How To Safely Shop Online With A Credit Card

by Chester John

Personal Finance News

Over the past few years or so, online shopping has gotten a lot more convenient and inexpensive (free shipping anyone?) that it is getting harder and harder to justify bother visiting brick and mortar outlets and be awkwardly followed around by their attentive staff.

There is no stopping this train as more and more Malaysians jump on the online shopping bandwagon, with local online retailers such as Zalora, popular auction website, and even DIY handicraft retailers on Etsy Malaysia sprouting overnight and populating the marketplace — the Internet really is the most revolutionary marketing tool ever since, well, the invention of the printing press.

But let's cut back to the consumer's side of things — how can you ensure that your credit card or debit card details are kept safe online? Can we trust that our transactions are not being watched by other people? Because as you know, the Internet is also fertile ground for scammers, hackers, and the less malicious but no less amusing "trolls".

How Does Online Payment Work?

When making a payment at the online checkout counter, you will be prompted to enter your credit card or debit card details. More specifically, they will need your full name, credit card number, card expiry date, verification code (the 3 numbers on the back of your card), and a billing and/or shipping address — these are fairly standard. In addition, your e-commerce transactions are also protected by Verified by Visa and MasterCard Securecode, collectively known as 3D Secure. What are these things? Let us introduce to you two-step authentication.

Two-step authentication

Two-step authentication, also known as 2 factor authentication is the added process after filling in your card details. A one-time password will be sent directly to your mobile phone via SMS which you will need to enter when asked. Below is a step-by-step example of an online purchase using a CIMB credit card with 3D Secure enabled, called CIMB Secure ePay:

How does this makes thing safer? Simple — Only you and the bank will know the password, it is not stored anywhere else, only used once, and never recycled. It is important that the mobile number that you have registered with the bank is still in use, otherwise, you will need to go to an ATM machine or bank branch to update your particulars. Other banks such as Maybank also have a similar system called MSOS, or Maybank Secure Online Shopping.


This is also probably a good time to introduce you to Hypertext Transfer Protocol Secure, or HTTPS. You probably see it everyday in your browser address bar, but what does it do? Without getting too technical, it is a widely deployed way for computers and servers to communicate safely. It plays a big part in keeping your information safe during e-commerce transactions, so make sure that you see these initials when making any transactions online.


If you have ever made a purchase on eBay, then you would have definitely used PayPal. For those of you who have never bid or bought anything on eBay, Paypal is a popular service that allows you to pay online using cash stored in your PayPal account, or cash in your linked bank account or credit card.

This service will definitely limit direct access for merchants to your credit card or bank account, while giving you the same if not more benefits such as:

1. For $29.95, or RM97, you will be able to purchase the PayPal Security Key. It is a card that displays random security codes for your account every 30 seconds. You can also have these codes sent to your mobile phone.

2. If your credit card linked PayPal account gets hacked, your liability will be limited to $50, which translates to RM160 if you report within 2 business days. The same cannot be said for an account linked to your bank account, as a perpetrator can siphon money out directly from your bank account!

Other popular alternatives to PayPal include - Google Wallet, Skrill, and Paymate.

Phishing Emails

Never ever, ever respond to bank emails, SMSes, browser pop-ups, and even telemarketers calling to request that you give them your credit/debit card details to "update" your records, or for any other reason whatsoever — they simply have no business in knowing these things, and sharing sensitive information such as passwords through email shouldn't be in a bank's best practices handbook. These are simply scammers and crooks who are out for your hard earned money. Here is an example of a common phishing email:

From the image on the left, what are the tell-tale signs of a fake and fraudulent email? Easy, the mere fact that they are asking you for your credit card information or online banking credentials! 

Local banks have been actively doing their part to warn their customers of these threats. In extension, it is very important that you do not keep sensitive information such as passwords on your computer if you can help it. End of story.

You Need To Play A Role Too

It is never a good feeling to look at your account balance or monthly credit card statement and not remember that you've made some of the transactions printed in black and white — perhaps because it wasn't you! 

Something you should periodically do is to check on your monthly statements for any suspicious activity, and it is important to know where you've used your card and at what amounts.

Always keep your receipts and cross check with your online statements using online banking. I myself have been a victim of credit card fraud — someone decided that it was a good idea to buy RM150 worth of concert tickets using my credit card.

Thankfully, I regularly check my account statements and have noticed the transaction. After a month of calling and emailing to the bank, the full amount was credited back into my account. Phew!

Other Things to Consider

If you have the time, do read the retailer's online privacy policy. You may be surprised as to how a website handles, stores, and uses your personal data. We may never be 100% safe from credit card fraud or identity theft, but we can help to make ourselves less vulnerable by carefully picking out the more legitimate e-commerce websites, with favourable reviews.

Try not to finalise transactions when using a public and easily accessible Wi-Fi connection such as at a Starbucks, and always make sure your computer's anti-virus is up-to-date and running in the background — you never know who's snooping around.