Using your credit and debit cards wisely
Preventing Online Identity Theft
by Gary Foreman
Online identity theft has become a massive problem for the stores, for the banks that issue cards, and for the consumers who use them. Yet, online shopping is a convenience that few of us want to give up. So what can you do to prevent or at least minimize online identity theft?
To help us learn how to avoid online identity theft, we contacted Shaun Murphy. He's an expert in security and privacy.
Q: How frequent is identity theft that is caused by online shopping?
Mr. Murphy: This year alone has seen documented cases of identity theft north of 500k individuals for online shopping and banking and upwards of 100 million individuals for the highly published (and forgotten) medical/healthcare breaches. This is according to a group that tracks these issues and releases summaries and stats for these id theft issues.
I'd like to highlight that these are the documented cases. Undocumented or cases not reported are obviously impossible to track at scale.
Q: You suggest using throwaway debit cards. What can be done to minimize the fees that they charge?
Mr. Murphy: Certainly credit cards are king when it comes to protection and convenience, but a theft of your credit card number will require you to change automatic billing, re-establish online shopping accounts, etc.
These prepaid debit cards are great tools if you do your research. Look for the fees they charge. Some of them have a fee per transaction, so you'll want to only use these cards for fewer/larger purchases.
An activation fee is very common across all the ones I have seen. Generally a $3 to $4 charge to activate the card is added to the amount you want loaded on the card. These cards will also have a reload fee, which is slightly lower than the initial activation so don't throw away the card when you're done. Instead, you should save it for a future reload. If the reload fee is the same, shred the card when done!
This is not an ATM card, so do not use it as such. If you have any remaining balance on these cards, you should convert them into online gift cards like Amazon for example.
Load the card and use it fast. Don't let these things sit for months or years.
Write the card information somewhere secure. If you lose the physical card, you can always convert it to an online gift card versus paying some huge card replacement fee.
You'll also want to make sure they do not allow over-drafting or going negative on your balance. Steer clear of any prepaid card that asks for SSN or banking information to register. The only registration you should need is at the point of sale at the store.
Keep in mind these things can be a very useful tool to shield your personal accounts, but they are not a replacement for credit cards for day-to-day use. For replacing that vulnerable credit card, I recommend going digital. Check out Apple Pay.
Q: Can credit cards with low limits be used safely for online purchases?
Mr. Murphy: It really depends on the card and what else you use it for. If your card has a $200 limit and you use it to buy groceries in addition to your mobile apps account, you might find yourself unable to buy groceries if your card was stolen or used for malicious purposes.
Q: How do thieves use your online purchase to steal your identity?
Mr. Murphy: There are a few ways. The first is if they have direct access to your account details like your home address, phone number, account number, expiration date, etc. This gives them enough information to call your bank and, given some social engineering skills, change the billing address and issue new cards. That's the first step in becoming you.
Perhaps they don't have your account details. What if they know the high school you went to, your first pet's name, your best friend's name in grade school? Remember those security questions online sites ask you? If they have that information and social engineering skills, they can reset your password on sites and take over your online self. Once they have access to your email account via this process, they can easily reset/change any and all passwords to all of your online accounts. It's scary and it happens
Q: How important is it to only shop at secure sites?
Mr. Murphy: That is crucial. If you're buying something online and the site isn't secure (has a lock icon in the URL bar or says https with no X or error symbol on there), then you're at tremendous risk for personal information leakage. If the site isn't secure, anyone on your network, on their network, and anywhere in between will see your information transmitted in plain text (human readable credit card numbers, expiration dates, etc.). It doesn't matter if the site is trustworthy; your connection to them is not.
Now the site itself may be storing all of your information in the clear, which happened to Target a couple years back. If they get hacked, you get hacked. Big online retailers spend big bucks making sure that does not happen, but you have no visibility if smaller sites are secure on their end. That's why it's so important to shield your payment and personal details.
While there's no way to completely prevent online identity theft, you can take some measures that will make it less likely that you'll become a victim.
Reviewed December 2017
Take the Next Step:
- Get familiar with these top 10 signs of identity theft.
- Discover more smart ways to prevent identity theft by visiting the Dollar Stretcher Library.
- How to prevent and avoid Identity Theft? IdentityForce.com works. Get a 14 day FREE trial today! Protect what matters most.
- Get control of your financial life. Subscribe to Financial Independence, a free daily email that provides you with the tools to help you gain that control and achieve financial independence. Subscribers get a copy of Are You Heading for Debt Trouble? A Simple Checklist for FREE!
Shaun Murphy is CEO of Private Giant and recognized as an expert in security and privacy. He began developing and deploying commercial and government communication systems where there's such a great push and investment for privacy and security in 1995. Today he's concerned with the amount of personal information that the tech giants (Facebook, Google, and such) acquire, accumulate, and correlate about us even if we never consented. He's devoted his work into making technology more secure for the users. You can find him at PrivateGiant.com or on twitter @PrivateShaun.
Gary Foreman is a former financial planner and purchasing manager who founded The Dollar Stretcher.com website and newsletters in 1996. He's been featured in MSN Money, Yahoo Finance, Fox Business, The Nightly Business Report, US News Money, Credit.com and CreditCards.com. Gary shares his philosophy of money here. You can follow Gary on Twitter. Gary is also available for audio, video or print interviews. For more info see his media page.
Share your thoughts about this article with the editor.