Protect Your Credit Card Online

One of the simplest, but most important steps you can take to protect yourself online is never click on a link in an Email that claims to be from your bank or other credit card issuer like a department store, airline, or other company that offers branded cards. One of the oldest and most common online scams is called "phishing", which is when a thief sends out thousands of Emails that look like they came from a bank, but really send you to a malicious website that will either try to fool you into giving away your log-in user name and password, or installs malware on your computer. These Emails usually warn you that something terrible will happen unless you log into your account immediately, and conveniently include several links to help you, but all of them lead to a trap. Whenever you get such a warning message, you should either call your bank or log-in to your account by entering the website address into your browser manually. This simple step will let you avoid 90% of online credit card fraud problems without risk.

Some thieves still rely on old-fashioned fraud techniques and call you directly to warn you about a problem with your account. Just like Email, you cannot trust anyone who calls you by phone and claims to be your bank. If you get such a telephone call, write down whatever the caller claims as the problem, then immediately hang up, call the bank yourself and ask for customer service. If there is a real problem, you'll be able to handle it safely if you initiate the call yourself.

When Should You Use a Credit Card or a Debit Card

As a consumer, you need to know that Federal law limits your liability for credit card fraud to $50.00 as long as you follow the reporting requirements. But the legal protections for debit cards are much stricter as to how soon you must report the problem, and you could lose $500.00 or more. I suspect that I'm no different than most people in choosing when to use one card or the other. I tend to use my debit card for routine purchases because the money comes right out of my checking account, and use a credit card when I want to finance a purchase over time. If you're more disciplined about paying your bills than I am, then you might consider using a specific credit card that you dedicate to such routine purchases with the intention of paying the full balance at the end of each month. That way you get the most fraud protection with little inconvenience. The only downside is when it comes to quick access to cash. While you can get cash from an ATM with a credit card, the transaction fees will likely be higher and, of course, there are potential finance charges involved as well.

When it comes to your credit cards, you can dispute any charge on your account before you actually lose any money, and the charge will often be removed from your account within a matter of days after you report it. But if a thief gains access to your debit card, he can empty your checking account in a matter of days or even hours, and it can take months to get any kind of reimbursement from your bank. Therefore, it behooves you (as my father would say) to take extraordinary care to guard your debit card and the security information required to use it. This also means you need the information on where and how to report a problem available at a moment's notice. You'll find this information in your monthly statement, but you have to look up your bank's usage agreement online to find the details of your card issuer's reporting requirements.

It's commonly recommended that you should only use your debit cards in familiar places like your bank or large store chains. It's safest to avoid using ATMs anywhere other than at your bank. Thieves will often attach card skimmers or video cameras to ATMs in unsecure locations in order to steal card numbers and PINs. So anytime you do use an ATM, you should look for unusual attachments or protruberances and be prepared to walk away if you see anything suspicious. If the ATM fails to complete your transaction normally, it's a possible indication that someone has tampered with the machine, and you should call your bank as soon as possible to make sure that they're aware of the situation and that you're protected in case your card data is stolen.

Guarding Your Credit & Debit Cards

The first thing you need to do is to take a step in the "ounce of prevention" category, and organize your credit and debit card information. Gather all of your bank and debit card account numbers, PINs and passwords, and the contact information for the associated banks, credit unions, and credit card companies (as well as the reporting requirements for each one) so that you can report the problem immediately if your information is stolen. The sooner you let the card issuer know about the situation, the more you will reduce the damage and potential financial losses, and hopefully reduce the time and effort required to rectify the matter. But do not record your PIN numbers or the CVV security numbers from your cards in the same place you record this information. You want to record those critical security keys separately so that no single file or document will give thieves everything they need in order to steal your account or your identity.

I keep my credit card information in a plain text file on a USB thumb drive (a.k.a. "memory stick") because it's easy to find in a hurry and because, well, I'm stone cold lazy. While I have great confidence in the security steps I've taken to protect my computer, I know that there are no guarantees. So the fact that the thumb drive is only connected to my computer when I'm actually using it makes it that much more secure from theives and hackers. A re-writeable CD or DVD would serve just as well. You might choose to write the information down on paper and store that document in a safe place; like an actual home safe. But you should never store your passwords in clear text on your computer or your cell phone. And if you're going to adopt this practice, for heaven's sake don't name the file "bank_accounts.txt" or "passwords.txt". Use something obscure and innocuous like the name of your high school athletic team ("Go Islanders!") or the name of your pet iguana.

To create my passwords, I start with mnemonics. A mnemonic is a method of helping you to remember something like a word or phrase. I follow the sage advice of not using the same password for everything I do online. I have a handful of such password combinations that I know well because I chose them to be easy for me to remember, and the keys consist of some specific words or phrases that I associate with their use. For example, the phrases "first pet name" and "home room number" might remind you of a word and number combination that you used for a password. But it would be very difficult for anyone else but me to turn those phrases into the actual password. So I use those mnemonic phrases in this text file to keep the information (at least a little) safer, but still handy in an emergency. Then I throw in some capitalization and punctuation here and there just to add some difficulty for anyone trying to use a dictionary attack. If your online life is more complex than mine (mine is embarassingly simple), you might also consider an automated password generator or manager, that is, a program that creates and remembers passwords for each use.

The second step in protecting yourself is to examine your credit card and checking account statements every month. Credit card theft is like cancer: early detection is crucial in determining the speed and extent of your recovery. Examine each charge to see if you recognize the place of purchase and the amount paid. Fraudulent purchases aren't always large, expensive items like jewelry or electronics that you'd spot in a second. Look for anything out of the ordinary, like purchases from gasoline stations, restaurants, or convenience stores far from where you live. Theives often use cards in those places because they tend to have little in the way of on-site security measures when it comes to credit card purchases. In addition, the crooks will sometimes use small purchases to test that a card they've stolen actually works.

Many credit card accounts let you sign up for Email notifications of each purchase, so you don't have to wait for your statement to arrive in the mail before you can discover your card information has been stolen. Many credit card companies also offer free account monitoring for unusual purchases or allow you to set limits on the amounts of individual purchases. Take advantage of such free security services whenever you can. Commercial services like "LifeLock" can be worthwhile if you have a large number of cards, or if you think you may be particularly vulnerable to identity theft or credit card fraud. I've often thought that people who give credit cards to their kids for use in emergencies would be good candidates for such services.

You should also periodically monitor your credit report in order to detect credit cards taken out in your name without your knowledge. You can order a free credit report every 12 months from the major credit reporting agencies - Equifax, Experian, and TransUnion as well as from the official U.S. Government-sanctioned website annualcreditreport.com.

The third step is to be aware of the physical security of your cards. It's best to only carry the cards you need. That way if your purse or wallet is lost or stolen, you only have to report those few cards and you'll still have other cards that you can use until you resolve the situation. So leave the store-sponsored credit cards at home except on days you plan to shop at those specific locations.


Ultimately, you are your best defense against credit card theft. It takes vigilence and patience to maintain control over your finances, and the rewards don't become tangible until you're in jeopardy. Credit and debit cards give us enormous convenience, but it comes with risks and responsibilties. So investing the time and effort needed to stay as safe as possible is up to you. For more information, see my article on identity theft.