Are you worried about giving out your personal information when shopping online? You should be. It seems like not a week goes by without news of another massive data breach where hackers gain access to personal information like names, addresses, phone numbers, email addresses, and credit or bank card numbers of customers. This is often enough information to commit financial fraud or even identity theft. In this post, I will provide some simple steps that you can begin taking immediately to protect personal information when shopping online.
All of the tools and techniques described below boil down to one simple idea:
Provide real but alternative or ephemeral information that does not compromise your main accounts and personal identity.
It is unfortunate but true that we can no longer trust many large organizations, even some of the most trusted–see the Equifax case–with our personal information. At the same time, it is difficult if not impossible to withdraw from the modern, online economy.
Luckily, there are a number of new tools that will allow you to shop online while keeping your personal information protected. This involves providing ephemeral, alternative, or even alias information when making a purchase online.
Let me address one concern that many folks might have. Isn’t this illegal or at least dishonest?
First, it is not illegal. With the tools and methods I will describe below, you will still be paying the bill with your own money. You are merely providing a layer of protection between yourself and the online retailers and organizations who have proven time and again that they cannot be trusted with our personal information.
But what about dishonest? If you provide an alias name for making a purchase, that could be considered dishonest. You will need to decide for yourself if that runs afoul of your own ethics. My personal view is that in many cases the organization requesting a name does not really need that information anyway, so there is no harm to not providing a name or providing an alias name if necessary. Ask yourself, “Could I pay cash for this if I went to a physical store?” If so, then the merchant probably doesn’t really need your real name. You will have to make your own decisions in this regard.
Online Purchasing Strategies to Protect Personal Information
There are three levels to protecting your personal information when shopping online. The first involves merely protecting your primary account passwords, credit and bank card numbers. The second and third levels involve taking steps to protect your primary email address and phone number, as well as name and physical address.
Level One – Use virtual payment cards & dedicated passwords
The easiest way to begin protecting personal information when shopping online is to stop giving out your real credit or bank card information. This does not mean giving out fraudulent credit card numbers! Instead, it means using one of a number of new tools that allow you to create credit cards that can only be used for a purchase of a particular amount, by only one vendor, or a combination of the two. These tools include:
Privacy – My favorite tool is simply called Privacy. This tool provides both an app for your phone (iOS or Android) and a browser extension. It connects to your bank account and when you want to make a payment online, you can create a virtual card to provide to the online merchant instead of providing your real bank card number. You can do one of three things:
- Create a card that can only be used for the amount you need for the purchase you are making. Once the merchant charges the card, that number cannot be used again. If it is stolen, the hackers get nothing.
- Create a card that can only be charged by one merchant. This could be useful for recurring payments like your Netflix, Hulu, or even electricity bill. If the number is stolen and anyone else tries to charge it, the charge will be declined.
- Combine 1 and 2. You could create a card that can only be charged by one merchant and for a specific amount. Your monthly Netflix, Hulu, or cable subscriptions are likely the same each month. You could create a card for each and in the amount of the monthly charge. This provides one more layer of protection.
In all of these cases, when one of your Privacy cards receives a charge, the amount is deducted from your bank account. You pay your bills, but you don’t give out your real bank card number in the process. Definitely go sign up and give it a try!
Blur – Another tool that I use is called Blur. This tool also lets you create virtual cards for use during online shopping. Instead of connecting to your bank account, however, it connects to one of your real credit card accounts. There is a small fee for creating virtual cards using Blur. It is available for iOS, Android, and with a browser extension.
SudoPay – Another tool that is similar to Blur is SudoPay. This tool connects to your Apple Pay app on your phone and allows you to create virtual cards to use online or to give as gifts. Unfortunately, so far SudoPay is only available for iOS at the moment and also appears to be closed to new sign-ups while the app is upgraded. Hopefully this means that Android support is coming soon? Fingers crossed!
Passwords & Password Managers
Finally, in many cases, you will need to create an account on an online merchant’s website to make a purchase. You should not use the same password for these accounts as you use for other accounts.
Ideally, you should be using strong, unique passwords for each of your online accounts. You should use a password manager like Lastpass, Dashlane, or 1Password to help you generate, store, and fill in those passwords.
At minimum, however, if you have been reusing passwords on multiple sites (and many people do), you should at least make sure to use a password for online merchant accounts that is different from those used for banking, credit card, medical, or other vital accounts. Of the tools mentioned above, Blur can also help here as it comes with a built-in password manager.
Level Two – Use a Different Email Address and/or Phone Number
You can think of Level One as the basics. If you do nothing else recommended here, you should give these a try. They will go a long way towards helping you
- Protect the passwords for your important online accounts by using different passwords for your online purchases, and
- Protect your bank and credit card numbers by providing alternative or ephemeral numbers that will not cause you harm if they are stolen in a data breach.
But, to take your efforts to protect personal information to the next level, you should consider providing alternate email addresses and phone numbers to online merchants that require this information. Theft of your personal email address or phone number in a data breach provides criminals key information to commit fraud against you, against your family members, or to begin the process of stealing your identity. To help prevent this, we can provide alternate email and phone numbers that work to allow merchants to contact us if necessary, but do not compromise our primary email account and phone number.
Again, two of the tools mentioned above can help in this regard. SudoApp allows you to create up to nine free “sudos.” These are identities that can use your real name or an alias name. Each one can have its own email address and working phone number. You can send and receive encrypted emails, texts, and phone calls from each. You can create a “sudo” that is used only for online shopping. It could be in your real name, but with a new email and phone number.
Similarly, you can use Blur to create “masked” email addresses and a “masked” phone number. You could create a dedicated email address for each merchant account you create and have any messages to that address forwarded to your primary email account. This way, no merchant has your real email address, but you will still be notified if the merchant contacts you about your order. Similarly, Blur allows you to create one masked phone number for free. You can give out this number instead of your real number. If it receives a call or text, you will receive it at your real number.
Finally, if you just need an alternative email address, check out 33mail.com. With this tool, you can set up your own name for your account and then create as many disposable email addresses as you like. For example, let’s say you created an account for “supershopper.” If you go to make a purchase at Macy’s online, you could enter the email address “firstname.lastname@example.org” instead of your real email address. If an email is sent to that address, it will automatically be forwarded to you at your real email address. You could do this for each online merchant so that none of them have your real email address, or even the same email address. You will still receive any communications from them about your account or orders, however. Win-win!
Level Three – Use Alias Names for Billing and/or Shipping
Other steps that you might consider could include using an alias name for billing and/or shipping. Companies often sell your data, including your billing and shipping address information. This is one way that such information ends up populating so-called “people search databases” like Spokeo, Intellius, and many others. Using an alias name can help populate the system with misinformation that can help mask your real information.
Privacy, Blur, and SudoPay all allow for using alias billing name and address for making purchases using their virtual cards. For shipping, you could opt to send your package to your real address, but to an alias name. Eventually, this alias (and any others you use for this method) will be associated with your home address. Again, this provides a level of obfuscation and protection over time.
Going Old School
Of course, you can also consider getting a Post Office Box or a mailbox at a commercial mail receiving service like the UPS Store. Again, this allows you to receive delivery from online merchants without needing to provide your home address.
Unfortunately, all of our personal information is at risk these days when we shop online. Regardless of who is at fault, the fact is that we can no longer trust most organizations with our personal information. Online merchants in particular are constant, juicy targets for criminals who want to steal our information. They use that information to raid our bank accounts or steal our identities. The tools and techniques described above can allow you to take steps immediately to protect personal information while still enjoying the benefits of the online economy.