Selling Online In Safety

Online selling

If there's one thing the internet was created for, it was for selling. It's now easier than ever before to set up a shop or sell your unwanted secondhand items.

There's 3 main routes that people can sell online, each with its own pro's and con's:


Selling via a marketplace or auction site

Selling goods through an established marketplace, such as Amazon, eBay, or Etsy, is perhaps one of the easiest and most secure methods available to us all.

There may be higher fees involved than using a classified advert, however these can be worth it for the security guarantees, ease of use, and high visibility to potential customers.

Regardless of which marketplace you use there's several pieces of advice worth following:

  • Use the marketplace's payment methods: One of the big differentiators between a marketplace and a simple classified advert (below) is that marketplaces will handle all the payments for you. Always use this even if someone asks to pay via a different method; there's no legitimate reason not to and you're opening yourself up to being scammed.
  • Be alert to phishing scams: If a customer contacts you always consider whether it's a legitimate query or not. Never reveal more information than needed for the sale (eg there's no reason to give out a password, credit card details, or your date of birth), and be aware of links that may go to phishing websites or that are for premium rate phone numbers.
  • Most marketplaces provide messaging tools within their site; if someone insists on communicating via a different means (such as email) then this could be a warning flag.
  • Review the buyers profile: Most marketplaces will let you see the profile of the buyer. Some may be new customers without a profile, but if they do have one then at least check for any bad reviews from other sellers.
  • Wait for payment confirmation before mailing any goods: Always make sure that you've received payment before posting anything out. Be aware of scams that send you an email pretending to be payment confirmation - learn to spot phishing emails here. And be suspicious of any overpayments too as this is another common fraud.
  • Get proof of postage: Especially for high value items then use a delivery service with proof of postage (including the destination address). Also consider taking date/time stamped photos of the item as you package it, and again just before posting, in case there are any disputes later on.

If you do ever come across a buyer who you're suspicious of then report them to the marketplace. They can investigate for you, and you might be protecting other sellers as well as yourself.


Selling via a classified advert

Classified adverts, once just restricted to local newspapers or notices in your local shop, are now big business on the internet. Web giants such as Craigslist and Gumtree (part of eBay Classifieds) are leaders in this space.

Advertising your second hand items or services in this way can be extremely effective, but can also be riskier in terms of being victim to fraud. Whilst the website may help you to advertise your goods and easily communicate with the buyer, arranging payment is often left up to you to sort out.

Always follow these tips:

  • Don't be pressured: Scammers often try to pressure sellers into a quick sale using some sort of excuse, or to accept payment in a non-preferred method. They're trying to panic you into fearing that you'll lose a sale but don't - if someone is genuinely desperate for this item then someone else will want it too.
  • Don't reveal too many personal details: Only ever give people the minimum information needed for the sale. Watch for scam phone calls or emails that phish for too much detail - no one needs details such as your date of birth, any passwords, or credit card details. Some messages may claim to be from the website themselves asking you to urgently login - these will often lead to a fake site instead. Learn how to spot phishing emails.
  • Be alert to premium rate phone numbers: Some scams encourage you (via email or text message) to respond to a phone number, often posing as the customer who wants to discuss the product. Always be suspicious of any requests like these and check that you're not ringing a premium rate number that will cost you hundreds.
  • Don't accept insecure payments: Don't allow anyone to pressure you into accepting a cheque for payment; these can easily bounce several days after being cashed and so these aren't a very safe option.
  • Use a secure 3rd party service such as PayPal, or for small values then use cash if you're meeting in person to make the exchange.
  • Be safe if you meet the buyer: If you arrange to meet up with the buyer then always be mindful of your safety. Meet in daylight in a busy public place if possible, or at least let someone know the address of where you're going (check it out on Google Streetview first - is it what you're expecting?). Try to take a friend with you too, as well as a mobile phone.
  • Wait for payment confirmation before mailing any goods: Always make sure that you've received payment before posting anything out. Be aware of scams that send you an email pretending to be payment confirmation - learn to spot phishing emails here. And be suspicious of any overpayments too; this is another common scam.
  • Get proof of postage: Especially for high value items then use a delivery service with proof of postage. Also consider taking date/time stamped photos of the item as you package it, and again just before posting, in case there are any disputes later on.

If you do ever come across a buyer who you're suspicious of then report them to the website. They can investigate for you, and you might be protecting other sellers as well as yourself.

Remember too that the person buying from you doesn't know you either, and that they may equally be worried about you being a fraudster. Whilst a direct bank transfer into your account might be the ideal payment method for you, to any savvy buyer this would be a warning flag of fraud so don't try to force anyone into this. It's partly for this reason that a 3rd party payment service, such as PayPal, is the best method to use.


Selling via your own website

Setting up your own website to sell items through can seem like a big undertaking, but with many companies now helping you to create these sites and producing easy-to-use tools it's easier than ever before.

Digital downloads

If you're selling digital goods that can be downloaded then using a dedicated service (such as one of these) could be your best route. These sites will do all the work for you, handling all payments and hosting your files, with the only thing you need to do being to add a small bit of code into your webpage.

And because there's a lot of competition in this space companies are making it easier than ever to set up and integrate. As an example see this page that's selling navigation files for any cyclists tackling the infamous Land's End to John o'Groats cycle challenge in the UK. The files are hosted and sold by Sellfy, with just a simple "Buy Now" button added to the bottom of the webpage.

When looking for a service to use the security implications on yourself are minimal, with the main security considerations being to check that they're protecting customers properly. Do they use https connections? How do they handle cases of fraud, or any requested refunds? Read up on whoever you're thinking of using, and make sure they're a legitimate company with good reviews and prompt payments to you.

Full e-commerce websites

The hardest of all routes for selling your goods is creating your own website with a fully featured checkout system. Whilst there are many software tools available to help you do this, to do things properly is still likely to need some professional advice.

Advising how to set this up securely is beyond the scope of this website, however to get you started a few things that you should consider are:

  • Use only trusted tools: There's a lot of tools available to help you with setting up online checkout systems, but do your research and make sure you use one that is well respected - and preferably from a provider who can give you genuine security advice. If you're using WordPress plugins then carefully research them; some are less secure than others which may open your site up to being hacked.
  • Configure HTTPS: This means that any customer communication with your website will be encrypted and unreadable to anyone else. Talk to your web host for what they offer (you may see the terms 'TLS' or 'SSL' certificates), and then test the final implementation with a tool such as SSLLabs.com.
  • Outsource payments: Taking credit card details securely is hard and a minefield of regulations & standards that you must meet (such as PCI DSS) - only major websites even contemplate creating their own payment systems. Instead you should simply offload this to a 3rd party payment service provider such as WorldPay, SagePay, or Stripe (there are countless others too).
  • Store customer details safely: If you allow customers to create accounts to login, for example to check the status of their order, then make sure all passwords are stored in a secure manner. If you're relying on a plugin module, such as within WordPress, then look into how it protects customer details. You don't want your customer details leaking!
  • Lock everything down: You'll also need to follow basic security practices as you would for any other website too, including removing any functionality that you don't use (for example Wordpress plugins), and using 2 factor authentication and secure passwords for accessing the administrative area of the site.
  • Get your site security tested: Securing websites is tricky - just see the countless website breaches in the newspapers every month. Get a security expert in to test your site and check for any obvious weaknesses. They'll do a "vulnerability scan" (an automated scan to look for weaknesses) and a "penetration test" (a safe human based attack to see what is possible). These aren't cheap but could pay for themselves in the long run.

Have any feedback on this page? Let us know - [email protected]