What You Should Know about Online Shopping

Q: How safe is it to give my credit card number to an online seller?
A: It is generally safe as long as you take some basic precautions. By far the most important is to know the merchant you’re dealing with. Look up the street addresses of unfamiliar merchants using Google Street View. Avoid merchants who do not list a street address and phone number. Look for online reviews of that merchant, but disregard them if they seem like advertisements. If the merchant appears to be reputable, it’s generally safe to give a credit card number to an online merchant. A debit card is less safe, since debit cards can remove money almost immediately from your bank account and are less protected from being lost, stolen, or used improperly. Credit card companies will reimburse you for charges to your account resulting from loss or theft over $50 as long as you notify the card company promptly. Some debit cards provide similar protection, but on the other hand, some credit cards restrict their customers’ ability to dispute charges from out-of-state online merchants. Thus, for both types of cards, it’s best to check with your bank.
Before providing any information online, make sure the merchant site URL seems normal. If you are buying from “acme.com” but the URL name that appears is not exactly the same (e.g., “acme.[something else].com,” be skeptical. Try looking up the correct website for the merchant using a search engine. Once you’re sure you have the correct merchant, the next thing to do is make sure the merchant’s website is secure (you will see “https://” rather than “http://” plus a “closed lock” symbol on your browser), and make sure you have an up-to-date browser. It is okay to provide the “validation code” on the back of your credit card.
For unfamiliar merchants, take a screen shot of the online order screen(s); doing so protects you if the confirmation email never arrives. Review your credit card records each month to make sure only legitimate charges appear, and if any suspicious charges appear, call your credit card’s fraud prevention line for assistance in checking their legitimacy. 

Q:   Is there any legal requirement for how fast goods I order are shipped?
A:   Yes. The Federal Trade Commission (FTC) has a “mail order rule.” This rule provides that, unless another deadline is specifically stated by the vendor before the sale, goods ordered via the Internet must be shipped within 30 days. The customer must be notified of any delay and, under some circumstances, must be given the option to cancel the order. For more information, search for “mail order rule” on the FTC website at www.ftc.gov​.

Q:   Do I have to pay sales tax when I buy something through the Internet?
A:   The days of “no sales tax” for online sales are quickly fading into history. For years, the Internet was a “no sales tax” haven. There have been many proposals in Congress to require sales tax on all Internet transactions, but none has ever passed. (The “Internet Tax Freedom Act” does not affect taxes of online sales of goods and services, but only prohibits new taxes on the Internet connection itself.) In 2013, however, the U.S. Supreme Court gave a green light to state efforts to require large online retailers to charge sales tax, even if the retailer does not have a physical presence in the state. Thus, the sales tax disadvantage to storefront merchants is coming to an end as more and more states require online merchants to collect sales tax. Technically, when consumers make out-of-state online purchases that would be subject to sales tax if purchased in-state, they are supposed to keep track of those purchases and pay an equivalent amount of “use tax” to the state. These “use tax” laws are rarely enforced now that more online merchants are collecting sales tax. 

Q:   Can I control how an online merchant uses the information I provide?
A:   To some extent. Merchants must comply with any privacy policy they post (and you should not deal with merchants that do not have privacy policies). A privacy policy cannot be loosened retroactively without the customer’s consent, but can be changed at any time, and each time you use the site, you consent to whatever policy is in force at the time. Virtually all online privacy policies allow the merchant to track how you interact with the site, display advertising based on your perceived preferences, and aggregate your data over the long term. 
Many merchants have privacy policies that allow them to sell or forward your information to others for advertising purposes and to send you email or even text message advertising. It is a good idea to have several email addresses, including one or more that you use only for consumer transactions. Federal law allows unsolicited email advertising, but requires that any advertiser provide an opt-out address or link. Since unscrupulous advertisers not only ignore opt-outs, but actually use them send more advertising, it’s best to opt-out of advertising only from known merchants; other ads are best marked as “spam” and blocked. Text message advertising is prohibited, with exceptions only if you have specifically authorized it in writing after full disclosure from the merchant. 


This “Law You Can Use” column was provided by the Ohio State Bar Association. It was prepared by attorney Robert L. Ellis, a partner at Hennis, Rothstein & Ellis LLP, in Columbus.

Articles appearing in this column are intended to provide broad, general information about the law. This article is not intended to be legal advice. Before applying this information to a specific legal problem, readers are urged to seek advice from a licensed attorney.



Staff Directory

Contact Information


8 A.M. - 5 P.M.
Monday - Friday