Common Credit Card Security Issues and How to Keep Your Personal Information Safe
The first rule of credit card security is to assume your card’s information has already been stolen. Even if you haven’t seen any consequences, this is probably an accurate assumption, especially with the width and breadth of retailer and processor breaches. It’s best to be on the lookout for errant charges on your bill. With that being said, here are some common security issues, and how to avoid them.
Table of Contents
Shopping on an Unsecured Website
The next time your visit a website, look at the URL bar. Does it say HTTP or HTTPS? The “s” stands for “secure.” If you are buying something online, it’s important the retailer has an “HTTPS” site, or your information might be easily stolen. Also, check for a small lock symbol next to the URL when you are making a transaction. This signifies that the transaction itself is secure, as opposed to the site as a whole. Having both HTTPS and the lock symbol is ideal.
While your information can still be encrypted without HTTPS, as with the lock symbol, it’s much safer on an https site. While we’re on the subject of encrypted sites…
Storing Your Credit Card Information
Even with an HTTPS site, it’s a good practice to not store your credit card information on the site. Your information can be stolen during the aforementioned retailer or processor breaches. While you might think your favorite brick-and-mortar store would be good about keeping your credit card number safe on its website, this is often not the case. Even Amazon, the juggernaut of e-commerce, is not immune to breaches.
This means you will have to enter your card information every time you make a purchase, but it also means peace of mind as your information will not be stored long-term.
Need more examples of why you shouldn’t store information on sites? Both Uber and Whole Foods were breached this year. Uber attempted to conceal a breach of 57 million users by a 20-year-old hacker, while Whole Foods confirmed 117 store locations had credit card information stolen. While the Whole Foods incident was in-person, the Uber breach was solely online.
Instances of credit card theft online are rising. That does not mean using your card in person is any safer. Both virtual and physical credit card theft are serious risks.
Trusting the Point of Sale
We’ve covered skimming before, where ne’er-do-wells hide a device that can capture your credit card information on top of an actual, legitimate reader. But, there’s another method in the same vein, using updated technology.
“Shimming” is the new skimming. It involves thieves placing a shim in the card reader slot that reads your EMV chip. While it can’t perfectly copy your card, thanks to the EMV technology, it can copy enough information to fool machines with lax security. And while conventional wisdom used to be that ATMs out in the open, in well-lit places, were the best machines to use, it’s now so easy to install skimmers or shims that no ATM is safe.
If possible, use a credit card instead of a debit card as there are more security protections in place for credit cards.
Not Securing Your Phone
Storing your card to your Apple Pay, Android Pay, or Samsung Pay are safer and more convenient — you hover your phone over the point-of-sale machine and your bill is paid. While this method used to be sketchy, and hackers could intercept the signal, the information transmitted is a single-use “token” that doesn’t actually contain any card information.
This is all well and good until someone steals your phone, with your credit card information saved on it, and starts using your virtual wallet. At the very least, you want to put a password or passcode on your phone. If your phone has fingerprint capabilities, even better. If possible, require every transaction to use a password — different from unlocking your phone — or your fingerprint again.
How to Stay Secure
Get a Virtual Credit Card
If you are shopping online, your first line of defense should be a virtual credit card. Check with your bank or credit card lender to see if they offer this service. You need to already have a physical card before being able to use a virtual card, and virtual cards, as the name implies, are not real cards and can’t be used at brick-and-mortar stores.
An important note is that virtual credit cards have their own limits, not tied to your actual card. If you find yourself about to go over the limit, call your lender and let them know you need a higher limit.
Avoid Public Wifi
If you are in a Starbucks and thinking of buying something online while sipping your coffee, stop, close your laptop, and wait until you get home. It’s notoriously easy to “sniff” traffic from public wifi, to the point where a hacker can see what images are being served to your computer. They can capture information coming in and out of your computer (called “packets”) and either save them for later, or read them in real time.
If you are going to use sensitive information, such as a credit card number, while online, wait until you are behind a wifi connection that requires a password, such as your home network. Places that have locked wifi connections but give out passwords (such as, say, a doctor’s office or hospital that will give anyone the password if you simply ask the front desk) do not count, either, as they are still not secure enough.
It’s also worth noting that hackers can simply create their own network that looks like it’s a public wifi connection, even having a name that seems like it should be there — a second Starbucks connection, for instance — but is only there to sniff information easier than tapping into an existing network.
Set Up Purchase Alerts
You can set up purchase alerts and two-factor authentication to further secure your accounts. Purchase alerts will tell you when a purchase has been made over a certain limit, while 2FA sends a text, call, or email with a code for you to enter to ensure it is indeed you making a purchase or logging into an account.
While this won’t prevent credit card theft, it will at least let you know something is wrong. Then, you can work with your lender to fix the situation.
We take for granted how easy it is to steal a credit card number – either in person, or online. Be vigilant, take these simple steps to secure your cards, and shop online safely.
For more information on credit cards, including more on security and fraud, visit our credit card resource center.
Image Source: https://depositphotos.com/
A former newspaper journalist, Cole spends his free time reading, writing, playing video games, watching movies, and learning about every subject under the sun. He lives with his wife and daughter in Idaho. Follow Cole on Twitter: @ColeMayer42
This post was updated February 28, 2019. It was originally published January 17, 2018.