Online shopping is convenient and saves time - but which payment system is secure enough not to spoil your pleasure afterwards? Weigh up convenience and security in each individual case before deciding on a payment method. To help you choose a payment method, we look at the different methods and processes. In addition, the BSI has published the booklet "Secure Payment in E-Commerce" which is full of useful tips.

The most popular payment methods for online shopping

Especially when it comes to security aspects, the advantages and disadvantages of individual processes are not always easy for consumers to understand. In the following picture gallery, we present the pros and cons of the most common payment methods at a glance. We also list the different payment methods and special security aspects in more detail later in this section. Consumers should individually weigh up which procedure suits them and meets their security requirements.

Paying by credit card

Paying by credit card is one of the most common forms of online shopping. This is mainly due to its uncomplicated processing: the buyer usually only has to specify the credit card company, the credit card number and the security number. The seller is then guaranteed receipt of payment, so the goods can be shipped immediately. In addition, the buyer has the option of obtaining a refund from the credit card company if the goods are damaged or not shipped.

The latest technologies, like 3D-Secure, try to prevent fraud. 3D-Secure is an authentication procedure developed by the international credit card companies that enables customers to authenticate themselves as the legitimate holder of a card and to release a payment linked to the card when shopping online. The exact form of interaction between the card-issuing bank and the customer is determined by the bank. Possible authentication methods are the request of static passwords and one-time passwords, such as SMS TANs, or biometric factors.

Important: Even when paying by credit card, you should make sure that the credit card data is only transmitted in encrypted form. You can recognise this when you "enter" an online shop if it switches to an https page. Sophisticated shopping systems only display part of the credit card number in plain text before the order is completed.

Phishing and other threats when using credit cards

The biggest problem about using credit cards: this is the data that fraudsters on the Internet are specifically targeting. To prevent your data from falling into the wrong hands, it is important that you know the tricks used by Internet fraudsters. One of the most popular methods: criminals forge e-mails that look very similar to those of popular web shops. With well-worded, often credible reasons, they then try to persuade the mail recipient to hand over give their own credit card details. More about phishing.

Tip: Some credit card companies also offer the option of prepaid credit cards. The advantage of this is that you can only use it to purchase goods and services up to the amount you have previously paid into your credit card account. For more information, please contact your bank or credit card company.

Payment by Sofort transfer

Sofort transfer is a payment service that works with the usual data from online banking and where payment is made immediately by bank transfer. No additional registration is necessary to use this service. However, phishing attacks can also occur when fake e-mails request the entry of payment data on a website that is also fake. It is best to delete such e-mails without opening them.

Payment in advance

Payment in advance by bank transfer is not advisable if you do not know the shop you are dealing with. A reputable online retailer usually offers at least one alternative payment method. If you still want to make a payment in advance, you should inform yourself fully about the online seller in advance and check their trustworthiness. Read the background information on the company in question and the general terms and conditions included on any good website. Also check that the address and telephone number are provided, in addition to electronic contact details. You can use a search engine to find out if there are any negative reports about this trader in forums or on websites.

Cash on delivery

When you pay cash on delivery you pay the bill in cash to the person who delivers the goods. Pro: You only pay for goods when they are actually delivered. Con: You pay for the package without having checked the goods inside. If you notice a mistake afterwards, refunds become relatively complicated. And the buyer must be available at the recipient's address upon delivery. Payment by cash on delivery can be somewhat more expensive, because a delivery fee is usually charged in addition to the purchase price.

Purchase on account

Whenever possible, use the purchase on account option when shopping online. The big advantage is that you receive the goods first and then decide whether the order meets your expectations; you only initiate payment after this.

Payment by direct debit

Payment by direct debit or automatic bank transfer is relatively convenient for you as a buyer: the invoice amount is debited directly from your bank account and you do not have to worry any further about paying the invoices. Your bank account is usually only debited when the goods are dispatched. However, this also means that you pay for the goods before you even have the package in your hands. You should only do this if you trust the retailer.

To use this payment option, however, you must provide the retailer with complete bank details, such as the IBAN.

Tip: Never provide a TAN or PINwhen sharing bank information. Reputable online retailers will never ask you for this.

Important: Make sure that data is always encrypted during transmission to the online retailer.

Be careful, though: Online fraudsters are also on the look-out for account and bank details on the Internet. You should be careful with any e-mails asking you to enter your account details. An operator of a trustworthy online shop will never send an e-mail asking you to enter your bank details again on a website linked to the e-mail or request bank details by phone. If you receive an e-mail or phone call, do not provide any data. If you have any doubts about the authenticity of an e-mail, we recommend that you contact the company directly. Find out more about this topic in our phishing section.

If an online retailer makes an unauthorised direct debit, you can file an objection with your bank and reverse the transaction easily.

Operating system payment functions - Google Pay, Alipay, Apple Pay and Co.

Operating system payment functions are aimed at contactless payment using Near Field Communication (NFC) at a retail checkout. However, customers can also pay on the Internet using this app. In both cases, the transaction must be confirmed by the consumer biometrically (e.g. by fingerprint or face scan) or via the passcode of the smartphone. The sellers do not receive any customer data for these transactions, only the information that the payment has been made.

Note: This payment method is only as secure as your smartphone. If you pay using your mobile phone, you should always have the latest operating system version installed. More tips on protecting mobile devices.

Paying via Internet payment providers

If you think entering your account or credit card details directly on an online retailer’s website is too risky for you, you can use one of the many payment services available instead. This method of payment offers you the following advantages: if you have an account with one of the payment system providers, you are not required to enter sensitive data, such as your bank details or credit card number, for each individual transaction.

Depending on the provider, you may have to open an account first. In the process, the usual personal data is requested and saved, as well as your bank account or credit card details. When registering, you also have to set a user name and password. Some providers offer the option of using a prepaid credit card as a payment system. If an online shop supports a payment system provider, you will be taken directly to their website when you select the payment system. You log in there and confirm the transaction. The payment system provider then forwards the payment to the shop and collects the amount from your bank account or credit card.

Tip: Even user accounts with these payment system providers cannot guarantee absolute security. Pay special attention to your account access data. Check the transactions on your account regularly, even if you do not use it frequently. If you find unexpected transactions, contact the provider immediately.

Online shopping - what to do in an emergency? The SOS card helps!

You can download and print out the SOS card for online shopping which details further protective measures you can take against crime when shopping online.