Cifas Homepage
NewsroomCareersContact Us

Social Smart: Instagram Checkout – friend or foe?

10 October 2019

Instagram, the app we still can’t seem to raise our gaze from (and when I say ‘we’, I mean me…) has launched a new in-app payment feature, Instagram Checkout. This feature allows users to click a link on the photo which leads directly to checkout. Shoppers will as well receive shipping and delivery tracking information all without leaving Instagram.

At first I thought this was great news. No more wasted time following the ‘link in bio’ to a website and scrolling through pages upon pages for the specific item. Additionally, this could help eliminate broken or compromised bio links inside of Instagram, furthering protecting users… right?

Potential blind spots

This feature was made for the online shopper’s convenience, and brilliantly another way to keep us on Instagram and off of other sites. But of course, with every technological advancement a social site makes, the fraudster advances right along with them and will find all possible weaknesses…

With new technology, it’s important for users to stay aware of how it is meant to work as this will help users spot a potential red flag if something is off. So what are some of the potential blind spots?

Retailers who are able to use this feature will typically have a blue checkmark beside their usernames. This blue checkmark means that the account has been verified to be who they claim to be by Instagram. Many believe the blue checkmark is the best fail safe, and although it is a good sign, don’t put anything past fraudsters… It is not unheard of for accounts to appear verified but are indeed still a scam. This can occur if a hacker spoofs a blue checkmark. This has become more common as of recently as another ‘fraud as a service’ situation, meaning fraudsters are offering blue checkmarks to Instagram users at a price, along with being able to purchase followers to appear more established and reputable as an influencer or brand.

Another potential blind spot I can see is with personal credit card details being stored with Facebook as part of the checkout process. In order for the Instagram checkout experience to be as fast and efficient as possible the user’s payment info will now need to be stored in Facebook.

Top tip: When using Instagram checkout, if you are re-directed to a separate webpage after pressing the link this is likely a fraudulent link.

Facebook secure?

This feature makes you save your payment information inside of Facebook in order to pull it for your linked Instagram account - this is currently the only way the feature works. So of course there are pro’s and con’s. Many will choose to not use this feature for the pure fact they would need to offer Facebook that much more personal information.

Over the last few years there has been no shortage in data breaches, from small organisations to massive corporations, Facebook included. It has become more important than ever before to be aware of what data you are storing on your Facebook account.

What does your digital footprint say about you?

If you are not positive that your Facebook password or information has not been compromised in the past you may be wise to not partake in this feature.

Keep in mind that when using this feature you’ll only need to enter your name, email, billing information and shipping address the first time you checkout with Instagram.

Top tip: Make sure you change your password before saving your payment details. The best way to do this would be through a password manager.

What if I get hacked? If your Facebook and/or Instagram account is compromised and used to make purchases you can claim ‘unauthorised payment’. This allows you to explain the situation to Instagram and for them to then investigate. However there is no guarantee the payment would be reimbursed by Instagram. To stay as secure as possible make sure to use a credit card so that you are secured under Section 75 of the Consumer Credit Act and, as always, make sure to change your passwords regularly.

Instagram offers a Purchase Protection Policy for all purchases made with Instagram checkout specifically. This means that purchases made through third-party sites, local pickups, Messenger transactions, or through other messaging services do not qualify.

It’s always a great idea to take a read through Instagram’s help pages to be aware of their policy and what is and is not covered in the case of fraud.

How is social media being used to commit fraud?

Knowledge is power

As most new technology goes, it is best to know how it is meant to work, so you can be better equipped for when something doesn’t seem quite right.

  • Make sure the retailer has verified blue checkmark.
  • Make sure the link on photo does not direct you away from Instagram.
  • Update Facebook password as your payment details will now be stored.

With this being a new feature only time will tell if it is a hit or miss. It’s important to stay cautious. When in doubt, go to the retailer’s webpage in a browser and find the item that way.

Find out more about online safety for young people.

If you have been a victim of fraud or cybercrime, report it to Action Fraud.

Posted by: Gabrielle Devereux

Gaby is the Head of Future Initiatives at Cifas.


#CyberSecMonth: cybersecurity is a shared responsibility

17 October 2019

With October being European Cybersecurity Awareness Month it’s the perfect time to make sure your organisations cybersecurity is more of a treat than a trick.


Who are you opening the door to? Why your customers could be the downfall of open banking.

4 October 2019

In the emergence of open banking it's important to understand your customer while keeping up with the advancement of technology.

Back to blog home >
Posted by: Gabrielle Devereux

Gaby is the Head of Future Initiatives at Cifas.