Shopping online is a fun and convenient way to purchase products and services from the comfort of your couch. However, as technology advances and scams increase, it’s important to keep your personal and financial information safe from cybercriminals.

Here, we’ll share some tips on how to stay safe online, including how to tell if a website is legitimate and secure, how to protect your personal information, and how to avoid phishing scams. By following these tips, you can enjoy online shopping while minimising the risk of identity theft, fraud, and other online security threats.


Shop on secure websites



When shopping online, it’s crucial to use secure and reputable websites to prevent from having your personal information stolen. Online identity theft is an escalating issue around the world as we increasingly share our personal and financial details across various online channels, such as shopping websites. With this comes an increased risk of personal and financial information being stolen, leading to consequences such as financial loss, damage to your credit score, emotional distress, and more. Scammers often create false websites of reputable brands, promoting offers that seem too good to be true with the intention to lure unsuspecting customers. Their goal is to trick you into divulging sensitive information, like passwords, credit card numbers or personal information.

We recommend avoiding any online shopping sites that do not have a business registration number and clearly specified contact details. It is always preferable to have the business’ address and phone number readily available.

One way to verify the security of a website is by checking for the "https" in the URL and a padlock icon in your browser address bar. HTTPS stands for Hypertext Transfer Protocol Secure, meaning that any data exchanged between your computer and the website is encrypted. The padlock icon in your browser's address bar indicates that the website has a valid SSL certificate.

Encryption is an important security feature that can help protect your personal information - like your name, address, and credit card details - from being intercepted and stolen by hackers. When you enter your personal information into an encrypted website, it gets scrambled and coded into an unreadable format before being transmitted over the internet. This encryption process makes it difficult for anyone intercepting the data to read or misuse it.

The presence of “https” in a website’s URL is an important indicator for security but doesn’t guarantee absolute security on its own. You should always look out for the following items when verifying the security and legitimacy of any website you’re purchasing from:



Read Money Smart’s article on Online shopping to learn more about how to protect yourself when shopping online. The ACCC Scamwatch website also provides information on the latest scams.


Keep your security software up to date



Keeping your devices updated with the latest security and antivirus software is important for safe shopping online. Here's why:

  • Security updates: Software developers regularly release updates to fix security vulnerabilities discovered in their products. Hackers could exploit these vulnerabilities to access your device and steal your personal information.
  • Antivirus software: Antivirus software is designed to detect and remove malicious software, like viruses, spyware, and ransomware, from your device. It can also help to prevent malicious software from being downloaded onto your device in the first place. Antivirus software should be updated regularly to ensure that it can detect and protect against the latest threats.
  • Internet browser: Always keep your internet browser updated to the latest version - this will ensure the maximum levels of security are provided for online shopping. Internet Explorer is now obsolete and cannot be used to shop online.

If you're unsure whether your device has the latest security updates and antivirus software, check your device's settings or preferences menu. Most devices have the option to check for updates or to enable automatic updates.

You can also purchase antivirus software from a reputable provider.


Keep your PIN and passwords safe



Protecting your PIN, account numbers, and verification codes is critical for safeguarding your personal information. Here are a few tips for password management and protection:

Use strong and unique passwords
When creating an account with an online retailer, use a strong and unique password. We recommend creating a passphrase consisting of three to four short words that are easy for you to remember but difficult for others to guess. The passphrase should be a minimum of ten and a maximum of 15 characters in total, including uppercase and lower-case letters, numbers, and symbols. Avoid using the same password across multiple accounts, as hackers use automated tools to try and guess passwords, and if one password is compromised, they can easily gain unauthorised access to your other accounts.

Do not use readily accessible information
Steer clear of using easily guessable information, like your name, birthday, or phone number as part of your password. You should also avoid using an obvious combination of letters and/or numbers that can be easily guessed, like “1234” or “xyz”. Instead, consider using a random combination of characters or if you’re using a passphrase, you could remove vowels or substitute some letters with symbols to enhance the complexity of your password.

Use a password manager to keep track of multiple passwords securely
Password managers are software tools that store all your passwords in an encrypted format, requiring only one master password to access your accounts. This method eliminates the need to write down or disclose your passwords in case of forgetfulness. When choosing a password manager, look for one that is reputable and has strong encryption methods.

Implement multi-factor authentication
It's also important to enable two-factor authentication (2FA) wherever possible. 2FA adds an extra layer of security by requiring a second form of identification, like a code sent to your phone or a biometric scan (e.g. facial recognition or fingerprint), in addition to your password. This makes it more challenging for hackers to access your accounts, even if they have your password.


Regularly check your bank accounts



While we take various precautions to stay safe online, it’s important to acknowledge that using your debit or credit card online comes with some inherent risks. Occasionally, you might only become aware of a compromise when your details are unfortunately misused by a scammer.

Regularly reviewing your credit card and bank accounts via your banking app or internet banking is always an important security step, particularly if you have been shopping online as it allows you to detect any unauthorised transactions early. The earlier you detect fraudulent activity, the easier it is to resolve the issue with your bank and mitigate the risk of a large amount of money being stolen.

If you notice any unauthorised activity, immediately report it to your credit card company or bank. They can help you investigate the transactions, cancel, or lock your card, and take steps to protect your account from further fraud. Each bank and credit card provider would have their own processes on reimbursing fraudulent transactions.

Be aware of phishing scams


Phishing is when cybercriminals send fraudulent emails, SMS, or messages via chat functions or social media. They commonly impersonate legitimate organisations such as banks or government agencies or disguise themselves as reputable retail brands, aiming to deceive you into divulging personal or business information.

One prevalent form of phishing involves phishing emails, where cybercriminals create deceptive emails pretending to be reputable online stores, using their logos and branding to appear authentic. These emails often contain links to fake websites that look legitimate, selling heavily discounted, non-existent items. In most cases, you’ll be prompted to enter your login details, credit card information, or other sensitive information for the cybercriminals to capture.

Phishing emails may employ social engineering tactics, leveraging urgency or fear to persuade you into immediate action. You should always stop and think before you react. Additionally, use caution when opening unsolicited or unexpected email attachments, even if they appear to be from familiar contacts. Scammers can manipulate the return address through a technique known as ‘spoofing,’ making it seem like the email came from someone else. The reason for this caution is that these emails may contain malicious software and attachments that, when opened, install malware on your device. This malware can either steal sensitive information or grant unauthorised control of your device to others.


If you are unsure, you can verify the email’s legitimacy by contacting the company directly. Use the contact details published on their official website to confirm the authenticity of the received message. Avoid clicking on any suspicious links or using contact information provided within the email. Phishing emails often come from fake email addresses designed to mimic legitimate companies, so refrain from replying to such messages.


We are here to help


At Gateway, protecting our members’ information and privacy is important to us. That's why we have implemented a number of security measures to ensure that your accounts are safe when you shop online.

If you have any questions or concerns about the security of your account, please don't hesitate to contact our customer service team for assistance.

If your card is compromised, call us on 1300 302 474 to report it. Alternatively, call the Visa Hotline on 1800 139 241. You can also cancel your card by logging on to Online Banking. Once logged in select ‘Services’ then ‘Card Management’ and follow the prompts.