Slashdot Mirror
Ask Slashdot: How Do You Keep Your Credit Card Secure?
It's easy to pontificate about the best security practices -- but the real test is what we do with our own money. Long-time Slashdot reader Keybounce writes:
So, like most of you, I recently got a new credit card with a chip in it. I was not worried about that -- I know the chips are harder to copy and counterfeit. But I recently discovered that the card is also a radio card -- swiping it near the screen caused an message to show up on the reader. In this case, it told me to use the chip reader instead, but this means it has an active radio signal, and could be "hacked" -- stolen by someone with the right device.
How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?
So leave your own answer in the the comments. How are you keeping your own credit card secure?
How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?
So leave your own answer in the the comments. How are you keeping your own credit card secure?
It's really not my job to go the extra distance to improve their security. The card is the way it is, and if it's good enough for the banks, it's good enough for me.
I've had the card cloned a couple of time in the last five years, and it was never more than a minor inconvenience. Call the number in the back, tell them that I didn't spend $2000 on a strip club in Mexico, and they send me a new one.
Never underestimate the bandwidth of a 747 filled with CD-ROMs.
Exactly. Why is this my problem? I am not liable for fraudulent charges.
Here is how to stay out of trouble.
1. DO NOT USE YOUR ATM CARD ANYWHERE, EXCEPT AT THE BANK THAT ISSUED IT IN THE LOBBY.
2. Feel free to use your credit card anywhere, AS LONG AS YOU CHECK THE MONTHLY STATEMENT AND DISPUTE ANY CHARGES.
3. Anywhere especially seedy, PAY CASH or use a Green Dot Card from Walmart money card loaded with the exact amount.
4. Only use checks for re-occuring variable bills like phone, gas, electric so an error can no clean out your bank account. Some phone cable and phone companies occasionally have problems with sending customers erroneous $1000 monthly bills.
5. Do not use online banking. Make sure you have it turned off.
6. Make sure you have an ATM only card that can not be used as a debit card. This means it only works at ATM machines.
7. Setup all fixed cost bills, mortgage, car, insurance, student loan for auto pay so you don't need to use online banking or write a check.
8. Do not let money pile up in your PayPal account. Paypal is not a real financial institution and can play games with your money and you have very little protection.
9. Bank with a real bank, an 800 lb. gorilla like Chase that has 24-hour fraud people.
10. Keep a copy or scan of all documents/cards in your wallet. If you wallet gets stolen you can quickly cancel everything, instead of trying to figure out what was in your wallet.
11. Pay your credit card off EVERY MONTH, no exceptions. 20% interest is for suckers. If you can't control yourself, set you limit for what you are able to pay. NEVER carry credit card debt. NEVER.
The safest forms of payment are:
1. CASH / Walmart Green Dot Money Card
2. Credit Card
3. Check
4. ATM Card
Why do I make these recommendations?
1. Cash can't be hacked.
2. VISA provides you with protections to dispute charges. That means if you get hit with a charge, you can dispute it and during the dispute period you aren't out any money, unlike bank fraud. If a vendor is getting a lot of chargebacks from VISA, they will figure out they have a hole in their system and fix it or go out of business.
3. Your ATM card connects directly to real money. If you have Autopay setup and someone hacks your ATM/Debit card, you could be in a world of hurt because your account might get emptied out and there would not be any funds available to pay your bills. This is a bad, expensive situation.
4. Your checks have a magnetic toner on the bottom with your bank routing number and bank account number. With these numbers, someone could possibly access your account. Only use checks for variable payments like phone, gas, electric.
5. If you need to buy something that you don't want associated with you directly, get a Walmart Green Dot Card. This is great in case you are in need of a burner phone or other untraceable payment. By law you are supposed to register these cards but Green Dot will still allow you to use it but will deny you a personalized card. Many illegal/undocumented immigrants use these cards. These cards can be sketchy and prone to fraud, so buy it, load it, and spend it as soon as possible.
If you have any questions, let me know and I will check this thread again. Be smart. Guard your privacy, credit score, and your hard earned money.
Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.
You could actually read about EMV, the specification is public. It's fairly clear you haven't.
It doesn't include the CVV2 that will be requested even by very low risk online retailers. You might be thinking, "But this field right here is labelled CVV" and it is, but there are like four CVVs for a modern card, and that's the wrong one. The one you need online is CVV2, which is the one written on the back of the card but not stored on the card itself.
This happened because cards _used_ to have just one CVV, baked into the magstripe, so you could tell you had a "real" magstripe read, not one based on just reading the digits off the card, but if people got the CVV elsewhere they'd fake that out. So the "fix" was to have a different value for CVV in each place, and check you got the right one. So there's a CVV for EMV chip transactions, a CVV for the magstripe and one written on the card for online.