Seven Tips for Better Credit Card Security

Wednesday, November 24, 2010

Robert Siciliano


Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it.

It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right?

Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures

Possibly Related Articles:
Security Awareness
PCI fraud Security Credit Cards Debit Cards
Post Rating I Like this!
Allan Pratt, MBA Great reminders, Robert!
Robert Siciliano Thanks Allan, Happy Holidays!
Niels Groeneveld "Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good."

Interesting idea, especially if this could be done automatically by the card suppliers for all their customers.

I wonder whether the card issuers would earn or lose money when they would start doing this for all their customers.
Robert Siciliano Niels, regarding FlagFox, certainly awareness of a websites base being from Ghana, Romania, Belarus, Nigeria, Turkey etc may signal a redflag to those in the know, but the cattle will have no idea what that means.
Niels Groeneveld True, it will not eliminate risk, but it might help to reduce risk. Also, users should get some instructions on how to use it.

I think it depends upon the kind of user and organization whether this is effective, but I would love to see this kind of functionality integrated in browsers and mail clients.
Niels Groeneveld Some more info regarding FlagFox for the other readers of this topic (mailed Robert privately) -

Firefox FlagFox Add-on - Geoint for the Endpoint

Example Output for

Suggested that such tooling might also help users to detect fraudulent websites (or email senders if you apply it to mail clients).
Robert Siciliano Credit card issuers certainly flag high risk IP addresses and often deny the transaction as a result. This kind of profiling in a browser will certainly raise awareness. Most browsers will tip you off to a spoofed site today too.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.