Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

How to shop and pay for things safely online

Online shopping can be convenient – but there are also risks you need to know about to avoid having your banking information stolen, getting fake goods, or getting nothing at all!

Speak to a trusted adult and look for reviews about the website or seller

Discuss any online purchases with your parents or another trusted adult – they can offer extra support to help you understand if a website is trustworthy (or not). Every time you shop, ask them about the sites they use and rate highly, and if they have ever come across anything you need to be aware of.

 

Search online for reviews about the website or company, and when shopping on marketplaces such as Gumtree or Facebook, always check out the seller or buyer – see if they have other items for sale and check how long they have had their profile.
 

Know how to spot a fake website or a scam

In addition to reading reviews about a website or seller, it helps to know what a fake website or suspicious product listing looks like. Even after all your research, you may accidentally land on a scammer’s site, so it’s important to be extra careful.

 

Sometimes, fake websites can include spelling mistakes and grammatical errors, so look out for anything that seems unprofessional and strange for a reputable company to have on its website.

 

A quick reverse image search might also help you spot if something is not right. For example, say a website has an image of someone wearing a pair of sunglasses you’re about to buy. You might find this image is associated with another website and the item for sale is actually the jumper. This is a warning that not everything is as it seems.

 

You should be especially suspicious about offers, giveaways or promises that seem too good to be true. For example, if you get a pop-up claiming you are a winner or entitled to a huge discount, close this right away without clicking on anything.

 

Check for the “S” in the website URL

When you’re making an online payment, you need to know that a website disguises your payment details so that no one else on the internet can see them. Look at the website’s URL and check that it has HTTPS at the front. The “S” is the key part here as it stands for secure. To find the HTTPS:
 

  • Go to the address bar at the top of your browser and double click to reveal the full URL

  • You’re looking for https:// on the left side at the very start of the URL (not just http://)
     

On most web browsers you’ll also see a lock symbol – this lock is another sign that the website is secure, and you can click on it to see more information about the website’s security.

 

Just note that having the S alone doesn’t mean a website is trustworthy – but if there is no S, this means a website isn’t secure and you should not provide your payment details.

 

Look for the HTTPS at the start of the URL

 

Look for the lock symbol – you can also click on this to see more information about the website’s security. 

 

Look at all the details on the website

Trustworthy websites should include at least one of the following: a privacy statement or policy, a way of contacting them and/or filing a complaint, and some generic information about the business itself.  

 

Look for the head office address listed in the website’s contact details and put this into Google to see if the address exists, or a business actually operates in that spot.  

 

Check that the website has contact details and a way to submit feedback or a complaint. Fake websites will not generally list ways to contact them.

 

Do a reverse image search of any images on the website, to see if they’ve been taken from another website.

 

Look for a privacy statement, a way of contacting the business and some generic information about the business itself – trustworthy websites should have at least one of these things.

 

It can be hard to tell fake websites from genuine ones. Scammers may create fake websites pretending to be well-known brands and might even use fake reviews to make you trust them. Their site may look just like the real site, but the URL could have a variation in spelling or a different domain, for example ‘amazon.live’ instead of ‘amazon.com’.

 

If you know the URL of the website you’re looking for, carefully type it into your search bar and then check that you've spelt it correctly. Or you can use your favourite search engine but be careful not to just click on the first suggestion that comes up without checking the details - the first result is normally an advertisement and scammers often pay to advertise their fake sites.
 

Use a secure payment method

When shopping online, most stores will offer a selection of payment options. If a website asks you to make a bank transfer or use a method you aren’t familiar with, you should treat this with caution.

 

It’s usually best to pay with a debit card, credit card (credit cards are available when you’re 18 or older), PayID or established payment service such as PayPal – this way you can get your money back more easily if the items never arrive, or if you accidentally order from a fake website.

 

Don’t save your card details on a website or in a browser. Instead, if you have an eligible bank account with Westpac, you can access a digital version of your card in the Westpac App. This digital card creates a 3-digit security code (CVC) that changes every 24 hours, which reduces the ability of a fraudster being able to use your details after that time. 

 

Keep your personal information safe

Never share your passwords with anyone and don’t provide any more personal information than required to make the purchase.

 

When creating passwords, never include your name, birthday or any other information that’s obviously related to you. Instead, create a unique and complex password that contains a mix of numbers, letters, capital letters and symbols and have a different one for each site – this is important, because if one website has a data breach, only one password is affected. If you use the same password everywhere you will have to change it everywhere! 

 

We recommend you always turn on two-factor or multi-factor authentication if a website offers it. This way, if someone tries signing into your account you should receive a notification.

 

When buying from an online marketplace (like Gumtree or Facebook Marketplace) never make a payment or pay a deposit until you or a trusted adult have seen the item in person. And, when it comes time to exchange money or collect an item, always meet in a public place and with a trusted adult.
 

Check your bank account regularly

Watch what is happening in your account as often as possible – look at both the seller’s name and amount to see that it adds up with your purchases.

 

Sometimes a seller’s name can be different on your transaction list or statement from the business name. You might be able to find more information about the transaction within your Westpac App – just click on the transaction to see more details – or do a Google search of the name on your transaction. If you’re unsure, speak to your parents or trusted adult, or call your bank straight away.
 

In the Westpac App you can also set up notifications that are sent to your mobile device when money goes in and out of your account. This way, if something suspicious happens you can spot it straight away.
 

If you do spot a suspicious transaction, call your bank immediately. They can start an investigation and you may need to get a new card issued.

You may find these useful

Common types of scams and fraud

7 common tricks you need to be aware of.

How to spot a scam

And what to do when you come across one.

Different ways to pay for things

Count all the different ways you can pay for things today.

Things you should know

This information is general in nature and has been prepared without taking your objectives, needs and overall financial situation into account. For this reason, you should consider the appropriateness for the information to your own circumstances and, if necessary, seek appropriate professional advice.

 

Westpac’s Online Banking Security Guarantee - If your Westpac account is compromised as a result of online fraud, we guarantee to repay any missing funds, providing you comply with our Online Banking Terms and Conditions. This includes keeping your sign-in details (including passwords, Westpac Protect™ SMS codes and SecurID® Token codes) private. You must inform us immediately if you suspect the security of your access details has been compromised, or you suspect an unauthorised transaction or potential fraud on your accounts.