How to Protect Your Credit Card from a Data Breach

Securing Credit Cards
Phil Coale/AP
By Anisha Sekar

Even if you're not one of the 40 million Target (TGT) shoppers whose credit or debit card information was stolen Nov. 27 to Dec. 15, you've probably heard of the data breach. With the list of hacked companies, websites and apps growing longer, it's time to take a serious look at credit card security and what you can do to stay safe online. We'll run through the basics of credit card companies' fraud prevention methods and what you can do to protect yourself.

How credit cards work

Your credit card has a lot of information that can be used to verify its authenticity: an expiration date, a three-digit security number and your name. There's also a magnetic stripe on the back of the card that contains all that information and more. When you swipe your credit card, the information on the magnetic stripe gets transmitted to a third party, who then verifies with your bank that all your information is correct and approves the transaction.

There are other authentication methods, such as checking your signature or asking to see an ID, but not every merchant takes these steps. %VIRTUAL-article-sponsoredlinks%Additionally, if you're making an online purchase, you might be required to input the three-digit number called the card verification value, or CVV, as well as the card number and expiration date. Merchants aren't allowed to store the CVV in their databases in an effort to keep that information away from hackers. Therefore, merchants ask you to enter your CVV to prove that you actually have the physical card.

What about the rest of the world?

America lags behind the rest of the world in terms of credit card security techniques. We use magnetic stripes to hold our data, whereas other countries use EMV chips. These chips use a different (some say better) method of encrypting data. While magnetic stripes have the same encryption method, the method for EMV chips varies, making them harder to hack. This has produced dramatic results on point-of-sale transactions. For example, the United Kingdom rolled out EMV technology in the 2000s and saw fraud rates drop by 63 percent between 2004 and 2010, according to the Federal Reserve Bank of Atlanta.

The United States is moving closer to widespread EMV adoption, but for now, we're still using our old magnetic stripe cards.

How can I keep my data safe?

Here are a few ways to protect your credit card data beyond the encryption methods offered by merchants:
  • Make sure you sign the back of your credit card -- if you don't, your fraud liability might be higher.
  • When making online purchases from your computer or phone, make sure the web address starts with "https://" instead of "http://."
  • Use a personal finance service like to instantly see which transactions have been made on which card.
  • Shred credit card statements and anything that has your credit card number or personal information on it.
  • Be wary of making online purchases on a public Wi-Fi connection -- they're easy to hack. If you find yourself using public Wi-Fi often, consider getting a VPN, which is more secure.
But don't worry too much

While credit card fraud is a hassle to deal with, your liability is limited. By law, you'll never be on the hook for more than $50 if your credit card is stolen and the thief racks up charges. You're also not liable for any purchases made after you report the card lost or stolen. In the wake of the Target data breach, it's reassuring to know that you have no liability if your card information, rather than the card itself, is stolen. Finally, many credit cards offer zero-liability policies that provide better protection than the law requires.

If you ever fall victim to a Target-like data breach, call your bank right away to report the incident. Don't panic, though -- federal law gives you quite a bit of protection.

Anisha Sekar writes for NerdWallet, a personal finance website dedicated to helping consumers.

More from U.S. News

Why Your Bank Thinks Someone Stole Your Credit Card
See Gallery
How to Protect Your Credit Card from a Data Breach

One reason why Marquis' gas purchases might have triggered a fraud lockdown? Filling their tank is a common first move for credit card thieves.

"Some of the things they look at are small-dollar transactions at gas stations, followed by an attempt to make a larger purchase," explains Adam Levin of Identity Theft 911.

The idea is that thieves want to confirm that the card actually works before going on a buying spree, so they'll make a small purchase that wouldn't catch the attention of the cardholder. Popular methods include buying gas or making a small donation to charity, so banks have started scrutinizing those transactions.

Of course, it's not a simple matter of buying gas or giving to charity -- if those tasks triggered alerts constantly, no one would do either with a credit card. But Levin points to another possible explanation: Purchases made in a high-crime area are going to be held to a higher standard by the bank.

"It's almost a form of redlining," he says. "If there are certain [neighborhoods] where they've experienced an enormous amount of fraud, then anytime they see a transaction in the neighborhood, it sends an alert."

(Indeed, Erin tells me that one of the gas purchases that triggered an alert took place in a rough part of Detroit, which she visited specifically for the cheap gas.)

People who steal credit cards and credit card numbers usually aren't doing it so they can outfit their home with electronics and appliances. They don't want the actual products they're fraudulently buying; they're just in it to make money. So banks are always on the lookout for purchases of items that can easily be re-sold.

"Anytime a product can be turned around quickly for cash value, those are going to be the items that you would probably assume that, if you were a thief, you would want to get to first," says Karisse Hendrick of the Merchant Risk Council, which helps online merchants cut down on fraud. Levin says electronics are common choices for fraudsters, as are precious metals and jewelry.

Many thieves don't want to go through the rigmarole of buying laptops and jewelry, then selling them online or at pawnshops. They'd much prefer to just turn your stolen card directly into cold, hard cash.

There are a few ways that they can do that, and all of them will raise red flags at your bank or credit union. Using a credit card to buy a pricey gift card or load a bunch of money on a prepaid debit card is a fast way to attract the suspicions of your credit card issuer. Levin adds that some identity thieves also use stolen or cloned credit cards to buy chips at a casino, which they can then cash out (or, if they're feeling lucky, gamble away).

When assessing whether a purchase might be fraudulent, banks aren't just looking at what you bought and where you bought it. They're also asking if it's something you usually buy.

"The issuers know the buying patterns of a cardholder," says Hendrick. "They know the typical dollar amount of transaction and the type of purchase they put on a credit card."

Your bank sees a fairly high percentage of your purchases, so it knows if one is out of character for you. A thrifty individual who suddenly drops $500 on designer clothes should expect to get a call -- or have to make one when the bank flags the transaction. If you rarely travel and your card is suddenly used to purchase a flight to Europe, that's going to raise some red flags.

Speaking of Europe, the other big factor in banks' risk equations is whether you're making a purchase in a new area. I bought a computer just days after moving from Boston to New York, and had to confirm to the bank that I was indeed trying to make the purchase. Levin likewise says that making purchases in two different cities over a short period of time raises suspicions.

"I go from New York to California a lot, and invariably someone will call me [from the bank], " he says. Since one person can't go shopping in New York and California at the same time, any time a bank sees multiple purchases in multiple locations in a short period, it's going to be suspicious.

Read Full Story