The convenience and ease of online transactions has drawn a tremendous number of users to online ecommerce storefronts. And during the pandemic, many consumers switched to online purchases in favor of shopping at regular brick and mortar shops — leading to further reliance on credit or debit card transactions over cash to complete purchases. However, purchasing with a card does come with some risks: primarily, consumer fraud and stolen personal information.
In today’s article, I’ll be exploring ways to help mitigate the risk of using a credit or debit card to make purchases online and in regular brick-and-mortar shops.
- Is it safer to use cash?
- Is shopping online dangerous?
- Use a virtual credit card
- Check for credit card skimmers
- Check for compromised data
- What to do after a credit card compromise
Is it safer to use cash over credit cards?
This really depends on the situation. In general, cash is safer than credit cards because it eliminates the risk of credit card skimming or fraudulent purchases.
However, cash isn’t without its downsides. If you lose your cash, it can be extremely difficult or impossible to recover. On the other hand, a lost credit card can easily be reported to the credit card company and a new one reissued.
Additionally, credit cards offer additional protections like fraud protection which is not available for cash transactions. And the majority of web stores will require payment via credit card or some other electronic method, which may exclude users who only operate on a cash basis.
Is shopping online dangerous?
In general, shopping online isn’t entirely dangerous if you take a few simple precautions.
For example, always ensure that the website is secure before you enter your credit card information or personal data on the page. That means checking to make sure a website uses SSL to encrypt data in transit, verifying trust seals, or even scanning a website for malware, skimmers, or blocklisting prior to use.
And if you do need to make a shopper account to complete the transaction, always ensure you use strong and unique passwords for your account. That can help mitigate the risk of an attacker gaining unauthorized access to your purchase history and personal details.
Checking a website for skimmers isn’t always as easy as scanning a website remotely for malware, however. Many skimmers live on the server level, which aren’t going to be easily detected by a remote scan.
So, let’s dive in to some other options you can leverage to make card transactions more secure — both online, and offline.
Use a virtual credit card
Virtual credit cards are disposable digital cards with temporary numbers which you can use while shopping. At a basic level, they’re a credit card number that works for your account but isn’t the same as the one printed on your physical card. They’re designed to mask the number of your actual credit card, protecting your real account number from falling into the hands of bad actors.
You can make a single-use (or burner) card that can only be used once. In fact, you can even make one that has $100 limit so you can be sure you only pay for what you ordered. By limiting the amount that can be charged on a virtual card, there’s no way a vendor (or scammer) can charge you more than the agreed upon price.
There are a few vendors who offer these virtual credit cards — including privacy.com, Revolut, ecoPayz, Capital One Eno and more. You can even opt for a pre-paid debit Mastercard or Visa with re-loadable balances. These cards are great for shopping online, especially when buying something from a not-so-reputable online store.
Check for credit card skimmers at the store
Paying with your card at a brick-and-mortar store can also pose a security risk: your information can be stolen using physical card skimmers.
Card skimmers are devices that are physically attached to a credit card reader (such as an ATM, payment portal, or gas pump) and are designed to capture and steal the credit card information from unsuspecting victims. The skimmer harvests the information stored on the credit card’s magnetic strip when it’s inserted into the card reader. Stolen information can then be used to make fraudulent purchases or withdraw money from the victim’s bank accounts.
Physical credit card skimmers are often difficult to detect. In some cases, shop owners may be entirely unaware that the skimmer has been placed on their payment portal and collecting customer data. These devices can cause serious financial harm to individuals, as it allows the bad actor to obtain card information and PIN numbers to clone cards and make fraudulent payments.
How to detect physical card skimmers
You can detect skimmers by pulling on the top of the card reader to see if it comes apart. This is a very low tech solution, but there’s no other simple way to detect physical skimmers.. Until perhaps your card has been stolen and your bank sends you a fraud alert.
Check if your data has been compromised
I always recommend performing regular checks to see if your data has been compromised. If your data has been compromised during a data breach, your personal information could be at higher risk of being used for fraudulent purposes.
Cybercriminals and hackers often target data breaches for popular websites with large userbases to gain access to sensitive information. By checking to see if your data has been compromised, you can take steps to change your passwords, monitor your bank accounts for suspicious activity, and place fraud alerts on your credit card.
There are a large number of services that offer this, some paid and some free — but it’s always a good idea to check if your data was leaked. One website you can use is: https://haveibeenpwned.com
What to do after credit card compromise
If your credit card has already been compromised and you’ve received a fraud alert for your account, there are a couple of things you’ll want to do:
- Change all passwords. This is especially important if you’ve been reusing passwords on multiple platforms.
- Check to see what data was stolen. If credit card data was stolen, then you’ll need to freeze your credit card as soon as possible. Next, notify your bank that your card has been stolen, and order a replacement. Also, check recent transactions and dispute anything that you don’t recognize. File a police report if needed, as it might be easier to dispute charges if you can provide a police report.
- Get a credit monitoring service. In some cases, the compromised vendor will provide that service to you for free because of the breach they suffered. Credit monitoring will allow you to see if any new cards have been opened under your name. It will also help you identify if any other lines of credit have been fraudulently opened under your name.
- Update your card information on other services. Once you’ve reported your card stolen, the bank will issue a new one with a different number. You’ll need to go back and update your billing information with other vendors, so you don’t miss a payment.
- Setup alerts in your bank accounts for large transactions.This can help quickly notify you of any suspicious or unusual charges. I usually go with alerts for anything over $100 and set up alerts for both email and SMS.
This list isn’t comprehensive, however. Be sure to reach out to your credit card provider for additional steps and recommendations.
When paying at a gas station or physical store, try using a credit card rather than a debit card. This way, you can dispute charges if your card ends up getting skimmed. Always pay with the touchless option or insert your chip card into the reader — don’t slide the card if you have a choice. And when shopping online, use a virtual card to help mitigate risk and protect your actual credit card number.
If you happen to own an ecommerce webstore, the responsibility lies on you (the website owner) to protect your shoppers from threats. Learn more about ecommerce website security in our PCI compliance guide or check out our email course on how to secure your online store.