How to Stay Safe While Shopping on Your Cellphone

A young woman looks at her phone while holding a coffee cup in her other hand.

If you're using your phone to shop more often these days, you're not alone. Since COVID-19 restrictions inspired a surge in mobile shopping over the past year or so, using your phone to buy groceries, place a pickup or delivery order, or access a retailer's dedicated app to buy stretchy pants is now a routine occurrence.

But is it safe? With a little caution and a lot of care, it can be.

The Risks of Shopping on Your Phone

Shopping by phone carries many of the same risks as shopping online using your home computer. The main concern in both cases is that the payment and personally identifiable information you share could lead to identity theft and fraud. Here are just a few of the ways mobile shopping can lead to trouble:

  • Using public Wi-Fi exposes your data to hackers.
  • Viruses, malware and ransomware infect your phone when you click a link in an ad, email or text message, or inadvertently download a malicious app.
  • Phishing emails or texts lure you into sharing personal identifying information with fraudsters.
  • Your phone itself is stolen and its information accessed.
  • A site you shopped with experiences a data breach.

Identity theft can lead to a variety of problems including account takeover fraud, where criminals use your login information to access your accounts. Once in, they may make changes to lock you out of your account, make unauthorized purchases or gain access to your other accounts and personal information. If your payment information is compromised, a fraudster might rack up thousands in credit card bills before you even notice.

How Can You Protect Yourself While Mobile Shopping?

Keeping your information and identity safe is clearly a priority. By taking these steps, you'll be better equipped to stay safe while shopping from the comfort of your phone.

1. Protect Your Phone

  • Use biometrics and a strong passcode. This helps keep intruders out of the sensitive information you have stored on your phone.
  • Keep your phone's software updated. Outdated software can make you more vulnerable to hackers.
  • Look into antivirus software. You may associate antivirus software with desktop computers, but it's a valuable asset to have on your smartphone as well. Anything that accesses the internet could be vulnerable to a virus.
  • Only download trusted apps. Beware of fake apps in the app store or invitations to download unfamiliar apps that arrive by email or text (even if they purport to be from a trusted friend).
  • Consider cellphone identity protection. Cellphone ID protection may be available through your wireless carrier, though you might also consider getting general identity theft protection for broader coverage.

2. Connect Safely

  • Don't shop on a public Wi-Fi network. If you must shop or do your banking when you're on the go, your phone's cellular data is encrypted and will do a better job of keeping your information private. As an added safeguard, keep Wi-Fi and Bluetooth on your phone turned off when not in use so you don't inadvertently connect to a strange network or device.
  • Consider a virtual private network (VPN). Signing up for a private mobile VPN can be relatively inexpensive and will add an extra layer of security to your mobile shopping.
  • Only shop on trustworthy sites. Shop with retailers you know and be wary of offers you see in social media ads, email or texts. Verify that the site you're using is real and secure. Using your mobile browser, look for the letters "https:" at the beginning of the site's URL. This tells you their site is encrypted for better security. Also look for the "lock" icon next to the URL when you're on the payment screen.
  • Use unique passwords on each site you visit. A password manager can help you generate strong passwords and keep track of them.

3. Keep Your Information Private

  • Avoid storing your information. Use guest checkout whenever practical and don't allow retailers to save your payment information. If someone gains access to your account, they can make purchases without needing your credit card number.
  • Use a digital wallet like Apple Wallet or Google Wallet. Digital wallet apps don't store your credit card number on your device and don't even share it with merchants in most cases. The number the merchant sees is only associated with the app and not your actual payment information, which makes it useless to a hacker even if it is somehow pilfered. Securing your phone with biometrics makes it even harder for a payment to be made without your permission.
  • Consider using a payment platform like PayPal. Third-party payment apps put a layer of security between your card information, the retailer and any prying eyes trying to get ahold of your data.
  • Be selective with the apps you install. Apps can be convenient and secure, but be cautious. It's possible that an app you install could harbor malware and act as a Trojan horse to steal your data. Even when apps are legitimate, they may be gathering and selling your information.
  • Set up two-factor authentication on your accounts. This security measure requires that anybody trying to access your account (yourself included) take an extra step to verify their identity. It can be a very effective way to keep fraudsters out.

What to Do if You Suspect Identity Theft

No matter how careful you are, it's a good practice to monitor your accounts for signs of compromise. Check your credit report regularly for any inquiries or accounts you don't recognize. You may also want to set up credit monitoring, which will alert you to new credit inquiries or when a new account is opened in your name. Take a look at your debit and credit accounts frequently for unfamiliar charges and consider setting up account alerts that text you whenever a transaction is made.

If you suspect identity theft, consider following these steps:

  • Contact your card company to report the problem.
  • Visit the Federal Trade Commission at IdentityTheft.gov. Report a theft, get a recovery plan and assess your need to report the incident to local law enforcement.
  • File a fraud alert that will ask creditors to verify your identity before issuing credit in your name. Filing a fraud alert with any of the three credit reporting agencies (Experian, TransUnion or Equifax), will trigger an alert with the remaining two bureaus.
  • Consider a temporary credit freeze that prevents new credit from being opened in your name while it's in place.
  • Change your passwords on any account that's been affected—directly or indirectly—by identity theft. If any of your other accounts share a password with the account that's been compromised, be sure to change it too.
  • Continue monitoring your accounts.

Proceed With Caution

Your mobile shopping habit probably isn't going to go away anytime soon. Taking the time now to shore up security can help you enjoy the convenience and speed of shopping by phone well into the future. Be mindful of where and how you shop, and monitor your accounts and credit to keep your information as safe as possible.