We hand over a lot of personal information to obtain credit cards. But is our information — and money — safe?
It’s understandable to be worried. From time to time, large companies lose customer data in major hacks:
- In a well-publicized hack, Target lost card data from 40 million customers. A class-action lawsuit claimed that Target hadn’t implemented sufficient security measures to prevent the hack.
- Malware infected Chipotle’s cash registers, allowing thieves to steal data from credit card magstripes.
- InterContinental Hotels Group, which runs properties like Holiday Inn, had its own run-in with hacking. A data breach affected almost 1,200 of the company’s hotels, and many customers reported unauthorized charges on their credit cards.
Credit card fraud is a growing problem — it caused an estimated $24.71 billion in losses in 2016 alone. By 2020, it’s expected to cost $31.67 billion worldwide.
If you’re concerned about your credit card information, you’re not alone. Here’s what you should know about credit card security — and keeping your information safe.
Should I be worried about credit card fraud?
To get a credit card, you must first submit personal and financial information to a card provider. Your name, phone number, email address and residential address are a given. But you also have to divulge sensitive details about your employment information, total annual income and Social Security number.
We hand over this information without a second thought. But is it safe once we part with it?
Do credit card companies keep my information safe?
First, the good news: As of yet, there hasn’t been a significant data breach in a major credit card company.
According to a report by the US Government Accountability Office, large financial institutions adopt security measures that are “generally more sophisticated and harder to compromise.” Banks and credit card companies know it’s important for them to safeguard customers’ information and money. To that end, they’re constantly updating their security systems to guard against hacks.
However, it’s not impossible for a big financial player to be breached. Financial services giant JP Morgan was hacked in 2014, exposing the sensitive data of 76 million customers. Fortunately, it didn’t appear that passwords, birthdates or Social Security numbers were stolen. But hackers took countless phone numbers, addresses, names and email addresses — information that could be sold on black markets.
Even if your credit card company closely guards your data, there’s the chance that a merchant could lose your credit card information. Your own computer hardware could be hacked, and thieves could steal your credit card information at ATMs.
So it’s not just your bank’s job to keep your information safe. It’s a good idea for you to be vigilant as well.
How to guard against fraud
Credit card fraud doesn’t happen often, but it can be incredibly inconvenient when it strikes. According to payment systems provider ACI Worldwide, 46% of Americans have been victims of credit card fraud. Though financial institutions rarely lose customer data, it’s not out of the question for it to happen.
To protect yourself, implement these safeguards:
- Be selective about who you give information to. Think twice before applying for services from little-known financial institutions. The big players may be more expensive, but they’re better prepared to safeguard your data. According to accounting firm Moss Adams, small banks are easier targets for hackers because they often have fewer resources.
- Monitor your credit card transactions. Credit card providers have robust fraud departments, but you’re your own best defense. Regularly check your card’s transactions and alert your provider if you see anything fishy. It’s easy to get a replacement credit card, and you’ll rarely be on the hook for fraudulent transactions.
- Be wary of unknown callers and phishing emails. Your financial institution will never call you asking for sensitive information. Also be suspicious of unexpected emails that seem to be from your bank or card provider. They may be sent from thieves attempting to steal your information.
- Check your credit reports. Monitoring your credit reports can help you spot identity theft. You can get your report for free every year from AnnualCreditReport.com, which is authorized by the US government.
- Initiate a “security freeze” with the major credit bureaus. If you set a security freeze, a credit bureau can’t release your credit report without your permission. This can stop identity thieves from opening new financial accounts in your name.
Your credit card spending isn’t private
Credit cards are incredibly convenient. The tradeoff for using them, however, is losing your financial anonymity.
This doesn’t mean everyone will know what you spend money on. But your card providers will: They’re regularly slicing and dicing your card use. They can see where you’ve used your card, and they’re constantly evaluating your creditworthiness based on your spending habits.
For example, if you’ve used your card at a casino or at bail-bond shops, your provider may consider you more likely to be in financial trouble. It could mark you as a riskier borrower who might default on payments. To protect its downside, your provider can possibly take preemptive measures, like lowering your credit limit.
Fortunately, your card company isn’t allowed to share your personal information with nonaffiliated third parties. But that doesn’t mean third parties don’t have ways of monitoring your spending. Google, for instance, claims it’s privy to 70% of credit and debit card transactions in the United States through its third-party partnerships.
The implication is clear: If you use credit cards, always assume someone’s monitoring your spending.
Credit card skimmers
Thieves steal credit card information in numerous ways, but one of the prominent is by using credit card skimmers.
Skimmers are small, nearly undetectable devices that criminals fit onto credit card machines to read and record your credit card data. For example, a skimmer can be placed over the card slot on an ATM and steal information from a card’s magstripe.
Credit card skimmers have proliferated in recent years, largely because skimmers have gotten more sophisticated. In the past, the bulkiness of a skimmer would give it away. Now they’re small and sleek, and it’s hard to tell when they’re installed.
How a skimmer works
First, a thief installs a skimmer onto a credit card machine — like a store point-of-sale system or ATM. Typically, fraudsters will plant skimmers where they’re less likely to be caught doing so — outdoor ATMs and gas pumps are prime targets. They may also install hidden cameras or fake keypads to steal customers’ PINs.
After some time, the thieves will return to collect the skimmer. They’ll sell the information they’ve stolen, or even use it themselves.
Is it safe to use your credit card at an ATM?
Whenever you use an ATM, consider the possibility that a skimmer is installed. ATMs inside of a bank are less likely to have been tampered with. But if you’re using an ATM in an outdoor or little-trafficked area, the machine could be compromised.
If you must use an ATM that’s not monitored by cameras or bank personnel, make it a point to check your credit card transaction history for suspicious activity.
How to protect yourself from credit card skimmers
It’s difficult to detect all skimmers you could come across, and they’re only getting more sophisticated. However, you can minimize the risk of losing your credit card data to these devices.
- Use ATMs attached to banks. These machines are more likely to be monitored, and they’re serviced more often than off-brand ATMs.
- Regularly monitor your credit card transactions. You don’t have to wait for your statement before reviewing your transactions. Just sign in to your online account to see what’s charged to your credit card. If you’re vigilant about monitoring your card, you can catch fraud quickly.
- Avoid ATMs that appear to have been tampered with. Especially with off-brand ATMs, don’t use a machine that looks suspicious, rundown or out of place. If buttons are hard to press or graphics are misaligned on the screen, take your card elsewhere.
- Inspect hardware on ATMs. Don’t be afraid to pull at the card slot or test the machine’s keys before your transaction. A skimmer may be glued to a machine, and it could come off if you pull it.
How is your data uploaded onto a tiny plastic card? The answer is your magnetic stripe. Your card’s magstripe contains a bunch of magnetic particles that are magnetized to store data.
When you swipe your card at a terminal, your transaction is sent to an acquiring bank or an acquirer. This is the organization that pays the merchant.
In turn, the acquirer gets paid by sending the transaction through a card network like Visa or Mastercard to an issuing bank — the institution that distributes credit cards to consumers. The issuing bank charges a commission on the transaction and then sends the remaining funds to the acquirer.
Luckily, you don’t have to worry about any of the behind-the-scenes processes. Just swipe your card and you’re done!
Security measures offered by your credit card
We’ve talked considerably about how credit card information can be stolen. Still, a credit card builds in defenses against fraud, and the financial industry is always developing better tools to combat fraudsters.
One of the reasons that card companies monitor your spending is to catch fraud.
Fraud costs banks money. To avoid losses, financial institutions develop technologies that automatically detect inconsistencies in customer spending. Uncovering these anomalies is how card companies catch fraud.
There’s more good news: You most likely won’t be liable if your credit card is used fraudulently. Many banks and card providers — especially large ones like Chase, Bank of America, Visa and Mastercard — offer “zero liability” protection for fraud. That means if your card is lost or stolen, you won’t have to pay anything. Even if you owe money for a fraudulent transaction, federal law mandates that you can only be charged a maximum of $50.
Overall, a credit card is an excellent way to pay because it offers great consumer protections against fraud.
Why your credit card has a chip
Recently, your card provider may have sent you a new card with a shiny chip inside. If so, you’ve received a chip card — also known as an EMV card (EMV stands for Europay, Mastercard and Visa).
A chip card is relatively secure because it encrypts account information differently each time it’s used. In contrast, data is static on a magstripe card, which means it’s easier for criminals to extract. Skimmers are highly effective at collecting data from magstripes, but they’re less adept at foiling chip cards.
Chip cards have been widely adopted around the world, but only now is the United States following suit. The US is mostly adopting chip-and-signature cards, with which you sign your name to verify your identity.
Meanwhile, many other countries are using chip-and-PIN cards, which require you to enter a personal identification number. Chip-and-PIN cards are considered to be more secure, since there’s no signature to forge.
Maybe someday we’ll upgrade to chip-and-PIN cards too. Until then, we at least have a significant upgrade from magstripe cards.
Credit cards and online purchases
E-commerce is growing fast, but consumers still have security concerns about making purchases online. In fact, nearly two-thirds of consumers say online retailers aren’t doing enough to protect credit card and personal information.
The truth of the matter is that a credit card is one of the safest ways to make purchases online. As long as you’re using a trusted website and the online retailer encrypts your data, it’s safe to enter credit card information on the web.
Here are a few precautions you can take to use your credit card safely online:
- Make sure you’re on the right website. It sounds elementary, but you can lose information by submitting credit card details in the wrong place. Take a quick glance at your browser’s URL bar to confirm the web address is correct.
- Only input credit card information if the website URL starts with “https.” This means the data you send will be encrypted. If the website URL starts with “http,” cancel your transaction.
- Use antivirus software on your computer and regularly scan your system. Your credit card data could be stolen by malware like keyloggers and screen recorders. Keep viruses and spyware off of your computer with a reputable antivirus provider like Kaspersky or Norton.
- Don’t place orders on public Wi-Fi. Because public Wi-Fi is unsecured, it’s a prime target for hackers. Only input credit card information online when you’re on your secured home network.
Compare credit cards
Are credit cards still more secure than carrying cash?
With concern about fraud when using a credit card, is cash a better option? There are pros and cons to each — but for safeguarding your money, credit cards has the edge.
Both cards and cash can be stolen, but you’re unlikely to recover cash once it’s gone. On the other hand, you can quickly replace a stolen card. It’s also unlikely that you’ll lose money from a stolen credit card, because you probably won’t have to pay for fraudulent transactions.
For safeguarding your information, cash is the hands-down winner. To get a credit card, you have to submit personal information like your Social Security number and contact details. If your card data is stolen, your information could be sold. Meanwhile, cash transactions can’t be traced to you.
Overall, credit cards are better at safeguarding your money. Just remember that you’ll give up some privacy to use them.
General tips for using your credit card securely
- Carefully examine your monthly card statement. If you don’t recognize any charges, notify your card provider. This is one of the best ways to protect yourself against fraud.
- Sign your card. Merchants are supposed to match your signature to what you sign on your receipt. Merchants don’t always do this, of course, but signing your card can give you important protections from your card provider, such as zero-liability guarantees.
- Be careful with your receipts. Never leave a receipt behind at an ATM or a store counter, and shred them before tossing.
- Carefully examine your monthly card statement. If you don’t recognize a charge, notify your card provider.
- Only give your credit card number over the phone if you’re the one calling. You may need to input your card number if you’re calling customer support, but your bank will never call asking for your card information.
- Know which phone number to call if you have problems with your card. If your card is lost or stolen, have a phone number on hand to cancel the card immediately. The sooner you cancel, the less time a thief has to use your card.
How the government protects consumer privacy
The Federal Trade Commission (FTC) is the primary government agency that protects consumers against fraud and privacy abuses. It sues companies that infringe on consumer privacy or fail to safeguard customer data. For example:
- In 2015, LifeLock agreed to pay $100 million to settle a complaint by the FTC. The FTC found that LifeLock wasn’t adequately protecting users’ personal information.
- In 2014, the FTC charged three companies with deceptively offering free credit scores to consumers and later billing for recurring credit monitoring programs. The companies agreed to refund consumers to the tune of $22 million.
A few federal laws also protect consumers in the financial sector:
- The Gramm-Leach-Bliley Act. Financial institutions must state how they share consumer information, and they must take adequate measures to protect customers’ personal data.
- The Fair Credit Reporting Act. This act brs reporting agencies from giving consumer information to those who don’t have valid need. Consumers are also given the power to opt out of prescreened credit card offers.
- The CAN-SPAM Act. CAN-SPAM rules how companies can collect and use email addresses and phone numbers.
Unlike the Credit CARD Act of 2009, which tackles abusive practices in the credit card industry, there isn’t one overarching piece of legislation governing consumer privacy. However, national privacy legislation is introduced from time to time, and many states have enacted their own privacy laws.
Common questions about credit card security
What should I do if my credit card has been stolen?
Contact your credit card provider immediately and cancel your card. At that time, you can request a replacement card.
Is there a way to use my credit card and keep my transactions completely private?
Unfortunately, no. Your card issuer will monitor your transactions, in part to combat fraud. It’s not ideal for privacy, but it could be a price worth paying for convenience.
What's my PIN?
Your PIN is your personal identification number that validates you as an authorized user of your card. If you forgot your PIN or want to change it, contact your financial institution or card provider.