Skip Header
U.S. flag

An official website of the United States government

FDIC Consumer News

Spring 2014

Safe Shopping, Buying and Paying: How to Protect Your Money

Couple shopping online

Criminals often try to steal money or commit fraud by targeting consumers as they are buying and paying for things or by obtaining valuable personal information from previous purchases. We have compiled simple ways to help you be as safe as possible.

When Shopping in Person

Provide only the information that you are comfortable giving. Be careful about sharing your Social Security number with a merchant. "A retailer may legitimately ask for your Social Security number and other personal information if you are applying for store credit, but that information is not needed for an ordinary sales transaction," said Michael Benardo, Chief of the FDIC’s Cyber Fraud and Financial Crimes Section. "Giving personal information to a retailer when you’re using a credit card is a voluntary decision. If you say ‘no,’ the worst that can happen is that you’ll have to take your business elsewhere."

The Social Security Administration suggests that you "ask why your number is needed, how it will be used and what will happen if you refuse. The answers to these questions can help you decide if you want to give out your Social Security number."

Never "flash" your cash. When paying with dollar bills, keep large amounts of money concealed. You don’t want to attract the attention of a thief.

Only carry the checks, credit cards, debit/ATM cards or cash that you plan to use. The more you take along, the more you risk having lost or stolen. Consider limiting the number of credit cards you own by canceling the ones you rarely use, but weigh the benefits of doing so against the possible lowering of your credit score, which could increase your future cost of credit. And keep your Social Security card in a safe place and not in your wallet.

When Shopping Online

Create "strong" PIN numbers and passwords and keep them secret. Numbers, letters and symbols can be combined to form a password that is tough for someone else to figure out. Don’t write the PIN numbers in your wallet or use your birthdate or address, which can easily be determined if your wallet is stolen. While using the same password or PIN for several accounts can be tempting, doing so can put you at risk that a criminal who obtains one password or PIN can log in to other accounts.

Protect your computer. Install software that protects against "malware" (malicious software that can steal personal information, such as passwords or account numbers you’ve typed). Also use a firewall program to prevent unauthorized access to your PC. Protection options vary, and some are free. Once you’ve installed the software, set it to automatically update.

Be careful where and how you connect to the Internet. Whether you are shopping, banking or otherwise conducting financial transactions online, only access the Internet using a secure connection. "A public computer, such as at an Internet café, hotel business center, school computer lab, or public library is not necessarily secure. You never know if there is security software on these types of computers or if it is up-to-date," said Amber Holmes, a Financial Crimes Information Specialist with the FDIC. "They also may be infected with malware that may capture your credit or debit card numbers as you type them."

Also, don’t use your own computer (including a tablet or smartphone) for shopping or banking if you are unsure about the wireless connection, as is the case with many free Wi-Fi networks at public "hotspots," like coffee shops. "It can be relatively easy for fraudsters to intercept the Internet traffic in these locations," Holmes explained.

In addition to a secure connection, you can have greater confidence that a Web site is authentic and that it encrypts (scrambles) your information during transmission by looking for a padlock symbol on the page and a Web address that starts with "https://." To learn about additional safety features, start with your Web browser’s user instructions. These precautions are not totally foolproof, as evidenced by the recent news about the "Heartbleed" Internet flaw, but they may still provide your best protection. And, be aware that the FDIC and other regulators directed financial institutions to review their security systems and make any needed upgrades as soon as the Heartbleed vulnerability became known.

Be suspicious of unsolicited e-mail offers that ask you to click on a link or download an attachment. It’s easy for criminals to copy a reputable company or organization’s logo into a fake e-mail. By complying with what appears to be a simple request, you may be installing malware. Your safest strategy is to ignore unsolicited requests for personal information, no matter how legitimate they may appear.

Take additional precautions with your tablet or smartphone before conducting online transactions. Consider opting for automatic updates for your device’s operating system and "apps" (applications) when they become available to help reduce your vulnerability to software problems. Use a password or other security feature to restrict access in case your device is lost or stolen. And, beware of unsolicited offers and downloads that come via text message, e-mail or through social networking sites and apps.

To learn more about safe shopping and paying, including key points to remember when using debit, credit or prepaid cards (the latter may not provide the full range of federal consumer protections that apply to the other cards), see previous articles in FDIC Consumer News at And, watch the FDIC's multimedia presentation "Don't Be an Online Victim" at For ways to protect yourself from data breaches, see More About How to Protect Yourself from Data Breaches.