A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace


Buying items online and conducting business over the Internet

E-commerce (also called e-business) is just another term for conducting business over the Internet. Whenever you buy or sell something over the Internet on sites such as eBay or Amazon, you are engaging in e-commerce.

E-commerce has many advantages for consumers. It lets you buy things at any time, and you can save time and money by comparing the same items on different Web sites to get the best price. With the amount of flexibility the Internet provides, e-commerce is the preferred way of conducting business for many.

However, you can run into some dangers. Online advertisements in the form of banner ads and pop-up ads commonly appear while you access e-commerce sites. These advertisements can lead users to untrustworthy Web sites and install cookies and spyware on computers. It is best to just ignore online advertisements and do not click on them.

When conducting business on the Internet you need to know that your personal and financial information is safe. Credit card information can be stolen while it is being sent over the Internet or later, if the business saves it for further transactions. Along with credit card information, you may also be asked for personal information like your address or date of birth during a transaction. This information could be stolen as well.

E-commerce: security threats & prevention tips

  • Data Theft The unauthorized taking or interception of computer-based information
  • Malware Programs that are designed to harm your computer
  • Phishing Using fake Web sites to trick you into giving away personal information
  • Spyware Software that sends information from your computer to a third party without your consent

E-commerce: common problems and solutions

You need to create a strong password.

Your password helps to protect any personal information you enter online while making a purchase. Follow a few good rules of thumb for creating a password that would be difficult for someone to crack. Use a long password that is eight or more characters and a combination of letters, numbers and special characters, which would be difficult to crack. Don't use your name, username, birthdate, address or any other personal information that would be easy to guess. Never use a blank password, which anyone could figure out.

You never received your purchase from an online auction.

Submit a complaint to the auction site. Popular auction sites, such as Ebay and Yahoo! Auctions provide buyer protection and may refund your money back if they find that the seller was at fault.

Many auction sites serve as an intermediary, which makes it hard to perform verification on every seller or buyer and guarantee each person's authenticity. With less popular auction sites, risk is higher that some items listed do not exist, or a seller is trying to sell the same item to multiple buyers. These fraudulent auctions are usually hard to identify, but there are some measures that can be taken.

Use auction sites that have proven credibility in the past. Then, check the rating that the seller has received from their previous transactions, as an initial step to filter out shady deals. Some sites, however, allow anyone to post comments about sellers, instead of allowing only buyers who have experience with that seller. Thus sometimes sellers themselves use multiple aliases in order to post favorable reviews about themselves. Check the policies of the Web site to see what kind of postings they allow and shop at Web sites that provide buyer protection plans.

You made a purchase over a connection that was not secure.

If you used a wireless connection that was public, it is often the case that this connection was not secure, and your data could have been captured. Check if the Web site sets up a secure, encrypted connection during transmission. If this is the case, your data is secure even over an insecure connection. Most Web sites specify this while checking out. Also, the policy of the Web site usually states how your information is stored once it is transmitted. Ideally, the Web site should store all information completely encrypted.

A good rule of thumb is to check your browser for a small lock icon in the address bar or if the address starts with https://. This lock icon shows up in Internet Explorer 7, indicating that the connection to the Web site is secure.Lock icon Either or both of these signs indicate the connection to the Web site is secure. Furthermore, by clicking on the lock icon, you may view the Web site's digital certificate to verify with whom you are exchanging information. If a Web site's digital certificate is unverifiable, the browser may display a warning, which you should take into consideration by avoiding a transaction with the Web site.

Never carry out a transaction with a website that does not use SSL or some form of encryption. Avoid Web sites that do not explicitly specify this in the policies.

Your browser freezes during a transaction.

This problem is likely due to either an error with the online store or problems with your network. Although tempting, avoid clicking the Refresh or Back buttons on your browser or the Submit Payment button again. This may cause the transaction to occur twice because sometimes the transaction goes through, but the network connectivity prevents you from getting confirmation.

To check your connection to the network, try opening a different Web site. If you can connect, the error lies with the company Web site. If on the other hand, you cannot connect, it indicates traffic congestion or errors on the network, and you should wait until the network comes back on. In either case, close the browser window, and then open the browser again and navigate to the Web site. If the Web site shows you an error, you know that the Web site is down or having difficulties.

Once you are able to connect to the Web site again, login and check to see if your transaction has gone through. If it has not, check your credit/debit cards to make sure you have not been charged. If the transaction has gone through, you may want to call the retailer to make sure the transaction has been processed. It may be a good idea to double check with the retailer or institution in any case, just to make sure.

Connect Safely from Different Places


Businesses can engage in e-commerce with each other through sites called B2B (business-to-business) services. With B2B services, you can save time and money by getting quotes from a number of suppliers.

When conducting business on the Internet you need to know that your personal and financial information is safe. Credit card information can be stolen while it is being sent over the Internet or later, if the business saves it for further transactions. Along with credit card information, you may also be asked for personal information like your address or date of birth during a transaction. This information could be stolen as well. If you are using a company account or credit card, you should be especially careful selecting secure sites to do business with.


Using a mobile device such as a cellular phone or PDA for e-commerce activities (buying and paying for services or goods online) is called m-commerce. While m-commerce is similar to e-commerce on your home computer, there are certain e-commerce activities that you can only perform on mobile devices. For example, some European countries let you buy soda from a vending machine or pay for parking using SMS cell phone messages.

The dangers of m-commerce are similar to those of e-commerce. Credit card information can be stolen while it is being sent over the Internet or later, if the business saves it for further transactions. Along with credit card information, you may also be asked during a transaction for personal information like your address or date of birth. This information could be stolen as well.

M-commerce must have the same security mechanisms as e-commerce, since you need to know that your personal and financial information is safe when conducting transactions. These mechanisms are special secured Internet connections, such as the HTTPS connection.

On the road

When you use a public computer to access the Internet, never click the option to have a Web site "remember" you. Although this convenient option allows you to skip the login process and personalizes a Web site, it also gives other users of the computer access to your personal information. In order to "remember" you, the public computer will cache your data, which is a high risk because somebody else who uses that machine can recover that data, such as your passwords.

If you perform a transaction at a cyber-cafe, somebody could intercept your credit card information if the Internet connection is tampered with. There are mechanisms that guarantee a secure Internet connection, such as HTTPS.

Most paid public Internet access services (e.g. at cyber-cafes or hotels) require you to pay for the service online. When you log on you are redirected to a special Web page where you indicate the amount of time you wish to purchase and provide your credit card information. You must be careful with where you provide this type of information.

Ethical Issues

The same laws that protect you when you buy something at a store protect you when you buy something over the Internet. Make sure you understand the terms of the transaction and your rights as a consumer.

Legal Issues

Harassing somebody with unwanted or threatening email is illegal and can lead to an arrest. Email can be easily traced back to its sender, so you should never use email as a weapon.

Privacy Issues

Almost all major online stores, such as Yahoo  or Amazon , have a privacy policy. You can usually find the link to the privacy policy at the bottom of the home page, as shown in the example below.

Privacy Policy link

In the privacy policy, you can read about the information the organization collects, how they use that information, how to opt-in or opt-out of communications, the security of their data systems, and who you can contact if you have any questions or corrections. The information they collect could include credit card numbers, full name, address, billing address, and other sensitive information. Make sure to read this policy carefully before buying anything off a Web site.

There are various programs and privacy enhancing technologies (PETs) that have been developed to inform you about the privacy policies of organizations. One privacy seal program is by TRUSTe, an organization that verifies the privacy policies of Web sites that are a part of their program. You can click on their icon on a Web site to see information on that site’s policy. Another PET is called Privacy Bird , which is a tool you can install on your Web browser that uses a bird icon to inform you if a site meets your privacy standards. Privacy Bird also has a search interface using Google and Yahoo! search engines so that when you search for information, you can see if sites meet your privacy standards.

Depending on their policies, companies may keep records or logs of the products you view or purchase. This information may be saved in an electronic archive that the company may be required to turn over to the government or law enforcement officials if asked. If you have questions about how a company stores your data, check their privacy policy.

My home page