New HampshireDepartment of JusticeOffice of the Attorney General

Consumer Protection BureauConsumer Sourcebook – E-Commerce

A federal law, the Electronic Signatures in Global and National Commerce Act (15U.S.C. §7001) (E-Sign Act), has created a process for contacts to be signed and other types of business to be conducted electronically.

Preface | User's Guide | Table of Contents | Print Sourcebook Portable Document Format Symbol

The Internet has become a convenient method for doing business for many people. Whether the Internet is used for paying bills, buying items through online catalogs or merchants, trading on the stock market, or just browsing or chatting with others online, the Internet provides the opportunity for big business and for big fraud.

The Law

A federal law, the Electronic Signatures in Global and National Commerce Act (15U.S.C. §7001) (E-Sign Act), has created a process for contacts to be signed and other types of business to be conducted electronically, and for these transactions to be legally binding without having to resort to sending paperwork through the mail. Consumers and businesses conducting business online can choose the technology for validating their exchanges. Consumers have the right to decide how they want to complete their electronic business transactions, and how they want records of their transactions made. The E-Sign Act requires that:

  • The online consumer be informed of his or her option to have either an electronic or non-electronic record of the transaction
  • The online consumer has the right to change his or her mind about getting an electronic record
  • The online consumer must be informed whether his or her consent to an electronic record applies only to the current transaction, or to subsequent transactions as well
  • The online consumer must be provided with a statement about the hardware and software requirements for accessing and keeping electronic records
  • Online consumers give consent for electronic records electronically (in other words, online consumers need to demonstrate to e-businesses that they can access needed information in electronic form)
  • If the e-business changes how electronic records are accessed, the e-business must inform electronic customers about these changes and any new hardware and/or software requirements. Online consumers then reaffirm their ability to continue doing business electronically, or request to switch to paper copies.

There are some types of transactions where the E-Sign Act does not apply:

  • Wills and family law matters
  • Notices to cancel or terminate utility services
  • Notices about defaults, acceleration of loan payments, repossessions, foreclosures, or evictions when the credit agreement is secured by a primary residence
  • Notices to cancel health insurance or benefits
  • Notices to cancel life insurance or an annuity
  • Notices about a product recall

The E-Sign Act is not the only protection that consumers have while shopping online.

Any purchase of $25 or more made online is covered by the Federal Trade Commission's Federal Mail or Telephone Order Merchandise Rule. Refer to Mail and Telephone Order Sales for more information.

If you use your credit card to pay for your online transaction, you are covered by the Fair Credit Billing Act. Refer to Credit Cards, Dealing With Errors for further information.

The Electronic Funds Transfer Act (EFTA) provides some protection if you used your debit card to pay for an online transaction and there was a mistake or an unauthorized withdrawal made from your bank account. See Extra Note: Debit (ATM) Cards for more information.

Another way to pay for an online purchase is by using a "stored-value card," sometimes called a "cash card" or "electronic money." A predetermined cash value is loaded into the microchip of the plastic card or into your electronic "account." As purchases are made, the cash value declines. The card is either thrown away when the value reaches zero, or a new cash value is loaded in. Neither the Fair Credit Billing Act nor the Electronic Funds Transfer Act covers problems with stored-value cards. If you are using a stored-value card or other form of electronic money to make online purchases, you need to know exactly what you are responsible for and what the card's, or account's, limitations are:

  • What is the card's or account's dollar limit?
  • Is the card disposable or reload-able? In other words, when the cash value runs out, do you throw the card away or can you take it back to the seller to purchase more cash value?
  • Are there any fees to use the card or account? Any fees to reload the card? Any fees to return the card for a refund, or get an account refund?
  • Is there an expiration date? In other words, do you have to spend down the card's value, or the account's value, by a certain date?
  • Does the card issuer (the seller) offer you any protection if the card is lost, stolen, or misused, or if there is a malfunction?
  • Whom do you call if you have a question or a problem?


E-shopping offers 24/7/365 convenience, and it can be fun. You do need to be somewhat cautious in order to have a safe e-shopping experience, however.

  1. Always use a secure browser. Make sure that your browser complies with the industry security standards, such as Secure Sockets Layer (SSL) or Secure Electronic Transaction (SET). These security systems scramble or encrypt your transaction information so that it cannot be easily "read" by an unauthorized person.
    • Most computers come with browsers installed, and security systems in place. Browsers can also be downloaded, often for free, from the Internet. If you do this, check out the security system before making any e-transactions.
  2. Find out what the e-merchant's privacy policy is - you really do want to know who is collecting what information about you and how that information is going to be used. Most reputable e-merchants post their privacy policies on their websites. These policies should describe: 1. Always use a secure browser. Make sure that your browser complies with the industry security standards, such as Secure Sockets Layer (SSL) or Secure Electronic Transaction (SET). These security systems scramble or encrypt your transaction information so that it cannot be easily "read" by an unauthorized person.
    • What information is being collected from you when you use the website
    • Why the information is being collected
    • How the information will be used
    • How you can "opt-out" of (or decline) having some of your personal information (for example, your mail address) used, or shared with other e-merchants.
    Some websites' disclosures are easier to find than others. Look at the bottom of the home page, in "about" or "FAQ" sections of the website, or on order forms. If you cannot find the e-merchant's privacy policy, send the company an email asking about the policy and requesting that it be posted on the website, or consider shopping elsewhere.
  3. Keep your personal information private. Do not disclose your address, telephone number, social security number, or your email address unless you know who is collecting the information and how it will be used.
  4. Shop only with known e-merchants. Anyone can set up a website offering something for sale. A lot of consumers lose a lot of money by "buying" from bogus companies. If you are not familiar with the e-merchant, ask that you be sent a paper catalog or brochure to get a better idea of the type of merchandise the company offers.
    • Find out what the e-merchant's return and refund policies are before placing any orders.
  5. Know what you are buying. Information about products and services should be clear and easily accessible on the website. If you have any questions about what you are buying, ask them before you make your purchase.
  6. You also need to understand the terms, conditions, and costs related to your e-transaction. Before you complete the transaction:
    • Find out what you are, and are not, getting (this is especially important when purchasing services)
    • Get an itemized list of all the costs involved in the sale
    • Understand the terms of delivery of the goods or services that you are purchasing
    • Understand the terms, conditions and methods of paying for the goods or services. If you are buying from a non-US company, you also need to find out what currency you need to use to pay for the purchase if other than US currency.
  7. If you need to have a password to make your e-transaction, choose a password that has no logical connection to you. Also, keep a record of it for later use, so that you don't forget it. The best passwords have a combination of letters, numbers and symbols. Never give out your password.
  8. Use your credit card rather than your debit card to make your e-transaction. You have a greater level of protection with your credit card if you need to return the merchandise, or if any bogus charges are made to your account.
  9. Keep a record of all your e-transactions. If you have the ability to print out a receipt or confirmation of your purchase, do it! The printed-out receipt should have the seller's name, address, and telephone number. If the date is not on the printed-out receipt, add it yourself.
    • Read your email, as merchants may send you important information about your purchases.
  10. Review your monthly bank and credit card statement promptly and thoroughly in order to find and billing errors, or unauthorized charges or withdrawals.

Online Auctions

Many people enjoy browsing, selling, and bidding in online auctions while seated at their computers. Online auction sites, offer just about everything under the sun - from antiques and collectibles to toys and video games. There are many online auction sites. The most well-known are eBay, Yahoo!Auctions and Amazon's auctions.

Although online selling and bidding can be safe and fun, auction sites also attract crooked and underhanded practices. In fact, according to the National Fraud Information Center, online auction complaints made up more than half of the internet fraud complaints in the US in 2004, with the average loss of $765 to each consumer.

Top Ten Tips for Auction Safety

  1. Become educated about online auctions. Start slowly, as either a buyer or a seller. Become familiar with the auction site's rules and FAQ pages before listing an item or making a bid ( offers information on auction basics, a glossary of terms, tips, and tactics). Browse an auction site thoroughly and try to talk to a friend or relative who uses the site to get the lay of the land. If you switch from one auction site to another, make sure you understand the differences. Start by bidding on or selling relatively inexpensive items to reduce your risks while learning how online auctions work.
  2. Check out sellers and buyers. It is worth the consumer's time to find out more about the buyer or seller. Check the other party's ratings – auction sites allow users to post positive or negative comments about their experiences with other users. When parties have negative feedback or no feedback, extra caution is advised. Unfortunately, even positive feedback is not always trustworthy, because a user can use a different email address or have a friend pad their feedback with undeserved praise. Generally it is a good idea to avoid transactions with minors (if you can spot them) because courts sometimes refuse to bind minors to their agreements. You should be cautious about dealing with a seller who is a private individual. Many consumer protection laws don't apply to private sales, though government agencies may take action if many complaints have been made against a particular individual or if criminal fraud is involved. Similarly, you should be exceedingly cautious when dealing with sellers in other countries. If you have a problem, the physical distance, difference in legal systems, and other factors could make resolving any problem very difficult.

    Ask about delivery, warranties and service before paying. Get a definite delivery time and insist that the shipment be insured. Ask about the return policy. If you are buying electronic goods or appliances, find out if there is a warranty and how to get service on the warranty.

    Look for bonded sellers. Some sellers are bonded through programs that have investigated the sellers' business backgrounds and credit histories, and will give buyers their money back if the sellers don't fulfill their promises.
  3. Be wary of untraceable users. Most auction sites require sellers to supply an email address and a physical address. A few require a listing fee up front, but most do not require buyers to put up any funds or credit card information in advance. Without any financial information on a seller, a seller who does not fulfill promises may be difficult to locate, because both email and physical addresses can be faked. While some email services, such as,, Yahoo! and Excite, may require a physical address for registration, but they don't verify either the location or a user's identity.
  4. Check retail prices and shipping costs before bidding. Items auctioned online are not necessarily cheaper than the same items bought in traditional stores. Some individuals and stores use online auctions as a kind of "virtual storefront." It is worth the consumer's time to do what we would do in a physical store: check the price of the same or a similar item elsewhere. (Your local newspaper and a variety of online tools help consumers do this.) Buyers usually pay the shipping and insurance cost, and these costs should be figured into the cost estimate. The cost of shipping and insurance may mean that, in the end, buying the item in a local store is less expensive.

    Once you have decided to buy an item though an online auction, decide on a fair price. Then the buying rules of normal auctions should take over, that is, decide on your highest offer price and stick to it. Avoid getting caught up in a bidding war – that's exactly the situation that unscrupulous sellers and their shills are hoping to create.
  5. Watch for shills and shields. The Internet can make it difficult to spot when a seller is using a shill, but it's not impossible. Most auction sites allow users to search a seller's past sales. Although some sellers will change shills often, look to see if the same "buyer" has bid on other items the seller has offered. Other warning signs are:
    • The shill's email address may have the same domain name as the seller's (or an anonymous domain name)
    • The shill may have little or no feedback, or feedback that comes from the same seller.
  6. Contact the other party by phone. Consumers should use the telephone to talk to the other party before completing the deal. Confirm the details of what has been bought or sold, verify the other party's phone number, discuss the payment method and negotiate the shipping method.
  7. Choose a safe payment and shipping method.

    If you are the buyer: pay in a way that can be traced, such as with a credit card or check. Never send cash no matter what reason the seller gives, and never send payment to a PO Box.

    If you are the seller: never send the product unless they have received payment. Money orders and cashier's checks are a sure thing, but if sellers accept personal checks, they should wait until checks clear before sending merchandise to the buyer. Sellers should always use a traceable shipping method (such as FedEx, UPS or some types of US Mail), and insist on shipping insurance. With these methods buyers have to sign for their packages and cannot say they never got them.

    Another good solution for both parties is to use UPS's COD (collect on delivery) system, which costs about $5 per delivery (in addition to the regular shipping cost). The driver won't release the package until the buyer hands over a money order or cashier's check.

    Under federal law, you can dispute the charges if you paid the seller with a credit card and the goods were never delivered or if they were misrepresented. (Refer to Credit Cards for more information.) If you are paying through an intermediary service, ask what happens if there is a dispute.

    Another time honored method to use, especially for large transactions, is an escrow service. An escrow service lets the buyer inspect the goods for a short period of time. Escrow companies collect and verify payments from buyers, then notify sellers, who ship the purchased items. If the buyer finds the merchandise satisfactory, the escrow company releases the funds to the seller. If the merchandise is not satisfactory, the buyer sends merchandise back to the seller. Escrow companies charge between 3% and 6% of the sale price for this service. There are several online escrow companies.

    Some auction sites provide insurance that covers buyers up to a certain amount if something goes wrong. Other sites may have links to third-party programs that offer insurance for a fee. Read the terms of the insurance carefully. There is often a deductible, and may be other limitations or requirements that apply. For example, you may not be covered if the seller had a negative feedback rating on the auction site at the time of the transaction.
  8. Record every step of the purchase or sale. Buyers should print out the details of every transaction, including the original product description and the bidding history, all email correspondence and the contact information for each buyer or seller. Take pictures of items both sent and received. Print out and save the description and any photos to document the claims that were made about the merchandise because consumers cannot examine the merchandise or have it appraised until after the sale. Be wary of claims about collectibles and other expensive items. Assume that claims about the condition or value of collectibles and expensive items are not necessarily true, and that photographs are not necessarily accurate.
  9. Report any problems. Contacting the auction site's customer service or administrative department. In addition, you can register a complaint with the National Fraud Information Center.

    Not all problems are due to fraud. Try mediation to resolve disputes. Sometimes people simply fail to hold up their side of the bargain in a timely manner or there may be a misunderstanding about the terms of the sale. Some auction sites provide links to third-party mediation services to help people resolve disputes. A small fee may be charged and is usually paid by the party who requests the mediation.
  10. Use common sense. As with most consumer transactions, if something is too good to be true, it probably is. Watch out for fakes – online auctions have been known to list counterfeit merchandise. For rare or collectible items, have the seller send you a signed, written statement describing the product and its value before paying for it.

Shills, Shields and Scams

How do legitimate auction users become prey for auction frauds? Some sellers will use a second email address or a friend (called a "shill" in auction lingo) to create an artificial bidding war and pump up the price for a particular item. In another scam the buyer uses a second email address or has a friend (called a "shield") drive up prices and discourage bids on an item the buyer wants. At the last minute, the shield withdraws the high bid, allowing the buyer to win the item at a lower price. While most auction sites forbid retracting bids once they are received by the auction site, shields either exploit the few exceptions to this rule or simply use a phony email address to make and withdraw the bogus bid.

In a more obvious con, the "seller" never ships the goods to the winning bidder. Unfortunately, long distance and lack of contact information can make it very hard for the buyer to get either the goods or the money back. Although most auction sites will not force a sale, some auction sites now guarantee some transactions. This means that some consumers can be reimbursed if their losses are below the limits imposed by the auction site.

Fortunately, auction sites are working hard to defeat fraud. The nature of online commerce, however, makes it virtually impossible to eliminate fraud entirely. As with most things in the world of consumer protection, prevention is the best remedy.

For your information…E-Commerce Checklist

The Federal Trade Commission has created a "checklist" for when you e-shop. You should make sure that the e-merchant's website clearly discloses the following information:

About the Company:

  • What kind of business it is and what it sells.
  • Where the company is located, including the country.
  • How the company can be contacted.

About the Product or Service:

  • What exactly is being sold and what exactly you are buying.
  • The cost of the product or service, and the currency used to buy it.

About the Sale:

  • Any additional costs related to the purchase, such as for shipping and handling, taxes, and duties.
  • If there are any restrictions or limitations on the sale.
  • If there are any warranties or guarantees.
  • The availability of convenient and safe payment options.
  • An estimated delivery date for your order.

About Its Consumer Protections:

  • Your ability to print out or save a record of the transaction.
  • The safeguards for protecting any payment information you give online.
  • The privacy policy – what information is being collected, what will be done with it, and with whom it will be shared.
  • What you have to do to "opt-out" of having your personal information collected.
  • The e-merchant's policies on sending unsolicited email, and how you can decline the offer.
  • The e-merchant's return, refund, and exchange policies.
  • Where you can write, call, or email with any problems or complaints.


The Internet offers a tremendous opportunity to communicate with people all over the world. However, cyberspace scams are common. Since the Internet is international, there are difficult questions to resolve in fighting consumer frauds and abuses in cyberspace. How are scams discovered? Whose laws apply? Where did a fraud occur? Who is the enforcement agency? What are the rules to be followed? To whom does the consumer go upon discovering a scam?

Con artists have found a gold mine in the Internet by creating new and revamped methods of separating people from their money through fraudulent means. E-mail can be used to reach vast numbers of people with false promises, the Internet can be used to hijack people's modems to run up long distance charges, and fraudulent e-businesses can promise the world and deliver nothing. On the positive side, law enforcement officials world wide are working to close down as many of the dot-cons as possible. The following are some of the more common dot-cons and some suggestions about how to safeguard yourself.

Internet Access or Web Services

The bait is literally free money simply by cashing a check. By cashing the check, however, the unwary consumer finds him- or herself trapped into a long-term contract for Internet, or other type of Web service, with huge penalties for canceling the contract.

  • If you receive an unsolicited check, read all the small print to find out what happens when you cash the check. If you don't want the services offered, tear up the check.

Credit Card Fraud

The bait is often an offer to view adult websites for free - just for sharing you credit card number to prove that you are over age 18. Then the unwary consumer finds many unauthorized charges on his next credit card bill.

  • Only give your credit card number out when you are buying from a company that you trust. If you find unauthorized charges on your billing statement, dispute them by complaining to the card issuer. For more information, refer to Credit Cards, Dealing with Errors.

International Modem Dialing

The bait is getting free access to (usually) adult and pornographic materials over the Internet by downloading a "viewer" or "dialer" program. The problem is that the unwary consumer's modem is disconnected then reconnected to the Internet through an international long-distance number. This means that the unwary consumer's next phone bill has large long distances charges.

  • The best policy is not to download any program to get access to "free" services. Usually the services are anything but free. If you see a dialog box pop-up indicating that your modem is dialing when you did not direct it to do so, cancel the connection and hang-up right away.
  • Read your phone bill carefully every month to catch unauthorized charges.

Web Cramming

The bait is an offer to get a free, custom-designed website for 30 days with no obligation to continue. The unwary consumer then is billed through his or her telephone company for the service, even when he or she never accepted the offer in the first place, or never agreed to continue the service.

  • The only thing you can do here is to check your phone bill closely for charges that you don't recognize.

Travel, Investments, and Health Care

The baits are fairly similar for all of these dot-cons. You are told that you can vacation in an exotic place with luxury accommodations at bargain prices. You can make a small investment of money and expect huge earnings. You can buy a proven cure. The unwary consumer finds that none of these claims are true. The vacation is more expensive and decidedly less luxurious than advertised. The investment yields little or no return. The cure doesn't cure.

  • Know with whom you are dealing. Reputable travel agents, investment brokers, and health-care services won't promise what they know they can't deliver.
  • Get details of a trip in writing, including the cancellation policy, before you sign up.
  • For investments, check out the promoter with state and federal securities regulators. Talk to others who have made this investment and get all promises in writing.
  • For a business "opportunity," talk to others that have taken this "opportunity," and get all promises in writing. Review the "opportunity" with an attorney or accountant. For additional information about business opportunities, refer to Extra Note: Business and Franchise Opportunities.
  • Be very careful about submitting personal financial information online.

    Example: Heloise Flite sees an ad online for a "Fun-Filled Vacation for 2 in Beautiful! Sun-Drenched Aruba!" with hotel and dance classes included in the price. Before she signs up and must pay for the vacation, she gets the full details of the trip sent to her in writing, along with an explanation of the cancellation and refund policies. She checks with the Better Business Bureau to see if any complaints have been filed against the company. She finally decides that this may not be the great bargain she thought it was going to be, and continues her search for a vacation package.

Credit Repair

The bait is an offer to erase negative information from you credit file so that you can qualify for a credit card, auto loan, mortgage, or a job. Credit repair services cannot "clean" your credit record. Legitimate, current credit information about you cannot be removed. Only time and deliberate effort will improve your credit. For more information, refer to Credit Repair.

  • You can (and should) get a copy of your credit report every year of two to make certain that the information in it is correct. You can have any old or inaccurate information removed.


"Phishing" is the fastest growing form of identity theft, and is the fourth most common Internet scam.

What is phishing? Identity thieves trick unwary consumers into providing personal information by pretending to be someone or some business that they are not. The personal information that is most often requested is the consumer's Social Security number, financial account number, user name, password or PIN number. In addition, it appears that some scams target online auctions, such as E-Bay. Some very sophisticated schemes can even load small computer programs called "key loggers" into your system to steal account information from you when you use online accounts.

How does phishing work? The most common form of phishing is by email. The scammer pretends to be a legitimate company such as a financial institution (bank, etc.) or government agency seeking the verification of some personal information. The "hook" usually is some exciting or alarming claim, such as a special "offer," a "problem" with your last payment or that your account is about to be closed if you do not respond.

A real life example: A phisher pretended to be from the Massachusetts State Lottery Commission sending thousands of emails that claimed the recipient had won the lottery. The recipient was asked for his/her bank account number so that the winnings could be deposited directly into the account. Once the phisher got the account number, the phisher accessed the account and removed money!

Tips to avoid getting hooked by a phisher:

  • Immediately be suspicious if you are contacted unexpectedly by email and asked for any of your personal and/or financial information. Legitimate companies do not do this.
  • If you get an email or a pop-up message asking for personal and/or financial information do not reply or click on the link.
  • Regularly log into any online accounts that you own and check your statements for suspicious activity.
  • Review all printed credit card and bank statements as soon as you get them to see if there are any errors.
  • Many anti-virus programs now filter out or warn you of potential phish attacks. Use anti-virus software and keep it up-to-date.
  • Ensure that your browser is up to date and security patches applied. In particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page to download a special patch relating to certain phishing schemes.
  • Report any suspicious activity to the Federal Trade Commission, the Federal Bureau of Investigation Internet Fraud Complaint Center (which is part of the website), and the Anti-Phishing Workgroup (APWG).

Phishing attacks can be very difficult to detect. As a result, you may get fooled into giving out your personal information. If you have been tricked this way, the best course is to assume that you are likely to become a victim of credit card fraud, bank fraud, or identity theft. Fortunately, there are number of steps that you can take to protect yourself. (note - some of this information is specific to United States federal laws):

  • Report the theft of this information to the bank, credit card issuer, or company as quickly as possible.
    • Many companies have toll-free numbers and 24-hour service to deal with such emergencies.
    • Ask them to notify you of any unusual activity on your account
    • Cancel your account, close any ones set up by others using your personal information and open a new one
    • Review your billing statements carefully after the loss.
  • Your maximum liability under federal law for unauthorized use of your credit card is $50. If the loss involves your credit card number, but not the card itself, you should have no liability for unauthorized use
  • ATM: Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss. If your ATM card was stolen, get a new card, account number and PIN. You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you
  • If you download a "key logger," virus or other malicious code,
    • At work: contact your IT department immediately [even if the attack resulted from personal use of a company computer]
    • At home: Install and/or update anti-virus and personal firewall software, update all virus definitions and run a full scan, confirm every connection your firewall allows and then change your password again
    • Both at home and work: Check every account that asks you for an online password (including eBay, PayPal, email ISP, online bank accounts, online trading accounts, and e-commerce accounts)
  • Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
    • Request that they place a fraud alert and a victim's statement in your file.
    • Request a FREE copy of your credit report to check whether any accounts were opened without your consent.
    • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
  • Contact your local police department to file a criminal report.
  • Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information.
  • Notify the Department of Motor Vehicles of your identity theft and check to see if an unauthorized license number has been issued in your name.
  • Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name," a guide that will help you guard against and recover from your theft.

Watch out for…Secret Program Files

Secret programs can exist in files that you download from the Internet - especially .exe files. These files can ruin your hard drive, hijack your modem, or collect information on you without your knowledge. The best way to protect yourself is to install a virus protection program before you go online.

Children Online

Parents who are concerned that their children might be taken advantage of when the children are shopping and surfing online, have a way of ensuring some privacy. The Federal Trade Commission has established rules for website operators to ensure children's privacy under The Children's Online Privacy Protection Act (COPPA). This federal law assists parents in protecting their children who go online in a number of ways.

  • A privacy policy must be available through a link on any website's homepage that caters to, or has a section devoted to, children under age 13 AND this privacy policy must be linked at each part of the web site where personal information is collected from kids. If the website is for the "general audience" but has a section for kids, the privacy policy must be posted on the kids' pages.
    • * 4 Parents should look for the privacy policy at any website that their children are visiting.
  • The privacy policy will tell parents the kinds of personal information that is being collected from their children, how this information will be used, AND if the information will be passed on to any third parties.
  • The website must provide notice to parents, and, with only a few exceptions, must obtain verifiable parental consent before collecting personal information from children.
  • Parents can decide whether or not to give consent for information to be collected from their children. A parent has the right to give consent for information to be collected from his or her child, but also has the right to block that information from being passed on to any third party.

Note: Parental consent is not required when a site collects the child's email address to:

  • Respond to a one-time request from a child
  • Provide a notice to the parent
  • Ensure the safety of the child or the site
  • Send a newsletter or other information on a regular basis as long as the site notifies the parent, giving the parent the opportunity to decline the service
  • Parents have the right to ask to see the information that their children have submitted. Parents will have to provide proof of their own identities to ensure the privacy of the information.
  • website operators must also inform parents when the information collected from children is going to be used differently than originally stated on the website.
  • Parents have the right to revoke their consent at any time and to have the information already collected from their children deleted.

    Example: Minnie's daughter loves jelly beans and often visits to get the latest information about new flavors and so forth. Minnie gets an email message from the Webmaster informing her that the website will be sharing her daughter's information with a manufacturer of stuffed bunny rabbits who is starting a new website. Minnie decides that she does not want her daughter's information given to the new website, and asks that all of her daughter's information be deleted.

For your information…Cyber-Traveling with Children

Teach your children the meaning of privacy and personal information. Tell them never to meet an online pal or send a picture without your permission.

Filters can be used to put certain sites and subjects off limits to your children. These controls are available though your Internet service provider (ISP), or through special software you can buy.

Remember, however, that filters are not fool-proof.

Some ISPs also offer filters to control the amount of unsolicited email you and your children receive.

For more information about COPPA and what website operators are required to do, visit the FTC's website.

Points To Remember

  • Know the e-businesses with which you do business.
  • Check out the e-business's privacy policy.
  • Be sure that your browser encrypts or scrambles your financial information.
  • If an e-promotion sounds too good to be true, then it probably is! Dot-cons abound on the Internet.
  • To do a quick search to see if an e-merchant is legitimate, check to see what others have said about a company, or check the Better Business Bureau website which also collects information and comments about e-businesses.
  • Parents should check out the privacy policies of any website visited by their children. Parents need to know what information is being collected about their children and how that information will be used.
  • The American Bar Association offers tips about online shopping security.

Where To Go If You Have A Problem

The Federal Trade Commission is leading the way in fighting e-fraud.

Federal Trade Commission
1-877-FTC-HELP (1-877-382-4357) (toll-free)
Online complaint form

You should also report any frauds to the National Fraud Information Center (NFIC). NFIC will answer questions about online scams and provide information on how and where to report fraud.

National Fraud Information Center
1-800-876-7060 (toll-free)

If the e-business with which you are having trouble is a New Hampshire business, call the Consumer Protection Bureau of the New Hampshire Attorney General's Office.

NH Consumer Protection Bureau
Department of Justice
33 Capitol Street
Concord, NH 03301-6397

Portable Document Format Symbol Portable Document Format (.pdf). Visit for a list of free .pdf readers for a variety of operating systems.

New Hampshire Department of Justice
33 Capitol Street | Concord, NH | 03301
Telephone: 603-271-3658