10 Safe Shopping Tips for Mobile Shoppers

1. Lock your phone with biometrics

The single highest-leverage habit. Face ID or fingerprint unlock prevents unauthorized purchases even if someone has physical possession of your unlocked device. Without it, every saved wallet — Shop Pay, Apple Pay, Google Pay — becomes one tap away from a stranger.

2. Verify the merchant before saving a card

Before you save a card to any merchant or wallet, do a 30-second sanity check: search the brand name on Trustpilot or Reddit, look for a real physical address on the contact page, and confirm the URL matches the brand. Counterfeit storefronts are surprisingly common in fast-fashion and electronics.

3. Use one credit card for online shopping

Credit cards (not debit) offer the strongest fraud protection in most countries — typically zero liability if your number is stolen. Pick one card, use it everywhere, and review the statement weekly. It's far easier to spot anomalies in one place than across five accounts.

4. Never share authentication codes

Shop, your bank, and reputable merchants never ask for your one-time login code via phone or email. Anyone asking for it is attempting to take over your account. The legitimate request is always inside the app or website you initiated the action from.

5. Beware of urgency-based phishing

"Your order will be cancelled in 30 minutes!" "Confirm your address now!" These messages are designed to bypass your judgment. The right response is always: close the message, open the merchant's official app or website directly, and check the order from there. If the urgency was real, it'll be visible there.

6. Watch shipping and customs claims carefully

A growing fraud category is fake "delivery hold" or "customs fee" texts, often referencing real tracking numbers. Carriers like USPS, FedEx, and UPS do not collect customs fees by SMS link. If a fee is real, it appears in your tracking inside Shop or directly on the carrier's official site.

7. Keep your operating system updated

Most phone exploits target vulnerabilities patched months earlier. Enabling automatic OS updates removes the most common attack surface entirely. The same applies to the Shop app and your browser — set them to update automatically.

8. Use unique passwords (or a password manager)

Even though Shop Pay uses passwordless login, your underlying email account does have a password. If that account is compromised, your Shop Pay login codes can be intercepted. Use a password manager (1Password, Bitwarden, Apple Keychain) so each account has a unique, strong password.

9. Review subscriptions monthly

Recurring charges are the easiest fraud category to overlook because they look small. Once a month, scroll through your Shop transaction list and your card statement and ask: do I actually still use this service? Cancel anything you don't.

10. Trust your gut on unrealistic deals

If a brand-name product is 90% off, the listing is almost always counterfeit, gray-market, or a phishing front. Real deals exist; impossible deals do not. When in doubt, search the product name plus "scam" or "review" before you buy.