As referenced in a previous Privacy Peril, we listed some suggested ways to minimize the risk of potential theft of card information while shopping online. Here are some additional suggestions on how to protect your credit card information:
- Whenever possible, use trustworthy payment services like Amazon, PayPal, Google Wallet, or Apple Pay. It means that the merchant never obtains your credit card info and minimizes the points of interception and storage of credit card information. Even better, use tokenized payment systems.
- Some banks also offer similar authentication and payment processes that result only in a secure connection to your bank's website, eliminating the middle-man for payment (for example, https://www.bankofamerica.com/privacy/accounts-cards/shopsafe.go). Visa and MasterCard also have additional layers of security that you have to opt-in and enroll to use (such as SecureCode and "Verified by Visa") which are similar to two factor authentication.
- Set up alerts so that you are notified of transactions promptly. Even better, start using the real-time notification of charges features of the Visa and Amex apps – you will be notified immediately when the purchase is made and can verify the amount in real-time.
- Check your statements often. As everyone moves to "paperless" statements, it is very easy to skim your card statements and not realize there has been a compromise.
- If possible, shop from sites that are validated and have at least some form of multi-factor authentication combined with up-to-date SSL certificates and encryption (i.e., only buy from sites with the "https" or lock in the browser). Make sure you are on the right site, and not a misspelled URL.