Wanna hear something crazy?
There are 10 trillion possible combinations of credit card numbers out in the universe, and card issuers are only using about 65 million of them.
With odds like that, the statistical likelihood that a criminal will chance upon a valid account number — and then upon your account number — is very low.
But that doesn’t mean you’re out of the woods.
Far from it: Data breaches, identity theft, and credit card fraud have all become more common in recent years. With most of us living our lives online, you shouldn’t expect that to change.
In light of these problems, you need to learn how to protect yourself. Here’s what you need to know about credit card security — and how to make sure your cards stay safe.
Common Credit Card Security Features
Nearly all credit cards come with security features.
- The basics: All cards used by American shoppers have a signature panel, expiration date, magnetic strip, and unique account number.
- Signature panel: Believe it or not, credit cards must be signed according to credit card issuer terms. Merchants can refuse to accept cards if the signature box is empty, or if it has the words “See I.D.”
- Security code: This three-digit code on the back of the credit card (or, for American Express, four-digit code on the front) is required for processing any “card not present” transactions. It’s also known as a CVV — “card verification value.”
- Chip cards (EMV cards): Unlike cards with only magnetic stripes, chip cards encrypt information at each transaction, making fraud much more difficult.
- Holographs: These come standard on most credit cards and are unique to the card network.
- Usage monitoring: If you make an abnormal purchase — such as for a large amount or in a different location than usual — your issuer may flag the card and take steps to verify the purchase was authentic.
Some credit cards also come with additional security features:
- Photos: Some cards will add your photo to a credit card upon request. But, thanks to online shopping and point-of-sale keypads, photo cards don’t provide as much security as you’d hope.
- Temporary purchase numbers: Some credit card issuers allow you to generate single-use card numbers for online purchases. That way, it doesn’t matter if your card number is compromised, since you’ll never use it again.
- Virtual credit card numbers: Certain credit card issuers provide virtual credit card numbers. These are digital versions of your physical card. They’re often provided to prevent fraud and identity theft while shopping online or over the phone. If anything happens to your virtual card, you can delete it and get a new one.
6 Credit Card Security Don’ts
Despite all those security features, you can never be too careful with your credit card number.
Here are six tips for keeping your card safe.
Don’t use debit cards
To put it simply, debit cards don’t offer the same fraud protections that credit cards do. If a thief steals and uses your debit card without your permission, you could be held personally liable for up to $500 or more in unauthorized charges (unless you report the fraud within two business days).
With debit cards, your personal money is on the line for fraudulent transactions. With credit cards, it’s the card issuer’s money. Report unauthorized credit card charges within 60 days and you’ll have zero liability with most card issuers.
It may also be harder to get refunds in cases of debit card fraud — and the associated delays can result in missed bills and added stress.
Don’t make transactions on open networks
When there’s no password required to access a WiFi network, unencrypted data can be visible to any computer nearby. These other computers may be able to intercept information you’re transmitting and receiving from websites that don’t have “https” in the URL.
That means you could be sending your credit card number or other personal information right into the waiting hands of an identity thief.
Bottom line: Never enter your credit card number when using unsecured public WiFi networks if you’re not sure that the website uses SSL.
Don’t share your number with unverified representatives
“Hello, this is American Express calling. Would you mind verifying your credit card number?”
Identity thieves often call and claim to be from an organization you trust — a fire department that’s conducting a fundraiser, a utility company that’s about to shut off your electricity, an administrator of a contest you’ve won — to trick you into giving them your credit card number.
You should also be careful about clicking any links in emails where the sender’s email address looks suspicious. “Phishing” is another form of fraud that’s common online. With phishing scams, criminals may send emails pretending to be your bank or credit card issuer.
These emails may ask for personal information or may provide you with a phony (but realistic-looking) link in an effort to steal your login credentials.
Just remember: If you didn’t initiate the phone call or email, don’t give out your card number.
To check if the request is legitimate, contact the organization via its published phone number or secure messaging system. You may also want to develop the habit of visiting bank and card issuer’s websites directly, not via links provided in emails, out of an abundance of caution.
Don’t email your card number
Some email hackers employ search tools that scan for strings of numbers likely to be credit card accounts.
Any time you write or type your credit card number and give it to someone in an unsecured, unencrypted manner (including on a piece of paper), you increase your risk of exposure.
Some businesses, including vacation home websites, ask to hold your credit card number as a sort of deposit or guarantee. While not unusual, this isn’t very safe — and you should seek alternatives.
Don’t share your card number where others can hear
Many legitimate financial transactions are conducted on the telephone and may require you to verbally give your credit card number and other personal information.
If you recite that information out loud, anyone in earshot will be able to use it. It’s best to avoid making these calls in public places.
Don’t post photos of your credit card
While it may seem obvious, never post photos of your card online. When it comes to pictures, some people feel safe when they cover the first eight digits of their card. Others obscure the last eight. In either case, it’s a bad idea.
If you have a legitimate reason for posting a photo of your credit or debit card (which you probably don’t), obscure all the numbers. At the very least, cover the last ten digits, which are unique to your account.
5 Ways to Improve Credit Card Security
We just covered a whole lot of what not to do when it comes to improving your credit card security. Now, here’s what you should do to help keep your credit card safe.
Manage your passwords and accounts carefully
- Make secure, unique passwords: Use a password manager to generate and manage passwords for every online account you create.
- Change your passwords regularly: In addition to creating unique passwords, it’s also wise to change them regularly.
- Log out after every transaction: Be sure to log out of all online accounts — especially if you’re using a computer accessible by others.
- Disable autofill: Web browsers will often store your credit card information for you. If you want to be extra cautious, don’t use this feature.
- Look for “https”: Before submitting your card information online, make sure the website’s address starts with “https://” rather than just “http://”. The “s” stands for secure, and it means information you submit through forms is encrypted.
Sign up for additional protections
Some credit card networks and issuers offer additional protections to online shoppers. You can sign up for Mastercard Secure Code, for example, which will ask you for a six-digit code when you make a purchase.
Similar programs include Visa Secure and Amex SafeKey, neither of which require registration. They work behind the scenes while you shop, occasionally asking you to provide verification for suspicious transactions. Sometimes verification is as simple as replying to a text message.
You can also use payment gateways, like PayPal or Apple Pay, to provide an additional barrier between yourself and online merchants.
Review your credit card transactions
You don’t have to wait for your monthly statement to review your credit card activity. Be proactive and log into your account once a week to check for any fraudulent charges.
Even small, suspicious charges shouldn’t be ignored. While an unrecognized charge of $1 may seem insignificant, it’s worth looking into. Credit card thieves commonly charge a series of small purchases to see if a card is still active and available for use. If a crook determines your credit card is “live,” then some larger fraudulent purchases may follow.
Credit card fraudsters also use devices called “skimmers” to collect card data at ATMs and automated gas pumps. Skimmers fit over the card slot or PIN pad, and look much like the normal machine. Since they’re hard to detect, it’s important to monitor your bills for suspicious activity.
Review your credit reports
Unauthorized credit card charges won’t show up on your credit reports. But fraudulent accounts and unauthorized credit applications may.
You should pull your credit reports once a year to make sure they look correct. Quarterly credit checks are recommended, but once a month wouldn’t be considered overkill if you want to add them to your routine.
You could also sign up for a credit monitoring service that alerts you to any suspicious activity on your reports with Equifax®, TransUnion®, or Experian™.
Shred your documents
Instead of tossing bills, pre-approved credit offers, and other financial statements in the recycling bin, put them through a paper shredder first. These documents may be full of sensitive, personal information that you don’t want to fall into the wrong hands.
Some identity thieves use low-tech methods to steal information, like dumpster diving. Identity thieves could use the information on unshredded financial documents to open accounts in your name, order “replacement” credit cards, and more.
Once a scammer has your info, it’s time-consuming and stressful to recover. Since paper shredders cost around $30, we’d say they’re well worth the increased security.
Which Bank Offers the Best Credit Card Security?
No credit card’s security is appreciably better than any other.
The best credit cards all offer strong security measures. As long as you take proper precautions, you should be good to go.
Just remember, no security feature can substitute for user caution, vigilance, and frequent self-monitoring.