Every time there’s a large credit card breach, you’ll hear some expert say risks for consumers are low, because it’s easy to cancel a credit or debit card and get a new one. Not so fast. If fraud appears on your bill, but you don’t notice it, you’ll pay for it. More important, changing account numbers is a hassle. You’ll have to update all your automatic payment accounts, for example. Screw up one of those, and you could get hit with late fees from a merchant when your payment is denied.
Despite the liability limits, you’re better off avoiding all this in the first place. Below are suggestions on how to do that. Most involve limiting the number of times you have to share your plastic with someone, decreasing your “attack surface.” Some might be familiar. Others might seem extreme. Either way, there’s no way to make yourself 100% fraud proof. That’s why we’ve also provided tips on the earliest possible detection and reporting of fraud, which is the main way to protect yourself. For example, regularly checking your credit scores can help you spot fraudulent activities on your credit cards. (You can check two of your scores free on Credit.com.) Here’s how to keep yourself as safe as possible.
1. Avoid Using Debit Cards to Buy Things
When I asked Gartner fraud analyst Avivah Litan about her fraud-fighting tips, this is the first thing she said:
“Never use PIN debit, except for bank ATM machines attached to bank branches.”
PIN debit is the technical term for using a debit card as “credit” at a merchant. From a fraud perspective, the “debit or credit” question is meaningless. Either way, you are putting your debit card account information into databases criminals can hack. And recovering from a debit card fraud is much more of a hassle than recovering from a credit card fraud. With credit card fraud, consumers call their bank, dispute a fraudulent charge and don’t pay for that part of their bill. With debit card fraud, money is taken from the victim’s checking account, and the consumer has to argue with the bank to get it back. That usually happens quickly, but in the meantime, the consumer’s balance can dip below zero, leading to overdrafts and other potential problems, like bounced rent checks.
It’s a bad idea to buy things with a debit card. Use a debit card to withdraw cash at a bank ATM. Otherwise, use credit.
Some people use debit card purchasing as a personal finance tool to limit spending. That’s a rational reason to do so. If you must, don’t use PIN debit, so at least a criminal can’t gain access to your PIN at that merchant.
2. Be Careful With Stored-Value Apps
The latest trend in money is “digitized stored value.” You probably familiar with it if you buy coffee with your Starbucks app. Many merchants are now imitating Starbucks with their own digitized stored value apps. But app makers and merchants are not banks. They have less experience keeping money safe. The consequences have been obvious: Starbucks consumers have complained for nearly two years about criminals raiding their app-linked credit cards. Worst of all, consumers with auto-fill have seen criminals conduct rapid-fire conduct transactions through the apps. Starbucks says this impacts a tiny fraction of consumers, and they are quickly refunded. If you are using “digitized stored value,” manually reloading value is safer than loading your credit card and especially your debit card.
3. Have a Separate Card for Digital Transactions
Splitting your transactions among cards can limit the “spillover” if fraud occurs. This tip isn’t for everyone. Some consumers like racking up points on one card. Others are afraid they’ll miss a payment if they have more than one credit card bill each month. But separating out transactions can have fraud-fighting benefits. If you are the type to buy items from less popular websites that might not have the security protections of a larger site, consider having a card you use just for those higher-risk purchases. That way, if the small site is compromised, the impact on your life will be contained.
4. Google Second-Tier Sites
Speaking of second-tier sites, you should always Google them before making a purchase. Search “BobsWidgetSite.com and complaints,” then “BobsWidgetSite and fraud,” before making a purchase the first time. Scroll through a page or two of results, in case the site has done search engine optimization work to beat back complaints. I talk often to victims who do that search only after they are victims of fraud, and then kick themselves.
5. Place a Sticker Over Your Security Code
Here’s a novel idea from computer security expert Harri Hursti. Most credit and debit card credentials are useless without the security code numbers on the back of the card. To limit the risk of physical theft, place a sticker over the numbers and memorize them. They are usually only three or four digits. That way someone else who holds your card for a few moments can’t get enough information to steal from your account. Such physical theft is less common than it once was, but the sticker idea is a simple fraud-fighting tool.
6. Say No to ‘Free’ Trial Offers & Avoid ‘Gray Charges’
About five years ago, a credit card fraud fighting firm named BillGuard.com coined the term “gray charges.” These aren’t traditional fraud, but they aren’t transactions you approved, either. It might be a magazine you didn’t realize you purchased as a bundle at a checkout. It might be a subscription travel service that “accidentally” ended up in your shopping cart when you booked a trip. Or it might be a free trial you forgot about that has now converted to a $20-a-month charge. Either way, gray charges are a hassle, and the easiest way to avoid them is to never sign up for a “free” anything that requires your credit card. Check your shopping carts diligently, and uncheck all the “sign me up for XX” boxes along the way.
7. Don’t Fall for Phishing
Phishing emails have been around for a while – so long you might forget the risk they pose. Big mistake. A study by the University of Texas last year found that phishers “thrive” on consumers’ overconfidence. There was a 500% increase in personalized, social-media-based phishes in 2016. A common, credit-card stealing email might be an alert claiming your credit card on file with iTunes has been rejected, and asking for an immediate update. If you think you can’t be phished, you’re wrong. Never enter your credit card number into a website unless you have manually visited the site by typing the address into your web browser’s address bar. Never click on a link in an email – even one you are certain is real – and enter payment credentials.
8. Don’t Give Your Credit Card Number Over the Phone
This tip is similar: Never give your credit or debit card number to anyone who calls your house. Even if you are certain the call is legit. Always hang up and manually dial the company’s phone number, then give your payment details. That might sound like a hassle, but any reputable company will appreciate your efforts at security. If the person on the other end of the phone gets annoyed, that’s a good indication you are being hustled.
9. Get a Post Office Box
Mail theft is still a cause of identity theft. The simplest way to avoid it is to stop mail from coming to your house. Small P.O. boxes can cost around $100 per year and can offer peace of mind.
10. Use ATMs Carefully & Watch for Skimmers.
You know to make sure no one is watching while you enter your PIN code at an ATM. But how? It’s getting harder and harder to be sure, as hackers are inventing smarter skimmer devices that let them “watch” you remotely. The latest devices are designed to fit snugly over the slot where cards are inserted or even to be snuck inside that slot, invisible to the untrained eye. That’s one reason Litan only uses ATMs attached to a bank branch. ATMs outside grocery stores or gas stations can be easier to attack and often have higher fees. The risk isn’t only at ATMs. So-called “overlays” that fit on top of a merchant point of sale terminal have been spotted at major retailers across the country. Whenever inserting your credit or debit card into any machine, it’s a good idea to look for signs of tampering. You can take a moment to rub your fingers around the edges of a machine to see if an overlay of skimmer has been snapped on top.
11. Keep Track of Your Cards
It’s easy to forget your card at a restaurant after a meal. Develop a personal checklist so you avoid that. Each time you get up to leave a store, or before you go to bed at night, do a card count. If you can’t find your card but you are hopeful it will turn up, you might have better options than you realize. Many times, people are loathe to call and report lost cards because of the ensuing hassle. Some banks let you temporarily “freeze” your card while you look for it, then turn the card back on if it’s found safe. Discover has a feature called Freeze It. Visa and MasterCard also gives their banks similar options. Don’t be afraid to protect yourself while you are looking.
12. Sign up for Mobile Banking
Mobile banking is a great fraud fighting tool. If you aren’t using your bank’s app, you’re missing out. More people used mobile than used a bank branch for the first time in 2015, according to Javelin Strategy & Research.
Mobile banking lets you check your account every day for unusual activity. Use of mobile banking can reduce your attack surface, too, since mobile check deposits mean fewer trips to the ATM.
13. Set Text Alerts for Your Credit Card
Banking apps make it easier to use another trick that helps with fraud detection: text alerts. Most banks allow you to set up texts about transactions. Options include: A text with every purchase, a text for every purchase more than $100 or a daily text with the account balance. I prefer the last choice. Anything more frequent and the messages start to feel like spam, and can be ignored. The tool also helps with spending habits, as you’ll have a daily reminder of how much you’ve spent. Most banks can send the alerts via email, too.
14. Report Fraud Immediately
If you are hit by fraud, time isn’t on your side. You will likely be hit repeatedly until the card is canceled. Most importantly, if you don’t report the fraud in a timely manner, you can be held liable for some or all of it. Most of the time, financial institutions are responsive to fraud, and make reporting concerns and getting replacement cards easy, but early detection is critical.
Image: seb_ra