{"id":4782,"date":"2014-05-14T10:00:32","date_gmt":"2014-05-14T14:00:32","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=4782"},"modified":"2020-02-26T10:50:17","modified_gmt":"2020-02-26T15:50:17","slug":"securing-credit-card-online-irl","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/securing-credit-card-online-irl\/4782\/","title":{"rendered":"Securing Your Credit Card \u2015 Online and in Real Life"},"content":{"rendered":"<p>With all the news about <a href=\"https:\/\/threatpost.com\/reports-target-suffered-massive-data-breach-starting-on-black-friday\/103232\" target=\"_blank\" rel=\"noopener nofollow\">massive data breaches<\/a> in the biggest retail chains and the ever-present risk of <a href=\"https:\/\/www.kaspersky.com\/blog\/data-breach-notification\/\" target=\"_blank\" rel=\"noopener nofollow\">online fraud<\/a>, you may be wondering whether or not it is really a good idea to use credit cards at all. \u00a0Of course it is! After all, it\u2019s much safer than carrying lots of cash in your pockets, and you have no viable alternatives when buying something online \u2013 be it a new smartphone app or a <a href=\"https:\/\/www.kaspersky.com\/blog\/safely-buy-and-sell-cars-online\/\" target=\"_blank\" rel=\"noopener nofollow\">car<\/a>. So, banking cards are good, despite the possibility of security issues. You just have to make sure your \u201cvirtual pockets\u201d are not wide open for a thief\u2019s convenience.<\/p>\n<h2>Selecting a proper card<\/h2>\n<p>There is no one-size-fits-all solution on the banking card market. There is AmEx, MasterCard, Visa, UnionPay, plus many local payment systems. There are credit and debit cards, which differ significantly on some markets. You may want to use two, three or even more cards for various occasions\u2015each one is equipped with its own set of security measures. Credit cards are typically better protected on many levels. Banks utilize stricter security procedures while checking credit card transactions. In many countries, credit card purchases are insured, and fraudulent transactions are never charged to a well-intentioned card owner. Moreover, criminals in some countries simply avoid dealing with credit cards as it poses higher risks of prosecution. However, none of these reasons cover everything, and there are no guarantees, so you can\u2019t just select a credit card and forget every other security measure.<\/p>\n<div class=\"pullquote\">Credit cards are typically protected better, and criminals avoid them often. However, there are no guarantees and you can\u2019t forget every other security measure.<\/div>\n<p>When selecting a payment system, consider the planned usage of the card. There are many \u201cglobal\u201d systems, but only MasterCard and Visa currently operate in almost every country without major white spots. For Europeans or people frequently travelling to Europe, MasterCard is probably the best option, as some ATMs in Europe accept only MasterCard. Notable exceptions are China (local regulations are strict, and the best option for China is obviously UnionPay) and Olympic cities (during the Olympics, official venues accept only Visa). More importantly, MC and Visa are leading the pack in terms of technology and security. Moreover, they are able to enforce security solutions in whole industries.<\/p>\n<p>While the most important stuff you will be looking into while selecting your card are probably bank rates and offers, consider security measures as well. Check the \u201csecurity advice\u201d section of a bank\u2019s website. There will be many general tips like \u201cdon\u2019t give your card to strangers\u201d, but you can also find a list of available security tools provided by this bank to its customers. Here is the list of useful security tools to watch for.<\/p>\n<h2>Card security tools<\/h2>\n<ul>\n<li><b>Chip card.<\/b> So-called chip cards (or, more officially, EMV cards) are typical for European banks already, but they are just emerging in the US, Canada and some other regions. In addition to a magnetic stripe, these cards are equipped with a chip, which provides much better security and prevents most attempts to steal card data to clone it (as seen in the <a href=\"https:\/\/www.kaspersky.com\/blog\/january-monthly-roundup\/\" target=\"_blank\" rel=\"noopener nofollow\">Target breach<\/a>, <a href=\"https:\/\/www.kaspersky.com\/blog\/credit-card-security\/\" target=\"_blank\" rel=\"noopener nofollow\">ATM skimmers<\/a> and other schemes). Chips cards are still compatible with old (swipe) readers and MasterCard and Visa require these cards to become mandatory from late 2015. Payment systems threaten that they won\u2019t compensate fraudulent charges made using non-EMV cards starting in 2016.<\/li>\n<li><b>Chip &amp; PIN.<\/b> While a chip provides a new, more secure option for a merchant or a bank to read your card, there\u2019s still a need to authenticate a card owner. For older cards, it\u2019s done using a signature, which is often not checked by the seller and generally easy to fake. Another option involves typing your 4-digit PIN code on every purchase, as is currently done on ATMs. It\u2019s as fast as signing a slip but much, much more secure.<\/li>\n<li><b>PIN change.<\/b> Very easy and useful, but still not a standard feature; it allows a customer to change a predefined PIN code to something more memorable. Additionally, in some banks, it allows to avoid re-issuing a card when you forgot your PIN code. Important note\u2015avoid using simple PINs like date of birth or four progressive digits.<\/li>\n<li><b>Photo on card.<\/b> Ultra simple, yet effective measure that prevents a stolen card from being used in major retail\u2015to incorporate a cardholder photo into the card design.<\/li>\n<li><b>Instant notification.<\/b> Typically done via SMS, this easy feature allows you to check instantly if card withdrawals are correct. An SMS with exact transaction description and sum deducted arrives in mere seconds after withdrawal, which helps to spot fraudulent charges, as well as billing mistakes. Early notifications significantly ease the dispute process.<\/li>\n<\/ul>\n<blockquote class=\"twitter-pullquote\"><p>Enable MasterCard SecureCode\/Verified by Visa for all cards you use to pay online. #payment #security #tip<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FxLW3&amp;text=Enable+MasterCard+SecureCode%2FVerified+by+Visa+for+all+cards+you+use+to+pay+online.+%23payment+%23security+%23tip\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<ul>\n<li><b>3D Secure.<\/b> This feature improves the security of online transactions. It is often called by its brand names (Verified by Visa, MasterCard SecureCode, J\/Secure, AmEx SafeKey, etc.), but the essence is still the same\u2015your bank and payment system verifies each online payment with you. The typical scheme consists of two steps. First, you enter your credit card details on the merchant\u2019s website (or his payment processors\u2019 site), then you\u2019re redirected to the special page of <b>your <\/b>bank where you confirm the purchase with a special password. For some implementations, it\u2019s just a secondary static password (which is not so secure); for newer ones, it\u2019s a one-time password sent via SMS (which is very secure and prevents <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/phishing\/\" target=\"_blank\" rel=\"noopener nofollow\">phishing<\/a>). This feature is strongly recommended for any card you plan to use online often.<\/li>\n<li><b>Virtual cards.<\/b> Another measure to counteract online fraud, a virtual card is used strictly for Internet purchases, as it has no physical representation. You can instantly issue it via online banking. It might be a secondary card, tied to your primary one, or a separate card. In the first case, this card is valid for one purchase only, and then it\u2019s blocked. \u00a0In the second case, the card is managed via online banking to balance between security and convenience. Possible security measures include setting spending limits (daily, monthly, total), re-issuing the card regularly (monthly, weekly or even daily \u2015 as needed), and keeping the card balance at almost zero (you\u2019ll have to manually top-up the card before each purchase).<\/li>\n<li><b>NFC.<\/b> Not exactly a security measure, Near Field Communication (<a href=\"https:\/\/www.kaspersky.com\/blog\/mobile-novelties-from-barcelona\/\" target=\"_blank\" rel=\"noopener nofollow\">NFC<\/a>), better known under brand names (MC PayPass, Visa PayWave), is a wireless technology allowing the exchange of \u00a0information by briefly tapping two devices. An NFC chip is very small, and it might be embedded in the card, in addition to the usual magnetic stripe and EMV chip. To pay with NFC, you have to touch a terminal with your card; it may even work from inside of your wallet. This increases your security, as it\u2019s not required to hand your card to anyone or even show it. Chances to forget or misplace a card are fewer. However, NFC usage in the banking sphere is relatively new and, being a wireless technology (although, ultra-near range of a few centimeters), it may be susceptible to yet unknown exploit schemes. That\u2019s why we suggest the use of NFC-enabled cards only for smaller scale payments, where instant, contactless payments prove to be most useful: public transport, gas stations, fast food, parking lots, etc.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/05\/06043527\/nfc-paypass.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-4789\" alt=\"nfc-paypass\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/05\/06043527\/nfc-paypass.jpg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>\u00a0<\/p>\n<h2>Simple safety rules<\/h2>\n<p>So, you have selected your bank and card and, hopefully, added all possible security measures. Using chip-and-pin card plus 3D secure and SMS notification greatly improves your funds\u2019 security while paying both online and offline, but this protection is only effective if you exercise these other simple safety rules:<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Don\u2019t give your credit card to your kids or spouse. You may get supplementary credit cards for them instead. #payment #security #tip<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FxLW3&amp;text=Don%26%238217%3Bt+give+your+credit+card+to+your+kids+or+spouse.+You+may+get+supplementary+credit+cards+for+them+instead.+%23payment+%23security+%23tip\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<ul>\n<li><b>Don\u2019t give your card to anyone<\/b>. While being very obvious, this rule is actually hard to follow in some common scenarios. You may be giving your card to a waiter in a restaurant to be processed somewhere in the back office, or you may lend a card to your significant other or your teenage kid. To avoid possible misuse, insist on keeping your card in sight, e.g. follow a waiter to the cash desk. This is especially important when using your card abroad. To better use credit cards with your family, you may get supplementary credit cards for the kids and spouse.<\/li>\n<li><b>Don\u2019t use your card in unsafe places. <\/b>The biggest threats are street ATMs and ATMs in less-controlled public spaces. There is a possibility of skimming\u2015an attempt to record your card details and PIN code to produce a duplicate. You may also want to limit card usage in very small shops and other places with outdated equipment.<\/li>\n<li><b>Never tell your PIN code.<\/b> No one has the right to ask for it \u2015 no exceptions here. Don\u2019t write your PIN code down. If you fear forgetting it, use a special password manager for your smartphone (see our <a href=\"https:\/\/www.kaspersky.ru\/blog\/secure-iphone\/\" target=\"_blank\" rel=\"noopener\">iOS <\/a>and <a href=\"https:\/\/www.kaspersky.ru\/blog\/best-android-security-apps\/\" target=\"_blank\" rel=\"noopener\">Android <\/a>apps review). When keying in your PIN on an ATM or POS terminal, cover the keypad with another hand. Don\u2019t let anyone stand too close and watch you. If you suspect that a PIN code was somehow stolen, report to your bank immediately.<\/li>\n<li><b>Report any trouble.<\/b> In case of any issues\u2015from lost card to unexpected charges\u2015report to your bank right away. Time is crucial, as fraudsters try to use your stolen card as soon as possible.<\/li>\n<li><b>Make sure you pay online safely<\/b>. In brief, your computer should be malware-free, your network should be secured and the connection must be <a href=\"https:\/\/www.kaspersky.com\/blog\/digital-certificates-httpss\/\" target=\"_blank\" rel=\"noopener nofollow\">encrypted<\/a>. Moreover, you have to make sure that you\u2019re connected to the genuine server of a shop or your bank and not a fake one. These rules are actually hard to implement manually; that\u2019s why there is a simple \u201cpackaged\u201d solution which makes these checks automatically. It is called \u201cSafe Money\u201d and ships as a component of <a href=\"https:\/\/www.kaspersky.com\/advert\/free-trials\/multi-device-security?redef=1&amp;THRU&amp;reseller=blog_en-global\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security<\/a> and <a href=\"https:\/\/www.kaspersky.com\/pure\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky PURE<\/a>.<\/li>\n<li><b>Avoid phishing<\/b>. One very popular criminal tactic involves sending mass mails pretending to be from a big bank (e.g. Barclays), online retailer (e.g. Amazon) or online service provider (e.g. Apple). These emails say that you have to \u201cconfirm your account\u201d, \u201ccheck suspicious withdrawals\u201d or \u201cconfirm expensive delivery\u201d, etc. When you click the link, you\u2019ll be taken to the fake website of the bank\/retailer\/provider, and asked to enter your password or credit card details. To avoid this threat, never click a link in such emails. If you\u2019re concerned about your account safety, open the corresponding web site (e.g. icloud.com or amazon.com) manually, and log in to your account there. Don\u2019t click the link. Just don\u2019t.<\/li>\n<\/ul>\n<p>If you have extra advice, do not hesitate to leave it in the comments below!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s ridiculously simple to lose your money because of credit card fraud. Secure yourself in all stages\u2015from choosing your card to paying overseas \u2015using our simple guide.<\/p>\n","protected":false},"author":32,"featured_media":4783,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[519,657,80,79,179,131],"class_list":{"0":"post-4782","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-banking","10":"tag-credit-card","11":"tag-fraud","12":"tag-online-banking","13":"tag-safe-money","14":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/securing-credit-card-online-irl\/4782\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/securing-credit-card-online-irl\/3457\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/securing-credit-card-online-irl\/3345\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/securing-credit-card-online-irl\/3768\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/securing-credit-card-online-irl\/3882\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/securing-credit-card-online-irl\/4026\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/securing-credit-card-online-irl\/3647\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/securing-credit-card-online-irl\/4026\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/securing-credit-card-online-irl\/4782\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/securing-credit-card-online-irl\/4782\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4782"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4782\/revisions"}],"predecessor-version":[{"id":33137,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4782\/revisions\/33137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4783"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}