FREE NEWSLETTER

Beat the Cheats

David Powell  |  July 26, 2019

U.S. CREDIT CARD fraud topped $8 billion in 2015 and should surpass $12 billion next year. You can reduce your exposure to such incidents with a few simple steps. Why bother? Won’t the bank pick up the tab when unauthorized purchases show up on your account? Generally, yes, thanks to the Fair Credit Billing Act and the Electronic Fund Transfer Act. But there may be limitations on that protection, based on how quickly you notify your bank when you discover unauthorized charges.

There are two well-established ways your credit card information can be stolen and used.

The most likely scenario is when a hacker exploits weak security measures at a merchant or payment processing company to download big lists of detailed credit card and billing contact info. These tend to be big, disruptive incidents which cost the responsible party millions of dollars and create a lot of hassle for you and others affected. The Heartland Payment Systems hack in 2009 exposed 160 million cards, according to the indictment of those charged. More such incidents have been reported, including at TJX Cos. (in 2006, 94 million cards), Home Depot (in 2014, 56 million cards) and Target (in 2013, 40 million cards).

The next most common scenario is when an attacker gains access to a merchant’s payment terminal or point-of-sale system at a gas station, restaurant or store, and installs malware or modifies it with a skimmer or shimmer device, to steal information from every card used there. Skimmers exploit the oldest tech on your credit card: the old-school magnetic stripe that holds all of your card data in an open, unencrypted form. Michaels crafts stores in 20 states reportedly experienced such a crime in 2011. Skimmer use on ATMs has risen, too.

When these incidents are discovered, banks proactively issue new cards to all affected customers. It’s the right thing to do to reduce everyone’s financial exposure, but it’s a hassle.

Here are five ways to limit your exposure to such fraud:

  1. Set up your credit and debit cards in the electronic wallet on your iPhone or Android. When making purchases in person, use near-field communication (NFC) mobile tap-to-pay technology, like Apple Pay or Google Pay, whenever it’s available. This is your most secure option, usually using a biometric security device on your phone to authenticate before the purchase is enabled. Wireless, secure NFC also avoids the risks from skimmer or shimmer devicesIf you select your debit card—rather than your credit card—from your phone’s wallet app, the same method can be used to log securely into a bank ATM with your phone plus your ATM PIN.
  2. Use your credit or debit card’s chip technology whenever NFC mobile isn’t an option. This requires you to insert your card rather than swipe. This approach is far more secure than swiping, but still potentially exposes you to shimmers. In Canada and Europe, you may need to use a PIN with your credit card when paying this way.
  3. Limit the number of websites where you check the box to store your credit card data when checking out. Yes, it means purchases take a moment longer and require a bit more typing, but it cuts off grief from big hacks right at the source.
  4. Use features, like Bank of America’s ShopSafe  and Citibank’s Virtual Account Numbers, to generate a virtual card number (VCN) for one-off web purchases on risky sites or recurring purchases lasting up to 12 months. If your VCN for a merchant is caught up in an incident, just that one VCN will need to be replaced, not the underlying credit card.
  5. If a merchant only supports swiping a credit card, pay with cash or take your business elsewhere. Merchants have had years to upgrade their payment terminals.

For more secure online payments, there are a few other options popular in the U.S., including services like PayPal. Apple Pay and Google Pay are also expanding to web and mobile app payments. Mastercard and Visa just released specs for new technology that should enable them to compete with Apple, Google and PayPal using Masterpass by Mastercard or Visa Checkout. All of these solve the problems associated with saving underlying credit card information at each merchant. Indeed, we should soon have lots of choices for more secure and convenient online shopping.

David Powell has written software or led engineering teams for 35 years. He enjoys work, vegan fine dining, cycling and travel with his spouse. His previous articles include Get Me a MargaritaMaking a Mesh and Elon and Me.

Do you enjoy articles by David and HumbleDollar’s other contributors? Please support our work with a donation.

Free Newsletter

SHARE