For many, shopping on social media makes sense. Platforms like Instagram Shopping or Facebook Marketplace serve up an array of products, on an app you already spend time on, often personalised to your specific tastes. It’s convenient, easy, and helps you buy just what you didn’t know you always needed.
If you’ve tapped through your social app to make a purchase before, you’re one of a growing crowd. So-called ‘social commerce’ is booming: global social commerce sales in 2020 were valued at an estimated US$560 billion, according to Statista, and forecasts suggest this will hit US$2.9 trillion in 2026.
Facebook has been in the shopping game for years, and some countries now have access to Facebook Pay to make purchases on Facebook, Messenger, Instagram and WhatsApp. On Instagram, 130 million accounts tap on a shopping post every month. TikTok has a growing partnership with Shopify to help users buy through the app. And WeChat plays a huge role in the social-shopping market in China, which is ten times that of the US.
But is mixing social media and your spending a wise move? We already know social media companies have an insatiable hunger for user data, so what personal information might we be sharing when we make purchases directly on their platforms? Is it any different to regular online shopping?
If you make purchases via your social app, you're likely giving up a lot of personal data. On Facebook or Instagram, for example, this includes credit card information, billing/shipping addresses, and additional contact information, on top of details that reveal a lot about your personal habits. The platform then passes some of this on to vendors and service providers to help them fulfil your purchase.
Hayley Tsukayama, a legislative activist with the Electronic Frontier Foundation, says that she's fairly confident the big social media companies will be reliable in processing payments securely. But there’s all sorts of extra information about your shopping habits that you might also be giving up.
“Where you are, what you buy, when you buy it … they might know that you're a late shopper, they might know that you're an early shopper, these are all sorts of little pieces of information that feed a profile that these companies can build out, and really make this picture of you that they then hawk to advertisers.”
Buying through social media might not feel all that different to regular shopping through online stores, but some aspects of social commerce aren’t as mature or scrutinized as regular online shopping, even if they seem similar on the surface. And that’s where things can get risky.
Jake Moore, security specialist at cybersecurity firm ESET, says he has seen a massive uptick in social commerce-related fraud. This can range from sellers who take consumers’ money but don’t deliver the product, or who take users’ financial information by posing as a legitimate vendor and then selling this on:
“When I do research on the dark web, you can find databases with loads of up-to-date credit card numbers, phone numbers and addresses already packaged quite nicely for you for pretty cheap, usually one or two dollars per line.”
This risk arguably applies to all online commerce, but Moore says the ease with which you can go from seeing a targeted product on social media to purchasing it removes points of friction from the buying process, which perhaps makes it harder to pause and reflect on a merchant’s trustworthiness.
Estelle Massé, Senior Policy Analyst and Global Data Protection Lead at Access Now, warns that the addition of financial information to all the personal information you already share on social platforms makes them “really ripe for abuse” in terms of fraud.
Watch out for phishing emails claiming to be from social media accounts wanting to offer refunds or asking for account information - “they might be trying to get access to your credit card”, she says.
First step: do your due diligence on the seller. Look out for signs of engagement on the vendor's profile: a decent following, combined with comments and reviews. Accounts can purchase fake followers, as Moore acknowledges, but he says that genuine interaction is harder to replicate, as faux followers “tend to just be represented by numbers rather than comments.” Looking to see if the vendor has a verified (blue tick) account helps too, Moore says. Research in the same way you might if you were buying from any shop you’d not heard of before.
Privacy wise, all three experts had another piece of advice: Try not to complete the transaction on the social app itself, but open up a browser and put in the shop’s URL there, or search for the seller independently. Try and verify that the site is secure (for example, look for that HTTPS lock in the address bar).
“In general, I think it's probably better to navigate directly to a site,” says Tsukayama. “If you see an ad and you see the company name, and it’s somebody that you trust, then go directly there, as opposed to going through an ad or through a social media marketplace.”
This also means not just using the social media platform’s in-app browser to check out, but actually opening up another browser or doing an independent search to buy the product, says Moore. Tap the three dots up in the corner of your social app and see if there’s an option to ‘open in browser’, or go the simple copy-and-paste route.
“They (in-app browsers) all have different ways of using your information,” says Moore. “You're not always aware of how much information they are able to read from you.”