How to guard against credit card fraud

Man's hand reaching into another person's pocket to steal the wallet and commit credit card fraudImage: Man's hand reaching into another person's pocket to steal the wallet and commit credit card fraud

In a Nutshell

Guarding against credit card fraud doesn't have to be complicated. A few easy steps can help you keep your cards and identity secure.
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Think all you need to guard against credit card fraud is that nifty EMV chip? Think again.

“The shift to chips was designed to prevent a very specific kind of fraud — counterfeit card fraud,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center.

Velasquez is referring, of course, to the EMV liability shift that occurred in October 2015, when the U.S. joined Canada and Europe in switching from “swipe-and-sign” cards to “chip-and-signature” cards equipped with EMV chips.

This shift was significant because it transferred the liability for counterfeit fraudulent transactions from the issuer to the merchant if the card has an EMV chip and the merchant doesn’t support EMV chip transactions.

Since then, financial institutions and merchants have had a real incentive to support EMV chip technology.

The introduction of EMV chips has certainly helped. According to Visa, the total number of dollars stolen through counterfeit fraud was down 58% in December 2016 compared to the previous year. This improvement was for merchants who completed the upgrade to EMV chip technology.

The problem? Card thieves aren’t going away any time soon, and they may be adapting to the new reality faster than expected.

In 2016, about 1 in 20 consumers was the victim of existing credit card fraud — up 14% from the previous year, according to Javelin’s 2017 Identity Fraud Study.

And 46% of those cards had EMV chips, a higher-than-expected figure that likely resulted from the cards being misused by EMV-capable merchants not wanting to frustrate or confuse their customers.

The lesson? It pays to stay vigilant even if you have an EMV card. With that in mind, let’s run through some easy but effective ways to beef up your security and protect against credit card fraud.

  1. Use credit cards, not debit cards for online purchases
  2. Keep your credit card and CVV numbers safe
  3. If your phone is your wallet, treat it like one
  4. Avoid entering sensitive information on public computers and Wi-Fi
  5. Set up alerts

1. Use credit cards, not debit cards for online purchases

While EMV chips are a good start on credit card security, they’re just the beginning. If your credit card issuer or favorite online retailer offers two-factor authentication for purchases, definitely use it, Velasquez says.

The other mistake some online shoppers make: Shopping with a debit card. When you buy online, it’s generally a good idea to use a credit card.

That way, if your account is hacked, you’re merely waiting for the card issuer to restore a line of credit — and not missing much-needed cash, as you would from a checking account. (Federal law says you can’t be held liable for unauthorized transactions that occur after you report the loss of your ATM or debit card.)

Understanding your liability for fraudulent credit card charges

 Some credit cards promise $0 fraud liability, but in 2016 consumers lost an average of five hours and $38 when an existing card is hijacked, according to the Javelin report.

Fortunately, the Fair Credit Billing Act (FCBA) limits your liability for unauthorized charges on your credit card.

Under FCBA, your liability maxes out at $50. But if you’re able to report the loss before your credit card is used, you won’t be held responsible for any charges you didn’t authorize.

Some more good news: If your credit card number is stolen, but not the card itself, you aren’t liable for unauthorized use.

What to do if you spot an unauthorized credit inquiry

2. Keep your credit card and CVV numbers safe

Skip storing card numbers on your online retail accounts. Not only will it help you keep your credit card information more secure, but it’s also a smart budgeting strategy because you can’t purchase with just the touch of a “Buy” button.

“It makes you think about your purchases,” Velasquez says.

Another key aspect of online credit card security is your card’s CVV (card verification value) number.

CVV numbers help limit fraud, and most online merchants require you to enter one along with your card number and expiration date.

But not all merchants use them. You may be risking your own security by shopping with a merchant that doesn’t ask for your card’s CVV number if that merchant stores your credit card information.

3. If your phone is your wallet, treat it like one

If you’re using your phone as a mobile wallet, then give it the security any wallet deserves. Take advantage of the security features your phone maker offers, Velasquez advises.

These features range from iPhone’s touch ID to PIN codes that can keep your phone locked and secure when you’re not using it.

You may also consider getting a mobile security app that will allow you to put an extra password on the apps you use for shopping and banking.

You might find the option included in the security program you’ve installed on your mobile device, like the App Lock feature in McAfee Mobile Security. Or as a free, stand-alone app, like Norton’s App Lock.

4. Avoid entering sensitive information on public computers and Wi-Fi

Public retail and coffee shop Wi-Fi is super convenient, but that doesn’t mean it’s super secure. Our advice? Skip it if you’re engaged in any kind of online activity that involves money, banking or credit cards.

If you insist on shopping and banking when you’re out and about, invest in a quality virtual private network (VPN) service to protect against unwanted data collection.

Even if your Wi-Fi connection is password-protected, that password can be easy for thieves to get their hands on. (Hint: It’s usually at the counter or pasted to the wall.)

Better to go with a VPN that keeps your sensitive information safe from prying eyes.

“And regardless of what network you’re using, if you’re on a sketchy website, you’re going to have a bad experience,” Velasquez says.

Some sites exist solely to collect data and card numbers for criminals, so before you buy, make sure you trust the source.

5. Set up alerts

Most card issuers allow you to set alerts that will text or email when your card is used in certain ways. “Every time there’s a ‘card not present’ transaction, I want a notification,” Velasquez says.

Remember: The faster you report loss or theft, the better. Your liability for unauthorized use tops out at $50 thanks to the FCBA, but If you can report the loss before your card is used, you won’t be responsible for any charges.

Bottom line

First, a disclaimer: While heeding the above points may boost your credit security, there’s no such thing as “fraud-proof.” As technology becomes smarter, so do the criminals. The good news? Consumers are getting more streetwise in the ways of card fraud, too.

In 2013, consumers spent an average of nine hours resolving instances of fraud when criminals used card accounts, according to the Javelin survey. That was cut to four hours in 2015. Unfortunately, it also edged up to five hours in 2016.

By using credit instead of debit cards online, skipping auto-reload options on merchant accounts, setting up mobile alerts for credit card activity, and putting a few extra locks on banking and shopping apps, credit card users are learning to balance security and convenience.

Velasquez’s advice: Just like dressing for uncertain weather, think of credit card security in terms of layers. And pile on as many as you can without significantly hampering what you need to do.

About the author: Dana Dratch is a personal finance writer (and coffee fanatic). She covers credit, money and lifestyle issues. Read more.