Like many of you, I was one of the unfortunate 56 million Americans whose credit card information was exposed in the Home Depot data breach that was uncovered this month. After numerous near-misses and checking through old statements, the uncomfortable truth has finally been driven home: If you still use your credit card or debit card to pay at the register, then it WILL eventually be stolen. There’s no “maybe” about it anymore.
What can you do to protect yourself without crossing over into paranoia? Here are seven simple lessons learned from this year’s data breaches that can help keep you safe, but allow you to keep living your life.
1. Never pay for anything with a debit card, ever.
This one’s been mentioned a lot lately, and it bears repeating again. Both credit and debit cards offer protection from fraud liability if you report suspicious transactions in time, but it’s what happens in the meantime that matters. With a credit card, it’s a charge on your bill that you have to dispute. With a debit card, that money is gone until further notice. A promise of reimbursement doesn’t help you much when your bank account shows a zero balance and you have bills to pay – not to mention overdraft and other fees that may have been racked up by the fraudster. In short, debit card fraud is much more trouble to “untangle.” And in many cases, you only have a short time to report suspicious activity – as little as two days – or you could be left holding the bag for most of those losses.
2. Use cash when you can; use a low-value card when you can’t.
I try to avoid using cards at the cash register whenever possible, because no matter how “smart” you are about security, once you swipe your card, you have no control over what happens to that data next. Some retailers might have adequate security in place to prevent an attack, but some will not. It’s all but impossible to tell which is which; mostly, it’s just blind luck. Take luck out of the equation by paying in cash, and only using your debit card at bank-owned ATMs.
Of course, sometimes you’ll happen not to have any cash, or you’ll buy something that costs more than your cash on hand. For these occasions, I like to keep a credit card with a low limit, such as $250 or $500, that I’m willing to “expose” for daily purchases (or online transactions). On the rare occasions when I need to buy something more expensive than that – say, airline tickets – I’ll use a separate card, which is used only for that purpose. But wait, you’re saying – if credit cards have fraud protection, why would it matter what your limit is?
3. Liability protection is great, but it should not be your first line of defense.
The protection afforded by credit cards means you’ll likely get your money back in case of fraud, but it’s not as if that process is click-click and then you’re done. Procedures will vary from one card issuer to the next, but you may be obliged to open a dispute, contest the charges in writing, fill out forms or a fraud affidavit, and otherwise prove that the charges took place without your knowledge. And obviously, the larger the amount, the more thoroughly that’s all going to be checked. And, all things being equal, if you were fighting a fraudulent charge, would you rather $500 was on the line, or $13,000?
Another good thing about a low-limit card is that it will make you change your behavior to be more secure: You’ll probably check your balance and pay it off a lot more frequently, meaning you’re more likely to notice anything out of place. A crook also won’t know what the credit limit is, so a declined-card message on a big purchase could cause him to think the card is no good.
4. Prepaid cards are an interesting idea, but ultimately not designed for this fight.
The advantage of a prepaid card is that there’s a finite limit to what can be stolen: nothing more than the amount on the card, period. At first glance, that sounds like a pretty good anti-fraud feature. But the drawback – and it’s a big one – is that most prepaid cards offer little or no protection, so whatever you lose is gone for good. Furthermore, it’s virtually impossible to find a prepaid card without either a monthly fee, a reload fee, or a per-transaction fee (some prepaid cards offer a fee-free option with direct deposit, but then the auto-refill opens you up to have more money stolen if your card is compromised). They’re an interesting idea, but from an anti-fraud perspective, a low-limit credit card is superior in all aspects.
5. Try not to use your card at an unattended location, especially at off hours.
If you’re paying with credit at a gas station, you’re far better off walking inside and handing your card to the cashier than swiping it at the pump. Gas pumps are the most well-known of this group, but the fact is, any card reader that’s outdoors, or in an unattended public lobby, makes an easy target for criminals with card skimmers. Bank-owned ATMs are generally a little safer than most in this category because they’re more closely watched and checked regularly during business hours, but at night and on weekends, they’re fair game, too. If there’s absolutely no other option than to use a card at an unattended machine, the low-limit credit card is your friend.
6. Check your balance frequently, and take advantage of your card’s built-in monitoring features.
After the Target breach last fall, I found myself checking my credit card balances nearly every day for a month, and that’s a good practice to keep up. Some card issuers also have free options to help you keep on top of things – for example, email or text notifications every time your card is used for an online transaction. Don’t panic and sign up for a service with a monthly fee, but do check what’s available for free, and take advantage of it.
7. Where do checks come into this?
At first glance, the old-fashioned paper check seems like a security problem waiting to happen, with your bank account number printed right there on the front. But on the other hand, your account number is also printed right on the front of your credit card, and at least a check can’t be “hacked.”
The issue for you as the consumer is one of physical security: Will the paper check itself be stolen, or will a dishonest employee steal the account number? While these are definite risks, the same risks are also present with all kinds of payments other than cash. It’s also important to note that, while check fraud remains a serious problem in this country, the majority of it involves individuals trying to scam merchants and banks, not other individuals. Fake checks, altered checks, deliberately bounced checks – all are big problems in the banking industry, but if you pay by check today, you can be reasonably sure that it’s business as usual.