them.

These problems are multiplied many times when you buy online.

You may not know if the retailer actually exists, or if this site is genuine. You may find it very hard or expensive to return goods. You may find that your card details have been stolen or cloned, and you have been subject to credit card fraud.

This means that e-commerce can feel a bit threatening, especially when you first start to shop online. However, the sheer convenience means that many people are prepared to overlook the problems—or at least take action to protect themselves.

There are a number of things you can do to prevent problems, mostly around doing your ‘due diligence’:

  • Check the website address

    If it is a ‘bricks and mortar’ retailer that you already know about, check that the website address is consistent with what you would expect. Most big retailers have fairly simple domain names:, for example, or If you see numbers or additional words that you wouldn’t expect, be wary, because it may be a ‘pharming’ site (fake site set up to look like a genuine one).

    The best way to manage this is to use a search engine to find your chosen retailer: fraudulent sites are very unlikely to be high up in the results (unless they have paid for an advertisement). The first of the organic search results will most likely be your retailer if you search by name.

  • Check review sites

    For online-only retailers in particular, check review sites, and look at what people are saying. You can also search for ‘Complaints about [retailer name]’ and see what comes up. If there is any doubt about the quality of the service, don’t buy.

  • Check the company’s returns policy

    Many companies ask you to pay postage on returns, especially if they offer free postage on initial purchases. Particularly on marketplaces such as eBay, it is also worth checking where the goods are coming from. If they are coming from China, with free postage, you are NOT going to want to pay to return them. Indeed, it could cost more to return them than the goods are worth.

  • Be aware of your consumer rights—and make decisions accordingly

    For example, when you buy in a store in the UK, retailers don't have to give you a refund (just a credit note) if you simply decide you don't want the goods.

    When you buy online, it's slightly different, and they must give you a refund for unwanted goods provided they are returned within 14 days. It is therefore important that you return unwanted goods immediately if you want a refund. Any longer and you might be stuck with a credit note.

  • Consider using online marketplaces rather than individual seller sites

    Many smaller retailers now choose to sell via an online marketplace, rather than have their own e-commerce site. This can reduce their costs—but it also helps you as the customer.

    By using these marketplaces, you have a relationship with the seller themselves—but you also have a relationship with the marketplace. If you have a dispute with the seller, for example, if the goods don’t arrive and the seller doesn’t respond to your messages, you can take this up with the marketplace. It may be able to provide a refund directly. This gives an additional area of protection.

  • Check where the goods are coming from—and your tax liability as a result

    The internet is global. It allows you to contact people—including retailers—from around the world. Sometimes this is a great thing. At other times, it may catch you out.

    There is a growing trend for goods to be sent direct from where they are manufactured, especially when you buy via marketplaces. Many of the retailers on Amazon and eBay, for example, are dispatching goods from China. This is good in many ways, because it keeps the costs low.

    However, you may be liable for import tax on some goods from some places. It is worth checking your liability before you buy, to avoid your cheap goods turning out to be much more expensive than you were expecting.

    Your consumer rights may also be different if you buy from a company abroad.

Further Reading from Skills You Need

The Skills You Need Guide to Living the ‘New Normal’ in the Age of Covid-19

The Skills You Need Guide to Living the ‘New Normal’
in the Age of Covid-19

This eBook is designed to help you through the process of ‘going digital’ and managing other aspects of life during a pandemic.

From how to get yourself online, through how to keep safe, to working, learning and staying in touch with friends and family remotely, the Skills You Need Guide to Living the 'New Normal' in the Age of Covid-19 covers the key skills you need to survive and thrive.

Protecting Your Personal Information

When you buy online, it is also worth taking some general actions to keep yourself protected against fraud and theft of your personal details.

  • Do NOT use public Wi-Fi for any payment transactions unless it is unavoidable.

    Your own data connection at home is more secure. It is also worth avoiding mobile payment apps that connect through public Wi-Fi hotspots. If you are in public, make sure that nobody else can see your screen.

  • Always check the security of the website

    This is especially important if you are using public Wi-Fi, but it applies to any transaction. Make sure that the website is encrypted. Secure sites will have a url that starts ‘https’ not ‘http’ (the s is for secure). You should also see a little padlock symbol next to the address bar.

    You can also look at the website’s security certificate. If you click on the padlock symbol to the left of the address bar, you will see information about who has registered the site. If you see a warning about the site certification, it is best to avoid that site.

  • Keep your anti-virus and anti-malware protection up-to-date, and scan regularly

    This is important for anything that you do online, but even more so when money is involved. There is more about this in our page on Protecting Yourself in the Digital World.

  • Use strong passwords for any account associated with money

    We all understand that it is difficult to have unique passwords for everything. However, it is worth making the effort for any site where you plan to provide payment details and other personal information.

  • Act quickly if you think that your card has been used by someone else

    Contact your card provider or bank in the first instance. Some also have options to stop or freeze cards via a mobile app, which may be useful outside normal business hours.

A Simple Rule

Finally, there is one simple rule to keep in mind when shopping online: if something looks too good to be true, it probably is.