FREE NEWSLETTER

Beat the Cheats

David Powell

U.S. CREDIT CARD fraud topped $8 billion in 2015 and should surpass $12 billion next year. You can reduce your exposure to such incidents with a few simple steps. Why bother? Won’t the bank pick up the tab when unauthorized purchases show up on your account? Generally, yes, thanks to the Fair Credit Billing Act and the Electronic Fund Transfer Act. But there may be limitations on that protection, based on how quickly you notify your bank when you discover unauthorized charges.

There are two well-established ways your credit card information can be stolen and used.

The most likely scenario is when a hacker exploits weak security measures at a merchant or payment processing company to download big lists of detailed credit card and billing contact info. These tend to be big, disruptive incidents which cost the responsible party millions of dollars and create a lot of hassle for you and others affected. The Heartland Payment Systems hack in 2009 exposed 160 million cards, according to the indictment of those charged. More such incidents have been reported, including at TJX Cos. (in 2006, 94 million cards), Home Depot (in 2014, 56 million cards) and Target (in 2013, 40 million cards).

The next most common scenario is when an attacker gains access to a merchant’s payment terminal or point-of-sale system at a gas station, restaurant or store, and installs malware or modifies it with a skimmer or shimmer device, to steal information from every card used there. Skimmers exploit the oldest tech on your credit card: the old-school magnetic stripe that holds all of your card data in an open, unencrypted form. Michaels crafts stores in 20 states reportedly experienced such a crime in 2011. Skimmer use on ATMs has risen, too.

When these incidents are discovered, banks proactively issue new cards to all affected customers. It’s the right thing to do to reduce everyone’s financial exposure, but it’s a hassle.

Here are five ways to limit your exposure to such fraud:

  1. Set up your credit and debit cards in the electronic wallet on your iPhone or Android. When making purchases in person, use near-field communication (NFC) mobile tap-to-pay technology, like Apple Pay or Google Pay, whenever it’s available. This is your most secure option, usually using a biometric security device on your phone to authenticate before the purchase is enabled. Wireless, secure NFC also avoids the risks from skimmer or shimmer devicesIf you select your debit card—rather than your credit card—from your phone’s wallet app, the same method can be used to log securely into a bank ATM with your phone plus your ATM PIN.
  2. Use your credit or debit card’s chip technology whenever NFC mobile isn’t an option. This requires you to insert your card rather than swipe. This approach is far more secure than swiping, but still potentially exposes you to shimmers. In Canada and Europe, you may need to use a PIN with your credit card when paying this way.
  3. Limit the number of websites where you check the box to store your credit card data when checking out. Yes, it means purchases take a moment longer and require a bit more typing, but it cuts off grief from big hacks right at the source.
  4. Use features, like Bank of America’s ShopSafe  and Citibank’s Virtual Account Numbers, to generate a virtual card number (VCN) for one-off web purchases on risky sites or recurring purchases lasting up to 12 months. If your VCN for a merchant is caught up in an incident, just that one VCN will need to be replaced, not the underlying credit card.
  5. If a merchant only supports swiping a credit card, pay with cash or take your business elsewhere. Merchants have had years to upgrade their payment terminals.

For more secure online payments, there are a few other options popular in the U.S., including services like PayPal. Apple Pay and Google Pay are also expanding to web and mobile app payments. Mastercard and Visa just released specs for new technology that should enable them to compete with Apple, Google and PayPal using Masterpass by Mastercard or Visa Checkout. All of these solve the problems associated with saving underlying credit card information at each merchant. Indeed, we should soon have lots of choices for more secure and convenient online shopping.

David Powell has written software or led engineering teams for 35 years. He enjoys work, vegan fine dining, cycling and travel with his spouse. His previous articles include Get Me a MargaritaMaking a Mesh and Elon and Me.

Want to receive our weekly newsletter? Sign up now. How about our daily alert about the site's latest posts? Join the list.

Browse Articles

Subscribe
Notify of
4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
parkslope
parkslope
5 years ago

Good advice. I also like virtual credit cards because they prevent automatic renewals of subscriptions.

David Powell
David Powell
5 years ago
Reply to  parkslope

Yes indeed. If it could only stop the renewal nagging too 🙂

james mcglynn
james mcglynn
5 years ago

Equifax now has a fund to compensate the hacked. https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement . supposed to pay $125 per person.

David Powell
David Powell
5 years ago
Reply to  james mcglynn

Thanks for the link, James.

Free Newsletter

SHARE