Subscribe to Entrepreneur for $5

Guarding Against Online Identity Theft

As online shopping continues to grow in popularity, our expert shows you how to protect yourself and your website against identity theft.

Opinions expressed by Entrepreneur contributors are their own.

Online shopping is faster, easier, and sometimes, cheaper. According to a survey recently conducted by the USC-Annenberg School Center for the Digital Future, the number of online purchasers rose to its highest level in the history of the study at 51.1 percent. But, unfortunately, as consumers become more comfortable with online shopping, cyber crooks are getting better about finding newer, sneakier ways to trick them into passing on personal information for their own gain.

So what's a consumer to do? Be proactive. Todd Davis, CEO of ID prevention company LifeLock in Tempe, Arizona, says a good first step is to place a alert on your credit report prior to becoming a victim. "Placing a fraud alert with the major credit bureaus--, Experian and TransUnion--is a great frontline of defense." By doing this, Davis explains, any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.

The LifeLock CEO is so confident in fraud alerts that he was willing to give us his Social Security number for this article. "I want people to understand, number one, your information's out there. The idea that you're going to hide it is impossible." But by placing a fraud alert on your credit report, Davis believes consumers can stop from occurring altogether. (If you decide to do this, understand that you need to re-issue a fraud alert every 90 days, unless you've already reported an identity theft to the credit bureaus, in which case the fraud alert lasts for seven years.)

Placing a fraud alert on your credit report is just a first step. Here are four more ways you can avoid unsafe online transactions:

  • Before you provide any personal information online, always check to see that the padlock at the top or bottom of your browser is closed and locked.
  • The webpage address you're doing with should begin with "https:"--this means that a secure connection has been established. The main home page of the site may not have "https:", but once you begin entering any personal information on a separate page, it should appear in the browser.
  • Check the site you're on for any third-party verification devices, such as VeriSign, TRUSTe or the Better Business Bureau. Also check for contact information. Be cautious of any sites that don't offer a phone number.
  • If a site asks you if you'd like to keep your credit card information on file for future use, say no--this could be unsafe if a cyber crook were to hack into the retailer's database. Instead, provide your card number with each purchase you make.

If you do happen to fall victim to identity theft, here are the top five steps Davis recommends you follow:

  • Call the three major credit bureaus. to place a fraud alert on your credit reports. This will prevent an identity thief from opening any new accounts under your name.
  • Shut down the credit card account. you believe has been tampered with so the credit card company can cancel your card, reverse the charges and get a new card out to you as soon as possible.
  • File a local police report. You'll need multiple copies of the report to send to creditors to prove you've been a victim of identity theft.
  • File a complaint with the FTC. It's important that you log any occurrence of identity theft with this agency.
  • Pull copies of your credit periodically. to check for new fraudulent charges. Once your information's out there, it can be resold multiple times, so it's a good idea to regularly check your credit report, especially during the first year after you discover the identity theft. For more detailed information from the FTC on what procedures to follow if you become a victim, visit their identity theft site.

As a business owner, you want to do all you can to protect your online customers and make them feel secure when they shop on your site. If you operate a retail website, here's some expert advice on how to help make your site safer for your customers:

  • Set up a secure website. Set up firewalls and SSL encryption, and get third-party verification from a company like VeriSign or TRUSTe. "VeriSign is probably the best for transaction verification," says Davis, "while websites like TRUSTe are extremely good for making sure your site isn't hackable."
  • Scan your website for vulnerabilities. Christopher Faulkner, CEO of CI Host, a Dallas-based web hosting and website management company, recommends using a company like ScanAlert to scan your website for intrusion points where people can penetrate your security and get in behind the scenes of your site and into your database.

Post your privacy policy very clearly on your website, usually in the footer at the bottom of the page. "Your privacy policy should contain information on what kind of data you're collecting, how you're going to collect it, how you're going to store it, and if you're going to sell it to third parties," Faulkner says. "More importantly, I've seen a lot of merchants now updating those privacy policies with what types of security measures they're taking to store that data."

Entrepreneur Editors' Picks