Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Keep Your Credit Card Secure?

Posted by EditorDavid on from the chip-vs-RFID dept.

It's easy to pontificate about the best security practices -- but the real test is what we do with our own money. Long-time Slashdot reader Keybounce writes: So, like most of you, I recently got a new credit card with a chip in it. I was not worried about that -- I know the chips are harder to copy and counterfeit. But I recently discovered that the card is also a radio card -- swiping it near the screen caused an message to show up on the reader. In this case, it told me to use the chip reader instead, but this means it has an active radio signal, and could be "hacked" -- stolen by someone with the right device.

How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?

So leave your own answer in the the comments. How are you keeping your own credit card secure?

10 of 385 comments (clear)

  1. Tinfoil by dimethylxanthine · · Score: 3, Informative

    Tinfoil around the inside of the wallet. And don't forget the hat!

  2. Re:Turn it off by stevel · · Score: 3, Informative

    That does very little good. The info that can be obtained with a reader is still usable for making charges to your account.

  3. I don't by Pulzar · · Score: 4, Informative

    It's really not my job to go the extra distance to improve their security. The card is the way it is, and if it's good enough for the banks, it's good enough for me.

    I've had the card cloned a couple of time in the last five years, and it was never more than a minor inconvenience. Call the number in the back, tell them that I didn't spend $2000 on a strip club in Mexico, and they send me a new one.

    --
    Never underestimate the bandwidth of a 747 filled with CD-ROMs.
    1. Re:I don't by JoeMerchant · · Score: 3, Informative

      Same here, I secure my card by handing it to waiters in restaurants who disappear with it, using it in retail stores where employee turnover is atrocious, and shopping on the internet. About once every 4 years (on average) we get a charge we didn't make on the bill, we tell the company ASAP and it gets reversed and we get a new card number.

      We were included in the recent Target and Home Depot attacks, nothing happened until about a month ago, then we got a $900 charge from COSTCO - impressive since we don't have a membership.

  4. Re:Don't care, not my card, card issuer's problems by mattwarden · · Score: 4, Informative

    Exactly. Why is this my problem? I am not liable for fraudulent charges.

  5. Identity Theft Victim Here with My Insight by Proudrooster · · Score: 4, Informative

    Here is how to stay out of trouble.

    1. DO NOT USE YOUR ATM CARD ANYWHERE, EXCEPT AT THE BANK THAT ISSUED IT IN THE LOBBY.
    2. Feel free to use your credit card anywhere, AS LONG AS YOU CHECK THE MONTHLY STATEMENT AND DISPUTE ANY CHARGES.
    3. Anywhere especially seedy, PAY CASH or use a Green Dot Card from Walmart money card loaded with the exact amount.
    4. Only use checks for re-occuring variable bills like phone, gas, electric so an error can no clean out your bank account. Some phone cable and phone companies occasionally have problems with sending customers erroneous $1000 monthly bills.
    5. Do not use online banking. Make sure you have it turned off.
    6. Make sure you have an ATM only card that can not be used as a debit card. This means it only works at ATM machines.
    7. Setup all fixed cost bills, mortgage, car, insurance, student loan for auto pay so you don't need to use online banking or write a check.
    8. Do not let money pile up in your PayPal account. Paypal is not a real financial institution and can play games with your money and you have very little protection.
    9. Bank with a real bank, an 800 lb. gorilla like Chase that has 24-hour fraud people.
    10. Keep a copy or scan of all documents/cards in your wallet. If you wallet gets stolen you can quickly cancel everything, instead of trying to figure out what was in your wallet.
    11. Pay your credit card off EVERY MONTH, no exceptions. 20% interest is for suckers. If you can't control yourself, set you limit for what you are able to pay. NEVER carry credit card debt. NEVER.

    The safest forms of payment are:
    1. CASH / Walmart Green Dot Money Card
    2. Credit Card
    3. Check
    4. ATM Card

    Why do I make these recommendations?

    1. Cash can't be hacked.
    2. VISA provides you with protections to dispute charges. That means if you get hit with a charge, you can dispute it and during the dispute period you aren't out any money, unlike bank fraud. If a vendor is getting a lot of chargebacks from VISA, they will figure out they have a hole in their system and fix it or go out of business.
    3. Your ATM card connects directly to real money. If you have Autopay setup and someone hacks your ATM/Debit card, you could be in a world of hurt because your account might get emptied out and there would not be any funds available to pay your bills. This is a bad, expensive situation.
    4. Your checks have a magnetic toner on the bottom with your bank routing number and bank account number. With these numbers, someone could possibly access your account. Only use checks for variable payments like phone, gas, electric.
    5. If you need to buy something that you don't want associated with you directly, get a Walmart Green Dot Card. This is great in case you are in need of a burner phone or other untraceable payment. By law you are supposed to register these cards but Green Dot will still allow you to use it but will deny you a personalized card. Many illegal/undocumented immigrants use these cards. These cards can be sketchy and prone to fraud, so buy it, load it, and spend it as soon as possible.

    If you have any questions, let me know and I will check this thread again. Be smart. Guard your privacy, credit score, and your hard earned money.

  6. Re:Turn it off by Wrath0fb0b · · Score: 4, Informative

    Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.

    You could actually read about EMV, the specification is public. It's fairly clear you haven't.

  7. Re:Easy by Anonymous Coward · · Score: 2, Informative

    It is already like that in Sweden. Many forms of transportation only allows card payment or you have to pre-pay with cash at some other place (like a 7-eleven etc.). Some restaurants are also cash-free (accepting payment through credit/debit card or by phone. Direct transfer of funds for via phone number is easy to set up in Sweden and free for private users, it's kinda like paypal but with your phone number instead of email address)

  8. Re:Turn it off by Anonymous Coward · · Score: 5, Informative

    It doesn't include the CVV2 that will be requested even by very low risk online retailers. You might be thinking, "But this field right here is labelled CVV" and it is, but there are like four CVVs for a modern card, and that's the wrong one. The one you need online is CVV2, which is the one written on the back of the card but not stored on the card itself.

    This happened because cards _used_ to have just one CVV, baked into the magstripe, so you could tell you had a "real" magstripe read, not one based on just reading the digits off the card, but if people got the CVV elsewhere they'd fake that out. So the "fix" was to have a different value for CVV in each place, and check you got the right one. So there's a CVV for EMV chip transactions, a CVV for the magstripe and one written on the card for online.

  9. Re:Shielding, jamming by coofercat · · Score: 3, Informative

    Indeed - all that fraud just gets passed on to the vendor/retailer. Unfortunately, those retailers have absolutely no way to measure the 'fraudiness' of a card transaction, so can't decide to decline something on their own - they have to ask the Bank to make that choice for them. When the bank makes the wrong choice, the retailer pays.

    In the UK we have some (relatively new) financial industry rules that include 'treating the customer fairly'. I wonder how long it will be before some credit card banks get held to account on that basis, but until then, banks control everything and pay for nothing.