Seven Tips for Better Credit Card Security

Wednesday, November 24, 2010

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it.

It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right?

Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures

Possibly Related Articles:
7080
Security Awareness
PCI fraud Security Credit Cards Debit Cards
Post Rating I Like this!
5e402abc3fedaf8927900f014ccc031f
Allan Pratt, MBA Great reminders, Robert!
1290827169
37d5f81e2277051bc17116221040d51c
Robert Siciliano Thanks Allan, Happy Holidays!
1290827700
37f65c068b7723cd7809ee2d31d7861c
Niels Groeneveld "Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good."

Interesting idea, especially if this could be done automatically by the card suppliers for all their customers.

I wonder whether the card issuers would earn or lose money when they would start doing this for all their customers.
1290861110
37d5f81e2277051bc17116221040d51c
Robert Siciliano Niels, regarding FlagFox, certainly awareness of a websites base being from Ghana, Romania, Belarus, Nigeria, Turkey etc may signal a redflag to those in the know, but the cattle will have no idea what that means.
1290862358
37f65c068b7723cd7809ee2d31d7861c
Niels Groeneveld True, it will not eliminate risk, but it might help to reduce risk. Also, users should get some instructions on how to use it.

I think it depends upon the kind of user and organization whether this is effective, but I would love to see this kind of functionality integrated in browsers and mail clients.
1290864053
37f65c068b7723cd7809ee2d31d7861c
Niels Groeneveld Some more info regarding FlagFox for the other readers of this topic (mailed Robert privately) -

Firefox FlagFox Add-on - Geoint for the Endpoint
http://flagfox.net/

Example Output for www.infosecisland.com
http://geo.flagfox.net/?ip=69.166.138.118&host=www.infosecisland.com

Suggested that such tooling might also help users to detect fraudulent websites (or email senders if you apply it to mail clients).
1290864276
37d5f81e2277051bc17116221040d51c
Robert Siciliano Credit card issuers certainly flag high risk IP addresses and often deny the transaction as a result. This kind of profiling in a browser will certainly raise awareness. Most browsers will tip you off to a spoofed site today too.
1290864687
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.