How safe is my personal information at online e-commerce sites?

If you decide to establish a relationship with an e-commerce Web site, they learn a lot about you. Do you wonder what information they collect, what they do with it and how safe it is? If so, read on for the answers.

e-Commerce Information and its Uses

In order to properly handle the processing, payment and shipment of your orders, e-commerce Web sites collect information such as your address, phone numbers, email and payment accounts. This you certainly know already, since you give them this information when you decide to order from them.
In addition, however, there is a lot of other information that you probably do not realize is being collected. Fortunately, this information is not something that most of us would consider a violation of our privacy. Nor does it represent a risk to our identities. For example, Web sites retain information about your preferences to make your shopping experience more personal. They remember merchandise you buy or even consider in order to create recommendations and deliver promotions to your desktop that are likely to interest you. They also allow you to create wish lists and save them.
Other information e-commerce sites collect is used to help improve the technical performance of the Web site and also to help detect or prevent fraudulent use of the site. A good example is the chain of links that you followed to get to their site, as well as all of the pages you visited and even where you went next when you left the site. Online merchants use this information to improve their performance with search engines or evaluate their advertising campaigns. Examining the pages you are visiting and the paths you take as you shop can help them improve the design of their site. And knowing what Web site you go to next can be of particular interest if you don’t buy anything and go straight to a competitor.
Another commonly used piece of information is the Internet protocol (IP) address of the computer you are using. This is useful to help protect your identity and also prevent fraud. For example, if you are using your home computer and they know that, it gives them a high degree of confidence that it is really you. They can also check the geographic location of visitors to their site. If you have never logged in from the Ukraine for example, but someone there is trying to use your password and username, this is a very high probability indication of an attempt to fraud the site.

Where the Data Goes: Cookies and Servers

It will probably surprise you to learn that much of the information e-commerce sites collect and use is actually stored right on your own computer in something called a cookie. A cookie is a text file that can help to remember information about you and your preferences. When you visit a Web site, it looks for its own cookies on your computer and reads them.
A common use of cookies is shopping carts; the cart keeps track of items you put in your cart but have not ordered. That is how when you go back to a site, items that you put in your shopping cart on earlier visits are still there. Cookies are used extensively to help customize your browsing experience at most e-commerce Web sites, and computer experts agree cookies do not represent a security or identity threat.
Of course, much of the information the site gathers is stored remotely. Industry best practices require online merchants to store payment accounts and other important identity information on a different computer than the Web site server, so it can be more secure.
In the e-commerce site’s information systems, two categories of people can access your personal information-those who manage the servers and systems, and those involved with customer service and payment processing for the merchant.

How Safe is my Personal Data?

The evidence shows, however, that despite the good intentions of most e-commerce online merchants, there are many cases where personal information is compromised.
Reassuringly, online merchants and e-commerce providers go to extreme lengths to protect your personal information.
Firstly, online merchants worldwide that accept credit card payment are required to comply with the Payment Card Industry Data Security Standards (PCI DSS). PCI is an organization formed by the major payment card brands-American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. The DSS standards define requirements and best practices for securing the processing and storage of payment account data, as well as other personal information. Compliance with these standards remains the responsibility of the merchant, and each payment brand manages their PCI DSS compliance and enforcement programs independently of the PCI Security Standards Council.
Most e-commerce sites provide a link at the bottom of every page to a privacy statement with useful information about what data they gather, how it is used and secured. Amazon’s UK site provides an excellent example of a very thorough and clear privacy statement.

How to Stay Safe and Protect Your Information Online

Take these steps to stay safe when you are shopping online. First, always make sure the PC is up to date with anti-virus and anti-spyware protection. If you are using a wireless network, make sure your connection is secure (encrypted with password protected access) and trusted (you know the wireless network name is correct and trust its operator). Avoid shopping from public hotspots. Always make sure the connection to the Web site is secure. You should see https:// in the address-the s is for secure. Click on the padlock in the address bar and read the security information in it; make sure you are dealing with a reputable merchant. If your bank or merchant gives you the option to use an online personal security device such as a smart bankcard or one-time password reader, get one and use it! This provides a high level of protection because even if someone manages to steal your password, he or she cannot use it because they do not have the security device. For more tips, see How do I know if it is safe to enter my credit card information when I am shopping online?
If you do not want people to track your behavior or just want to raise the security levels of your PC, check out the privacy options in your browser. In Microsoft Internet Explorer for example, select Tools/Internet Options. On the Privacy tab, move the scroll bar higher for more privacy. The top setting blocks all cookies, although this will affect the quality of your browsing experience on many websites. The Security tab provides options to customize settings for specific sites. You can give sites you trust, like your bank or large merchants, lower security settings while maintaining very high security settings for everyone else on the Internet if you choose. Such features also exist in other browsers.

Five musts to safeguard privacy and security online:
1.    Never enter account information on a computer that is not currently protected by anti-virus and anti-spyware
2.    Look for https:// and read the security document in the padlock to make sure you are at the site you want
3.    For wireless, only use secure networks for e-commerce; not a good idea from a public hotspot
4.    Ask your bank or card issuer or a personal digital security device that verifies your identity online using one-time password (OTP) or smartcard technology
5.    Do not save your payment information for future purchases online

See also
Will an online store keep my personal information private?
Are my credit card details visible online?
How can I keep my credit card information safe?
Are wireless connections at hotspots safe?