Ask Slashdot: How Can You Keep Your Credit Card Numbers from Being Stolen? 225
Long-time Slashdot reader olddoc and his wife have three frequently-used credit cards, stored at many online businesses for easy checkout.
"In the past 6 months we have received fraud notices from the card companies three times." Typically there is a $1 charge in a far away location. Once there was a charge for thousands of dollars at a bar. The card companies seem to pick up the fact that they are fraudulent even though once it was described as "chip present".
What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?
The original submission acknowledges that "We have never lost money to fraud, just time." But is the problem storing the card numbers with online businesses? Long-time Slashdot reader Z00L00K argues "Never ever do this. Never ever have your card stored at an online business even if it's more inconvenient to enter it every time. You NEVER know how your number is stored, it can be stored in a database that's not secure enough or it can be stored in an encrypted cookie on your computer in which case that cookie might be read and decrypted by just about any web site out there if they have figured out how to access cookies for another site. There are a lot of ways that your card details can leak."
That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?
Share your own thoughts in the comments. How can you keep your credit card numbers from being stolen?
"In the past 6 months we have received fraud notices from the card companies three times." Typically there is a $1 charge in a far away location. Once there was a charge for thousands of dollars at a bar. The card companies seem to pick up the fact that they are fraudulent even though once it was described as "chip present".
What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?
The original submission acknowledges that "We have never lost money to fraud, just time." But is the problem storing the card numbers with online businesses? Long-time Slashdot reader Z00L00K argues "Never ever do this. Never ever have your card stored at an online business even if it's more inconvenient to enter it every time. You NEVER know how your number is stored, it can be stored in a database that's not secure enough or it can be stored in an encrypted cookie on your computer in which case that cookie might be read and decrypted by just about any web site out there if they have figured out how to access cookies for another site. There are a lot of ways that your card details can leak."
That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?
Share your own thoughts in the comments. How can you keep your credit card numbers from being stolen?
The bank knows⦠(Score:5, Informative)
Re: (Score:2)
Yeah. Alternatively, for true security of purchases online, move to Europe and patronize European online stores where they implement credit card verifications a little more evolved than "Enter your CC number and expiry date here".
Re: The bank knows⦠(Score:3)
In the US the merchants are afraid they will loose business if the force SCA, so the only real way is through legislation, because then everyone has to p
Re: (Score:2)
Yep that works pretty well. I have my bank app installed on the phone so whenever there's a CC transaction, I get a notification pushed that I can verify with a pin or fingerprint.
So... hopefully your phone, its internet connection and the bank app all work properly otherwise you're not getting your pizza or whatever.
Re: (Score:3)
So... hopefully your phone, its internet connection and the bank app all work properly otherwise you're not getting your pizza or whatever.
That's the part that stops me using a smartphone phone for payments. Flat battery, no phone signal, bad updates etc are all common enough for me that a physical wallet with cash and cards has proven more reliable. I can drop it, I can get it wet, I can sit on it, and it will continue to work.
Re: (Score:2)
they can (and should) reject those oddball charges
Banks don't automatically reject anything that isn't directly linked to an ongoing fraud chain. That was the entire point of the OP's post. It takes time and is annoying to deal with the bank's fraud detection.
Re:The bank knows (Score:2)
Re: (Score:2)
You understand the difference between money and a number on a bill, no? NOT AT ALL?
Why are the simplest things so well beyond you.
Use virtual numbers (Score:5, Informative)
And the one I like the most for now is the X1 credit card, which is free and comes with virtual numbers. Just use one for each business, subbscription, etc, and cancel as needed.
Re:Use virtual numbers (Score:4, Informative)
Relatedly, you can use Apple Pay* or similar services. Rather than transmitting a credit card number of any sort to the vendor in the first place, the service generates a single-use token that is only capable of being used for the transaction in question (or transactions, in the case of recurring charges), by the vendor in question. Moreover, these tokens, at least by default, neither contain nor are automatically associated with any identifying info such as your card number, name, ZIP, or anything else that can be used to identify you across transactions.
The benefit of this approach over something like privacy.com is that it provides all of the same security benefits (and more [apple.com]), allows you to accumulate your credit card’s rewards or cash back, works both online and in-person, and it’s entirely automatic (i.e. you don’t need to request it in advance, you just hold your device to a POS reader or click a button in your web browser then type in your device passcode). You never need to manage or enter virtual numbers, you aren’t limited in terms of how many numbers you can use, and when last I checked a year or two ago, Citi’s virtual card generator was still using Flash, which this system definitely isn’t. The downside is that online support can be fairly hit-or-miss, and at least with Apple Pay you sometimes need to be using Safari or a native app before you’ll even be presented with the option to use it (after all, sites don’t want to show an inapplicable payment option to everyone else).
* Not to be confused with the Apple Card. Apple Pay is a way of using pretty much any card for in-person or online payments. Apple Card is Apple’s take on a credit card. It too has a number of nice security features (e.g. your card’s number isn’t printed on the card and you can reset it at any time), but it’s a wholly unrelated product, other than that you can choose to use it in Apple Pay if you want. Apple Pay is a way of using your existing card’s in a much more secure, privacy-centric manner
Re: (Score:2)
Re: (Score:2)
There's some services that will give you disposable credit card numbers. privacy.com is one. Citibank also has virtual numbers.
And the one I like the most for now is the X1 credit card, which is free and comes with virtual numbers. Just use one for each business, subscription, etc, and cancel as needed.
I have been doing all online transactions via virtual/temporary cards for the past ~20 years.
During that time, I have twice had a CC company drop the service, so I had to scramble to find a replacement.
I currently have CC's from Citibank and CapitalOne which both support it, so if one drops it, I have a backup.
minimise exposure, use 2FA (Score:2)
Re: (Score:2)
You mean Amazon - the single biggest target for hackers.
At a minimum, don't let sites save the info (Score:3)
If you're using a decent password manager - as you should be anyway - it will also save credit card info for you. Bitwarden does this, and can fill out most web sites' credit card fields at the click of a button. On the few sites where it doesn't work automatically, it's just a click to copy the # and a click to paste it. Easy peasy.
Re: (Score:3)
Re:At a minimum, don't let sites save the info (Score:5, Insightful)
Re: (Score:2)
How is a password manager more secure than a corporation, when it comes to saving credit card info? There are strict regulations governing how vendors can save credit card information, and the vendors are subject to steep fines if they fail to comply. https://www.findlaw.com/smallb... [findlaw.com] Password managers have no such incentives.
The reality is, there is NO way to have total confidence that your password won't be stolen.
Re: (Score:2)
How is a password manager more secure than a corporation, when it comes to saving credit card info? There are strict regulations governing how vendors can save credit card information, and the vendors are subject to steep fines if they fail to comply.
PCI applies to transfer of card info not just storage. It applies even if card is never written to disk. PCI applies when referencing a third party to accept cards on your behalf where card never at any point even touch your systems.
A small minority of systems (if any) are actually PCI compliant. Compliance isn't really the issue its limiting liability and scope. Even if you are fully compliant and get breached the money changers lawyers still come after you for damages.
Use multiple virtual cards (Score:3)
There are services that allow you to create virtual cards that have spending limits and even limits on who can bill you through them and that are easy to close.
Though you still have to use real cards when going physically to the store and shop systems have been compromised ore than once, but the problem is a lot less, so call the multiple virtual cards with limits a 99% solution.
Re: (Score:2)
Re: (Score:2)
...Capital One allows you to generate many virtual numbers (dozens? indefinite? infinite?) with some of their cards at no cost.
So, with practically eliminating the problem of credit card theft, I'm sure that Capital One is now beating the shit out of every other bank with lower interest rates and fees for their services, right?
Wait, they're not? And they're still claiming credit losses every year? Color me shocked...
That "Asking For a Friend" moment.. (Score:2)
"...That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?"
Oh, I'm sorry, were you asking for a friend, a thief, or both? Sorry, question struck me as rather odd, as if we are supposed to come up with "better" ways to steal.
And yeah, there probably is a better way to steal money rather than target the same "range" of (closed/audited/monitored) accounts. I mean, how many times do you expect to rob the same bank before they..fuck, are criminals really this dumb, or are we just talking about areas of the country where they have practically legalized theft? Asking
Summary of the comments so far... (Score:3)
Re: (Score:2)
You can't & it's not your responsibility to either. It's the banks' responsibility.
Actually, you cannot because anytime you "pay" using credit card, you have to hand over the entire secret needed to incur debt with.
Nope. My bank sends me an SMS with a one-time code that I have to hand over to authorize the payment.
If your bank doesn't do that then get a better bank.
Re: (Score:2)
The one saving grace is that it's very easy to dispute charges, but of course that deprives the defrauded merchant, driving up prices and/or bankrupcy rates. No skin off the credit card company's nose.
This is not, in general, true. Liability is split between the issuing bank and the merchant, depending on the risk level of the transaction (card present/not present being a big factor but not the only one), the merchant's history of chargebacks, the amount of the transaction, etc. The details will be somewhat unique to the situation, but it is definitely incorrect to make a blanket statement that the merchant carries the bag on this. Remember that the bank makes money on those sweet sweet discount fees; it
Only use visa and mastercard gift cards (Score:3)
Re: (Score:3)
On all the porno and illegal streaming websites that you must be frequenting.
Who the hell actually pays for porn or illegal streaming? You obviously don't know your way around the internet.
you cant (Score:2)
your card will get skimmed at some point. Happens to the best of us.
Unpopular opinion (Score:5, Informative)
You can pay with your credit card through Paypal. Then you don't have to send your credit card info to the website at all. If you stay logged in to Paypal, then you don't have to type in your password and risk some kind of phishing attack.
Paypal will steal money if you leave it in an account with them, but they do ok at being a payment go-between.
Re: (Score:2)
Not everywhere accepts paypal, but yes, if it's available then use it.
Re: (Score:3)
Yeah and if something goes wrong, good luck getting PayPal to work with you to resolve your problem!
I've been there. Somebody once sent me a PayPal payment, and added an extra . to my email address. The email got to me, but the money wasn't there in my PayPal account, because the email address was not in my profile. Calls to their customer service went nowhere. "Sorry, we can't help you." I finally got my money by adding that modified email address to my account. But PayPal was NO help.
Banks are better regu
Re: (Score:2)
Re: (Score:2)
PayPal absolutely sucks, when it comes to resolving disputes. "Sorry, we can't help you." I've been there.
Use Amazon and Paypal? (Score:3)
Yea, I know it's might sound like a protection racket, get protected by the biggest bully so the small ones don't touch you. Frankly the smaller shops didn't make it easier on themselves too. If somewhere around 2001 you could just order from anywhere, just pick the smallest price and you'll get the thing later things changed, by the time the iPhone arrived (2006+) going for the cheapest was guaranteed to be a disaster, even if never straight fraud (very often they just wouldn't charge you but you also won't get any goods). So by now I need to stick with like personal top-5 shops otherwise I'll just waste too much time going back and forth with others.
Other than that I haven't had to enter the credit card mostly anywhere else for years probably. And when it's needed anyway it's usually for some large organization that doesn't take PayPal, like utility company or some motorway toll stickers or similar. No issues yet but just to be extra careful I'm using one-time credit card numbers from Revolut which are just "burned" as soon as they're used (for sure there are many similar ones).
Also this for sure isn't happening, even if it's thrown around casually it needs CATASTROPHIC security failures on many levels:
Sites aren't storing the credit card in cookies, even more so in cookies somehow encrypted ... but that can be decrypted by anyone and most importantly if they have figured out how to access cookies for another site is a HUGE security hole, it would mean that any random ad could take over ALL the accounts you use in the browser, from Slashdot to Paypal, Gmail (or anything Google from Photos to Drive), Facebook, Dropbox, heck even your credit card online account if you're logged into it.
Re: (Score:2)
The smaller shops won't process your card number directly, they will pass off the payment process to a third party payment processor.
Re: (Score:2)
Sure, but I won't start maintaining some list of trustworthy (or not) processors (complicated by the fact that I often shop online internationally, for virtual goods or not). If they don't take Paypal I think if I really want to shop there, if yes I use a one-time card from Revolut - also it's prepaid (so you can have there just the small amount you want to spend) and beside that you can put spend-limits per card (there's ton of FinTech that does one-time card numbers and similar).
This may trigger some people but... (Score:3)
Store the credit card in your browser? I know it's not a perfect solution but Chrome and Firefox both support credit card autofill. I trust Google and Mozilla a fuckton more to keep credit card data safe than some random schmo's online store.
There are too many bad security practices out there so it helps to consolidate your risk in as few places as possible, even if that does open you to potential problems from those few places.
Re: (Score:2)
Stored (Score:2)
Never ever have your card stored at an online business even if it's more inconvenient to enter it every time.
Note that in order to not have your card stored, you should never use it, since the business will need to store it to record and process each transaction.
If you are so worried, then never buy something from a suspicious site using a credit card.
How much of a problem is it? (Score:2)
It would be interesting to know how much of a problem this really is.
"We have never lost money to fraud, just time" tells you basically that it's rather pointless, unless your solution doesn't waste more time by itself. So PayPal is fine (it usually saves time on checkout), but multiple virtual cards, or entering your details again and again, or anything else that requires extra work, could end up costing you more.
Reminds me of a colleague of mine who once took self defence classes and ended up leaving them
Here are the steps I take (Score:3)
2 - My bank (I'm in the UK) supports 2FA whereby they send a one time PIN via SMS when I make a larger transaction.
3 - I have two bank accounts. A main one where my salary goes and a smaller one to which I transfer regular amounts of money. I use the debit card from the smaller one for most physical transactions and all on-line ones.
4 - My cards had a three digit Card Security Code printed on the back which is required for all "customer not present" transactions. I scraped these off and keep them separate thus defeating eagle eyed shop assistants and waitresses.
5 - The bank allows me to disable various functionality on my card via on-line banking. I have switched off overseas transactions. Obviously I will need to remember to log on and re-activate it if I ever go abroad again!
6 - If a web site offers me the option to retain the card number for future transactions then usually I decline.
7 - Some UK merchants (mostly smaller ones admittedly) allow payment via bank transfer. You click "Checkout" and they send you an email with their bank details, an order number and the total due. I log into my bank and make a transfer using the order number as a reference. I then get another email saying that my order is being processed. The downside of this scheme is that you don't get all the protections which the banks provide for debit card fraud so I only use this scheme with suppliers I know are real (perhaps because a friend has used them) and for modest amounts of money.
Re:Here are the steps I take (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
At the end of the day I suppose that my avoidance of credit cards is a personal thing in that I really don't like being in debt to anyone
Re:Here are the steps I take (Score:4, Informative)
Your first point is actually counter-productive. A debit card has all the security drawbacks of a credit card, PLUS you are out the money until an issue is resolved. With a credit card, the bank is out the money until the problem is resolved. This makes the bank much more motivated to do so quickly.
Re: (Score:3)
For online purchases I use a VISA debit card linked to a second bank account kept at zero balance until I do a transaction, and at that point I transfer into the account from my main account the exact amount required. As online transfers are instant at the same bank, there is never any money exposed to fraud. Ive never had a problem with this system. Its easy and quick.
Spyware on your own devices? (Score:4, Insightful)
Having the same problem 3 times in the last 6 months is suspicious, I wonder why the rest didn't ask for the obvious: maybe the thief is in the house? Are you sure your computer devices and network aren't bugged? Maybe it's time to run a good AV scan on everything and roll all your passwords? I mean, if that was happening to me, I'd check this lead first, before wondering about anything else. Even if we are computer professionals, does not mean we never run into security issues.
Single use cards (Score:2)
Some of the banks will let you generate single use card numbers from their online banking. I generally use these for online shopping, it's slightly inconvenient but it does mean the card number is totally useless if it gets stolen, and also means the retailer can't charge you a larger amount later.
Have a card without a PIN (Score:2)
In Europe credit cards have a "chip & PIN", when buying in a shop you enter the PIN into a machine to validate the transaction. I have a card like that. Note that the PIN is different from the 3 digit CVV on the back of the card.
For Internet purchases I use another card. It has a low credit limit to reduce the maximum that could be stolen. I have told my bank that I do not want a PIN for the card. This means that the card cannot be used for a purchase in a shop, the banks have agreed. This does not elim
Re: (Score:2)
At least in Europe cards are not stored by retailers - card tokens are. And tokens can only be used by same retailer - they will not work it different merchant ID. It is actually so secure that tokens are considered non-sensitive. I've emailed a spreadsheet full of them to payment provider once.
Also majority of retailers use hosted payment pages - they redirect you to payment provided page or use iframe and they cannot even see your card info. They only get back bunch of codes and token (if requested and pa
Easy solution (Score:2)
I solved the primary problem with a second checking account with my bank. I call that card my "bill paying card" and it is used to pay my monthly bills, and NOTHING else. So my electric bill, gas, car insurance, etc are setup to take from that account, and I never use that card for anything else. In fact, I don't even keep that card in my wallet. It stays home so that if I lose my wallet, it is stolen, I am mugged, etc the card is still safe.
Anything else I ever buy, be it Walmart shopping, getting gas,
Re: (Score:2)
I solved the primary problem with a second checking account with my bank [..] So my electric bill, gas, car insurance, etc are setup to take from that account, and I never use that card for anything else.
Right. I have about six credit cards and six bank accounts (with some but not complete overlap). I use two different CCs for on-line purchases, distinguishing between regularly used merchants (ie some trust extablished) and one-time merchants (ones I don't know from Adam). Another one I use for certain on-line regular bills, and I carry three around with me (because sometimes they don't work). My American Express card is in reserve, used one a year to keep it alive, ready to step in if I need to cancel o
No choice in how credit cards are stored (Score:2)
Never ever have your card stored at an online business even if it's more inconvenient to enter it every time.
While I always make it a note to check the "don't save this credit card" option whenever present, the truth is merchants keep our data whether we like it or not. Case-in-point: Two years ago, I went to return something to my local Walmart. They asked me if I had the receipt, and I said no, They said, "No problem. Do you have the card that was used for purchase?" I said yes, and proceeded to lear
Re: (Score:2)
(Maybe I'm being overly paranoid, and it's not the exact number that's stored but rather a hash. Personally, it makes no difference to me.
There is no difference between storing a hash and storing a card number. Cards have insufficient entropy for it to make any difference.
PayPal was invented for exactly this reason (Score:3)
So use it.
Re: (Score:2)
PayPal does NOT resolve disputes in a timely manner, if at all. I've been there.
Make the bank explain WHY and WHAT was done. (Score:2)
Signs of idiocracy... (Score:2)
... anyone with basic knowledge regarding PC's knows nothing is private on the internet. So that means never allowing stores to store your CC number.
The other issue is you having been backed/trojaned and not being aware of it or your kids having used your CC without your knowledge on some website where they stored it.
It really shouldn't be difficult to prevent your CC # from being stolen unless you are an idiot. Barring a business paymente system being hacked that allows criminals clone your card #.
Re: (Score:3)
It really shouldn't be difficult to prevent your CC # from being stolen unless you are an idiot.
Explain how one of my debit cards, never used online or in person, buried inside financial documents in a filing cabinet, got stolen not too long ago...
You cannot (Score:2)
Too many vendors and companies have poor handling of personal information, including but not limited to credit cards and debit cards. It's not possible to ensure that all of them handle your information securely, so absolute security is impossible.
It is possible to reduce the risk. Some steps include not linking _any_ real currency accounts to any cryptocurrency transactions, there have been far too many frauds and thefts among the cryptocurrency exchanges.
Use PayPal? (Score:2)
At least online, I use PayPal everywhere I can. I authorize merchants to be paid exactly what I allow them to be paid, and no more. I give my credentials to one company, not hundreds.
It makes about 1000% times more sense than giving random websites my "secret numbers" (including the super,/i> secret numbers on the back of the card, lol).
Re: (Score:2)
No no no! PayPal isn't subject to the same banking regulations as banks. If you have a dispute with PayPal over fraudulent charges, you are stuck. A bank has to answer to regulators, and from personal experience, bank regulators have teeth and get banks to cooperate.
I have actually had a dispute with PayPal. All they would tell me is, "Sorry, we can't help you."
you can't (Score:2)
First, you can't, just because you give your credit card to any business that you pay at, online and offline.
Second, I've got a banking app on my phone that I've authenticated with my bank card and PIN on a bank issued question response card reader. For any online payment I need to acknowledge the payment on my phone. If I break my phone, I can release the app on my next phone with the reader and the card plus PIN.
Third,
Use a service (Score:2)
Anything that uses virtual numbers. Apple Pay, Google Pay, PayPal will keep your CC numbers hidden from the vendor.
I have one CC that I use for utilities and recurring transactions. I never give out the numbers but use Apple Pay or similar. It’s never been nicked.
My other CC that gets used at restaurants, gas stations, etc. gets nicked once a year or more.
Donâ(TM)t give your credit card details onlin (Score:2)
You should never give your credit card to a website that stores your credit card.
The exception is credit card processors.
Vendor websites use the CC processor to take the transaction through an iframe running on the processor's secured servers. The CC processor can create a stored card token for a credit card that only works with that merchant. Vendors can safely store these tokens as a means of payment as they are secure. They canâ(TM)t be used outside of the merchant.
Any merchant that stores credit
Same as keeping cash from being stolen (Score:2)
1. Don't hang out in sketchy parts of town (or the internet)
2. Don't do business with sketchy vendors (or web sites)
3. Don't flash your money around (manage your credit card numbers as discreetly as possible)
4. Use a reputable bank to store your cash (or provide your credit card)
And one other thing:
Use CREDIT cards not DEBIT cards. A debit card has all the security risks of a credit card, PLUS you are out the money until any fraud or other issue is resolved. With a credit card, the bank is out the money, yo
Impossible (Score:2)
You can't. One of the major banks in my country had a leak, and there was a large number of cards that were compromised despite their lack of use. The most you can do is simply not photograph the front of your card to place it on Twitter, and not reply to questions asking about the three numbers on the back.
The cards were initially based on 1-factor authentication (or perhaps 0-factor): physically having the card. It's only much later that they had
We can't without help (Score:2)
We can't do it without the credit card companies' assistance. Here's a foolproof way they could help us:
When it comes time to enter a credit card online, you go to your CC company's web site and it gives you a brand-new CC number and CCV code. Only the CC company knows it is tied to your account.
You enter the new details. The very first time they are used, the CC company ties the new number to that merchant's number. Henceforth, only that merchant can charge the card. If the card details are stolen,
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
I didn't claim it was convenient.
The original question was "How to I protect myself from the consequences of this or that activity." My answer was "Don't do that activity" and "If you have to, take precautions".
That was my easy answer. Doing it is not fun though.
Re:Easy (Score:5, Interesting)
Once you've entered the numbers in a textbox, even before you press [submit], the numbers are out of your control.
You seriously think that if you tell them to not store the numbers, they won't store the numbers?
If yes, then I've got a bridge to sell you.
Seriously thinking (Score:3)
Some bad actors will store them anyway, some good actors will not. Every website that does not store your info is a reduction in your attack surface.
Re: (Score:2)
Re: (Score:2)
I wonder how much card fraud is from hacking in to the online merchant that stored my card in plaintext and how much is from someone who figures out that 1234-4321-8822-1010 is a valid card with an expiration of 02/24 and a CVV of 123
The only fraudlant charge I've gotten was, I am pretty sure, due to this. A charge appeared on my card from a location I have never visited. I couldn't dispute it until it cleared, and by the time it cleared there were a few more charges from the same location. I explained what was happening to the credit card company, and they issued me a new card with a new number.
My strategy for dealing with credit card fraud is to keep careful track of my expenditures. Vigilance is the price of safety.
Re: (Score:3)
If you're in the US you're not on the hook for fraud anyway. CC companies keep it easy to abuse because the bottom line is better than making CC transactions less convenient. This is not the consumer's problem to solve.
Re: (Score:2)
If you're going to buy online, don't store your credit card details there, enter them only when you make a purchase.
What is to stop the business storing them anyway? I always assumed they did anyway.
Liability (Score:2)
I am sure some businesses do this, but consider the liability issues for them.
If they are retaining your info after explicitly being told not to, and your information is lost in an attack, are they likely to get sued or prosecuted for that?
I honestly don't know, but it seems like a big risk for little return.
Re: (Score:2)
You do realize that most countries consider credit cards to be 'living in the past century', right?
Re: (Score:2)
I think a lot of people would agree with that sentiment :D
Re:Easy (Score:5, Insightful)
Credit cards only get you into debt if you don't know how to manage your finances properly..
If you use a credit card like a debit card and pay it off every month, you never get into debt nor pay any interest, but you do have some benefits. In particular when you rent a car or book a hotel they will generally pre-auth a deposit against your card which then gets refunded later. With a debit card, it deducts that amount from your account and credits it back later when the merchant releases the hold but with a credit card it just reduces your available credit limit.
Credit cards have better protection against fraud, with debit card the money is gone and you'll only get it back once the bank has finished investigating the fraud - with credit it's the bank's problem so you're not out of pocket while they investigate it.
Card issuers also generally offer some perks like cashback or other points systems, which is basically free money if it's from transactions that you would have been making in any case.
Re:Easy (Score:5, Informative)
Re: (Score:3)
Re:Easy (Score:5, Informative)
We burned our credit cards years ago since they're engineered to keep you in debt. Now we only have debit cards for the brick-and-mortar establishments that only accept Visa. Can you believe there are places that actually refuse cash now?
DId you know that debit cards have none of the legal protection against fraud that credit cards do? Transactions on a debit card are your responsibility, no matter who and under what circumstances they took place.
The cost of dealing with fraud is what keeps credit card interest so high. So use credit cards and be protected, but pay them off every month. Financially you will be in the same place you are now, but next time you encounter a skimmer at a gas station, you will be protected.
Re:Easy (Score:4, Interesting)
As soon as I read "What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?" I was, like:
a) Who pays "ongoing bills with a credit card"
and
b) Easy! Have one card for "ongoing bills" and another for "online purchases"?
Bottom line: Whoever wrote that has the IQ of a sheep.
Re: (Score:2)
Which category is Netflix?
Re: (Score:2)
At least in Europe, recurring household bills such as internet services are paid with a debit from your account, where you give your IBAN number to a service provider and you allow them, on your banking website, to take money up to a certain monthly limit, or within a limited time period. The IBAN itself is a public number useless to a fraudster. What matters is the authorization you give them on your banking service.
Re:Easy (Score:5, Interesting)
b) Easy! Have one card for "ongoing bills" and another for "online purchases"?
Some merchants are even connected to some kind of update feed from the card providers - so they will automatically get your new account data when the new card is issued. For whatever reason I've had three cards compromised at least twice each over the past month, and when I've received the new card and gone to start updating things, I found that quite a few of my regular merchants had already received the new card number.
Re: (Score:2)
It's not that easy, though that would decrease the attack surface. The problem, however, is inherent in the design of the credit card system.
Of course, you could decrease your attack surface even more, and never use the card, but that's not guaranteed either, if the card exists. The company issuing the card could be penetrated. (Actually, even if you don't have a card, a fake one could be created that was recorded as having been issued to you. For some reason Wells Fargo comes to mind as a similar case.
Re: (Score:2)
Only they're not losing money, they're just suffering the inconvenience of having to keep changing their card,
Not using a card at all would probably be even more inconvenient, thus defeating the point.
Re: (Score:2)
To be honest, a Paypal account doesn't need much more than a bank account number, and while they are super-sketchy with sellers, I've found them pretty damn good as a buyer when its come to conflicts over payments. They'll side with the buyer 99% of the time.
And its pretty rare that I need to do something online that doesnt take paypal. As long as you keep solid 2FA, dont skimp on your email and mobile security I suspect its a fairly safe way of doing things.
Re: (Score:2)
If only there were a company that would encrypt your credit cards into a hardware device that you could present at stores to make purchases using NFC terminals. For each transaction, the merchant would receive a single-use card number that would be useless if subsequently stolen. The same idea would be applicable to online purchases.
For tech like that, we will have to wait until...2014.
Re: (Score:2)
Re: (Score:2)
I know of at least one FinTech that will let you create virtual burner cards on the fly. Nearly unlimited number. Perhaps one could be created for every retailer/account, as the OP implies. You can even give them names in the app as a reminder. And in-app approval for each transaction. With this FinTech, the balance is limited to the amount of cash deposited - so one can limit the losses. Further, one can freeze the credit cards individually at the touch of a button when the deed is done.
Its all a question
Re: (Score:2)
CitiBank and a number of other banks have been doing virtual CC numbers with their cards for like 20 years. It's not anything new.
Re: (Score:3)
One piece of advice: never get a debit card. With a debit card, if there is fraud, YOU are out the money until the issue is resolved. With a credit card, the BANK is out the money until the issue is resolved. Banks are much more motivated to resolve the problem when THEY are taking the loss.
Welcome to Texas, by the way!
Re: (Score:3)
There was a vulnerability allowing 3rd parties to access other domains cookies in Safari [threatpost.com] a few years back. Don't know for the other browsers. I don't think it's still relevant as of today.
Re: (Score:2)
Just because a site tells you it isn't storing your card details, doesn't mean that's true.
Sites generally don't mention up front that they get hacked and leak card numbers or that they have rogue employees who skim card numbers either.
Paypal is generally a better idea, because it's push rather than pull. The idea that you give someone your card and they can take as much as they want but you have to trust them not to take more than they declared is pretty stupid and ripe for fraud in most cases.
Re: (Score:2)
Here you go: 1, 2, 3, 4, 5, 6
Oh no, now I have to change the password on my luggage!
Re: (Score:2)
Yes, me too. The cards that get impacted are invariably one that is never used online -- although I do use services like Amazon Pay and Paypal for some one-off online transactions.