Ask Slashdot: How Do You Keep Your Credit Card Secure? 385
It's easy to pontificate about the best security practices -- but the real test is what we do with our own money. Long-time Slashdot reader Keybounce writes:
So, like most of you, I recently got a new credit card with a chip in it. I was not worried about that -- I know the chips are harder to copy and counterfeit. But I recently discovered that the card is also a radio card -- swiping it near the screen caused an message to show up on the reader. In this case, it told me to use the chip reader instead, but this means it has an active radio signal, and could be "hacked" -- stolen by someone with the right device.
How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?
So leave your own answer in the the comments. How are you keeping your own credit card secure?
How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?
So leave your own answer in the the comments. How are you keeping your own credit card secure?
Shielding, jamming (Score:5, Interesting)
Currently I use an envelope that claims to be RFID shielding. No idea if it works or not.
I have backed on Kickstarter an interesting "jamming" solution, Vaultcard [kickstarter.com], which looks promising.
The current RFID cards - Visa PayWave is one brand - provide the "Track 2" data plus an authentication code from the EMV chip. Quite usable for fraud.
Re:Shielding, jamming (Score:5, Funny)
I am already using Vaultcard but since I carry the cards close to my genitals, I decided to add a layer of protective gearing constituted of a lead casing. It ended up requiring an additional belt that I wear under my clothes so it is not apparent. It is a little heavy and uncomfortable but in the end I feel safe in all regards and proud to be using the latest technologies.
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Use cash for a lot of smaller transactions.
Shielding, jamming... Nope, try disabling. (Score:5, Interesting)
The current RFID cards - Visa PayWave is one brand - provide the "Track 2" data plus an authentication code from the EMV chip. Quite usable for fraud.
Forget track 2 data, the card gives out your name, card number and expiry date wirelessly to anything that asks. That's enough for anyone to start making transactions.
The first thing I do when I get an NFC enabled card is disable the wireless. I do this using a Stanley knife. If you look at your card over a bright light, you can see the induction loop, It then becomes a simple matter of making a small incision into the card to sever the induction loop. No loop, no wireless, card still behaves nicely with Chip and Pin terminals.
I've tested this with an app on my Android phone (here [google.com] but it hasn't been updated in a while and doesn't work with my Nexus 5x). Its also been tested many times by vendors who don't seem to get that yes, it's disabled now stick it in the machine so I can press savings.
Personally I wouldn't bother with trying to shield or jam it as malicious devices are most likely to be placed on terminals, ATM's and other places where you'll have your card unshielded. If you don't want your card to be exposed, disable it completely.
Re:Shielding, jamming (Score:4, Interesting)
Do you really think that the banks would have added a feature that makes fraud as easy as pointing an antenna at people walking past? Where are the crime waves of people draining accounts with concealed card readers? How come it's been in use for over a decade in some parts of the world and they haven't noticed this massive flaw in their security?
Unless US banks are uniquely incompetent with their card design I think this is just paranoia, whipped up by click-bait articles.
Re:Shielding, jamming (Score:4, Insightful)
Do you really think that the banks would have added a feature that makes fraud as easy as pointing an antenna at people walking past? Where are the crime waves of people draining accounts with concealed card readers?
Why yes, I do. It has been demonstrated numerous times, and is easy to reproduce on your own with inexpensive equipment. The specs are public (have you read them? I have.) Even EMV chips send your card information in plaintext - any encryption needs to be added by the terminal. You may not have read much about it as RFID cards are still uncommon in the US, but that is changing. The specs for this and EMV are more than a decade old and were designed for the banks' convenience, not your protection.
US banks have shown a singular unwillingness to invest in technology that helps their customers. In the US they fall back on "zero liability" terms that mostly shield customers from direct financial losses but then pass on the cost of billions of dollars of fraud to all consumers and merchants.
Re: (Score:3)
So in the US you have vast amounts of walk-by contactless card fraud? How come it doesn't get reported?
Re: (Score:2)
Re:Shielding, jamming (Score:5, Insightful)
I wouldn't even fret over it at all, and indeed those little sleeves are a total waste of money.
Current credit card laws limit your liability for fraudulent transactions to $50. But that's not all: Every bank that isn't shitty takes that a step further by making you liable for nothing at all. Really, I haven't even seen a credit card offer that has a non-zero liability clause. I'm sure they exist, but you'd have to have downright awful credit to have one of them as your only option.
That said, a much bigger risk (indeed by far the biggest risk) of getting your credit card information stolen is when you use it to buy something on the internet and the merchant's PCI database is compromised. This has happened numerous times to me, by the way, and you know what it has cost me in my entire lifetime? Not a single red cent.
Typically it goes like this: My bank calls me and notifies me that somebody all the way on the other side of the country in a state that I've never been to tried to buy something expensive on my card within minutes of me buying chips from a vending machine. Obviously something wrong there, so they call me and list the most recent 5 or so transactions and ask me if I made any of them. If the answer is yes, then there's no problem. If the answer is no, they deactivate my card and send me a new one, and have me fill out a form telling them which transactions showed up on my bill that are ones I didn't make. I just tell them which ones aren't mine, and they simply remove them from my statement.
That's it, no problems. The only inconvenience is that I'm out of a credit card for a few days, but that's ok because in addition to my mastercard that I use practically everywhere, I also have an Amex card that I occasionally use for its occasional incentives, and I can continue using it until my new mastercard arrives in the mail.
No need to waste money on a sleeve, and no need to have to pull it in and out of the sleeve when I need to use it.
Re:Shielding, jamming (Score:4, Informative)
Indeed - all that fraud just gets passed on to the vendor/retailer. Unfortunately, those retailers have absolutely no way to measure the 'fraudiness' of a card transaction, so can't decide to decline something on their own - they have to ask the Bank to make that choice for them. When the bank makes the wrong choice, the retailer pays.
In the UK we have some (relatively new) financial industry rules that include 'treating the customer fairly'. I wonder how long it will be before some credit card banks get held to account on that basis, but until then, banks control everything and pay for nothing.
Re:Shielding, jamming (Score:5, Interesting)
But consider what happened to me last year on the first day of a two-week international vacation. I got a notice from my primary card bank (Chase) that my card had been compromised and that they would cancel it and send a new one. The problem was that I was depending on this card (which has no foreign transaction fees) and I would be moving around every two days meaning that it would be difficult to get a new card to me quickly. They did offer a compromise - disable any card-not-present transactions and had me list which countries I would be in, until I could return home. I had several online purchases outstanding so I had to scramble to fix those, and even then I missed one of the countries I would be in and had my card declined twice before I figured out the problem.
I am sure this case was a leak from a merchant that stored card data insecurely, or maybe a skimmer somewhere. That card did not have RFID. We really do need to move quicker to a tokenized system. Even so, it was more than a minor annoyance to me.
Re: (Score:3)
Disable "card not present" should be available to end user as a check box in their online account settings.
That, and single use numbers for online transactions.
Of course, the banks don't give a shit about security so don't offer that stuff (for the most part.)
I fail to see why _I_ should care if some retailer gets fucked. Maybe the retailer should be pressuring the banks to fix it.
Tinfoil (Score:3, Informative)
Turn it off (Score:4, Interesting)
We just asked our bank to have it deactivated and they did.
Re:Turn it off (Score:4, Informative)
That does very little good. The info that can be obtained with a reader is still usable for making charges to your account.
Re:Turn it off (Score:5, Informative)
Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.
You could actually read about EMV, the specification is public. It's fairly clear you haven't.
Re:Turn it off (Score:4, Interesting)
Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.
You could actually read about EMV, the specification is public. It's fairly clear you haven't.
Actually, it contains your card number, name and expiry date.
Everything you need to start making transactions online.
I have to wonder why people still think that card cloning is a credible threat these days... Card fraud moved online years ago, far better return on effort.
Re:Turn it off (Score:5, Informative)
It doesn't include the CVV2 that will be requested even by very low risk online retailers. You might be thinking, "But this field right here is labelled CVV" and it is, but there are like four CVVs for a modern card, and that's the wrong one. The one you need online is CVV2, which is the one written on the back of the card but not stored on the card itself.
This happened because cards _used_ to have just one CVV, baked into the magstripe, so you could tell you had a "real" magstripe read, not one based on just reading the digits off the card, but if people got the CVV elsewhere they'd fake that out. So the "fix" was to have a different value for CVV in each place, and check you got the right one. So there's a CVV for EMV chip transactions, a CVV for the magstripe and one written on the card for online.
Re: (Score:3, Interesting)
Pretty much every week I place online orders with merchants that don't ask for CVV2. While it is true that the RFID data doesn't include CVV2 (it has a digital signature code created by the EMV chip), what is sent is MORE than enough to commit wide-scale fraud.
CVV2 (Score:3)
CCV2. Isn't that the number you give to EVERY MERCHANT you buy from, along with number, name, and expiration date? How in the world are thieves ever going to get a hold of that VERY SECRET number?
Don't care, not my card, card issuer's problems. (Score:5, Insightful)
I could care less. If I see fraudulent transactions I call AmEx and I get a replacement card next morning. No need for me to go out of my way to keep a card that provides access to someone else's money secure.
Re:Don't care, not my card, card issuer's problems (Score:5, Informative)
Exactly. Why is this my problem? I am not liable for fraudulent charges.
Re:Don't care, not my card, card issuer's problems (Score:5, Funny)
I am not liable for fraudulent charges.
Sometimes you are. I was fraudulently charged $19/month for several months by Travelocity. I disputed the charges through Bank of America, and BOA told me that Travelocity was their "marketing partner" so the fraudulent transactions could not be reversed. I cancelled the credit card, closed all my BOA accounts, and switched to Wells Fargo (the only other bank within bicycle distance of my house). I also never again used Travelocity for anything. I periodically go into the local BOA branch and steal their ink pens.
Re: (Score:2)
What that a debit card or a credit card? Had you given the card number to Travelocity?
Re: (Score:2)
What that a debit card or a credit card? Had you given the card number to Travelocity?
It was a credit card. Yes, I had been a previous customer of Travelocity, and they had my CC info. They did NOT have my permission to sign me up to any paid marketing subscription for $19/month (which is what they did).
Re: (Score:2)
BoA (previously Bank of Italy) are Big Assholes well know for their abuses of customers. Never ever do business with them.
Re: (Score:2)
You pay fees and interest on your credit card? You are doing it wrong.
Re:Don't care, not my card, card issuer's problems (Score:4, Insightful)
Then why are you trying to explain how they work?
A responsible credit card user pays their bills at the end of the month and doesn't rack up interest of fees. And, no, they do not raise the fees to the vendor, in fact they have recently lowered them since they have had their ass reamed in lawsuits for overcharging.
Yes, VISA, etc charges a small fee for transactions, they make a (sometimes too healthy) profit, but fraud protection is one of the major FEATURES of using a credit card. Go pay cash to a shady person for something and then try to get your money back later when you got screwed. Use a credit card? If it was the vendor's fault you will get your money back.
Re: (Score:2)
Re: Don't care, not my card, card issuer's proble (Score:3)
It's not even necessary to have a bank account with the same company that you have a credit card with. So your bank account is not linked to your credit card. You still need a convenient way to pay off your credit card, like electronic payments from your account to your credit card or whatever works for you.
* at least this is how it works in Canada, but for whatever reason we seem to be ahead of the US in terms of credit card technology based on what I've been reading (no pin? no tap payments? You still nee
Re: (Score:2)
Do they still use the number generation scheme where anyone can predict the next number of your card, thereby making it easy to continue the fraud?
Re: Don't care, not my card, card issuer's problem (Score:3)
Exactly! I see all of these concerns about credit cards. WHO CARES! You'll never be responsible for paying a fraudulent charge. The hardest thing you have to do is read over your bill at the end of the month and most times your card company will notify you of sketchy activity.
IMHO credit cards are more secure than cash. It's easier to keep track of spending, if you lose your card you get a new one, if somebody steals it you get a new one. Same is not true for cash.
I don't (Score:5, Informative)
It's really not my job to go the extra distance to improve their security. The card is the way it is, and if it's good enough for the banks, it's good enough for me.
I've had the card cloned a couple of time in the last five years, and it was never more than a minor inconvenience. Call the number in the back, tell them that I didn't spend $2000 on a strip club in Mexico, and they send me a new one.
Re: (Score:2)
I've had the card cloned a couple of time in the last five years, and it was never more than a minor inconvenience. Call the number in the back, tell them that I didn't spend $2000 on a strip club in Mexico, and they send me a new one.
Or in my case, get an email from Amex basically telling me, "we didn't think you spent $2000 on a strip club in Mexico, so we have blocked that transaction for you. We'll be sending you a new card".
Re:I don't (Score:5, Funny)
Don't they kick you out when the transaction is denied?
If you are paying $2000 in Mexico, you are going to the wrong strip clubs. Try walking more than 1 block from the border.
Re:I don't (Score:4, Funny)
Just make sure to remember to put your plane ticket to Mexico on another card!
Re:I don't (Score:4, Informative)
Same here, I secure my card by handing it to waiters in restaurants who disappear with it, using it in retail stores where employee turnover is atrocious, and shopping on the internet. About once every 4 years (on average) we get a charge we didn't make on the bill, we tell the company ASAP and it gets reversed and we get a new card number.
We were included in the recent Target and Home Depot attacks, nothing happened until about a month ago, then we got a $900 charge from COSTCO - impressive since we don't have a membership.
Re: (Score:2)
That's the way I secure it, with one addition: I have a local credit union that prints cards on demand. I see a fraudulent charge, wander down on my lunch break, sign a form, they print a new card, shred my old one, and their website even notes things that look like reoccurring charges and nudges me to update my card for those places whenever the number changes. Hard pressed to beat service like that!
Re: (Score:2)
Well, if you've got a bad taste from BoA, why not try switching? We've been happy with PNC, and similarly happy with the GM Card through Household bank before that (until we realized that we are likely NEVER going to buy another new car again, and if we do it probably won't be a GM, so that $5K perk balance was actually worthless.)
Re: (Score:2)
Re: (Score:2)
There is no risk to the bank either, only the merchants get to eat the fraud.
Re: (Score:2)
They might not buy it a third time.
Hole punch (Score:4, Interesting)
When I last had a card like this, I just took a hole punch and punched out the RFID chip. they're pretty easy to locate (small square divot, usually right near the RFID symbol printed on the back of the card). You can also pry them out easily with a razor blade if you don't want a hole all the way through the card.
Snipping out the RFID chip shouldn't affect the smart card chip in any way, since they should be totally unrelated mechanisms. I could be wrong though - I haven't seen an RFID included in a modern chip card yet.
Re:Hole punch (Score:5, Interesting)
Snipping out the RFID chip shouldn't affect the smart card chip in any way, since they should be totally unrelated mechanisms. I could be wrong though - I haven't seen an RFID included in a modern chip card yet.
You are mistaken - the RFID chip is connected to the EMV chip - may even be the same chip nowadays. This wasn't always the case, but is now. The RFID data includes an EMV-derived authentication code like the CVV.
This had all been theoretical for me until Costco replaced my Amex card with a Visa that had PayWave (RFID). I did a LOT of reading then!
Re:Hole punch (Score:5, Interesting)
PayWave is awesome. You just tap the card on the terminal (or near it) to pay, no pin, no signature.
Of course some people will freak out, just like they freaked out when chips came out ("what the devilry is this!"), but it's hugely convenient. Credit cards companies already have very customer-friendly policies for fraud and scams, this is just making things even easier with no risk for the card holders.
I've learned from past experience to have 3 credit cards: 2 in my wallet, 1 at home, that way if one gets compromised I have options until I get a new card. That's a minor price to pay for the convenience.
Re: (Score:2)
PayWave is awesome. You just tap the card on the terminal (or near it) to pay, no pin, no signature.
That it is - I have used it once so far, at a Walgreens, and it was very speedy. Not too surprising as it's effectively the same as swiping - there's no challenge-response sequence as there is with a chip-based transaction. Indeed, Visa's specs for PayWave require a response in half a second.
That said, I very much prefer tokenization systems such as Apple Pay and I find that is almost as fast as PayWave. (PayWave is Visa's brand name for RFID transactions - other card issuers use different names, but the un
Re: (Score:2)
That ease of PayWave sounds like it makes an ideal target for the attacks listed upthread. What's to stop someone with a hand-held RFID reader designed to lift data or even run fraudulent transactions as they pass you in a crowded store or subway or whatnot? You might even get a free grope if you keep your wallet in your back pocket.
party pooper much (Score:2)
Money made it easier to trade, but I'm sure back then someone like you complained that it would be easy to steal. Then checks, and bank wires, and credit cards, and ATM. Always the birds of ill omen came out and spewed their "they gonna steal it" mantra.
With credit cards we've finally reached a point where for the most part the risk is not on the small guy's side of the equation. But instead of rejoicing and embracing the convenience of technological progress and the risk-free high speed transaction mechani
Re: (Score:2)
I find it easier to mitigate the damage. (Score:2)
I've watched my friends get hacked countless times. In the end everything gets taken care of, but for those few days while everything is cancelled or locked down they're broke. Which makes it hard to buy diapers. But fortunately they've got family in town. (I keep lecturing them about using cards at gas stations...)
I've been the victim of credit card fraud once. But I've had cards preemptively cancelled multiple times because they were used at companies that got hacked (target, home depot, etc) I've a
Re: (Score:2)
Well, you simply need to be prepared for disasters. That's all there is to it. Your entire bank can get shut down. You need a plan for when this sort of thing happens. Don't keep your eggs all in one basket and keep some cash around.
Why? (Score:5, Insightful)
I might worry about it if I were to go to the Olympics or something else with lots of international tourists, the best ones to skim, but for regular everyday use, the chance of you being skimmed rounds to zero, and if it does happen, you are blameless.
Re: (Score:2)
For me, yes. Local credit union. 1% cash back on everything, no annual fee, low interest on the card. I make $50-$100 a year from using my credit card. The wedding year we broke $200. My cards have been compromised a number of times in the last year or two, and it seems to be a mixture of local skimmers plus Russian gangs brute-forcing card numbers. I had a brand new card used to buy $35 of McDonalds in St. Petersburg before I had used it more than 2-3 times locally, which leads me to believe that there's s
Re: (Score:2)
Where are you paying money for your cards/accounts?
but this means ... or does it? (Score:5, Interesting)
Maybe you are not presenting your experience with proper English, but if you swiped the card and were then told to use the chip reader, that does not imply that the card has any RFID capability. It simply means that the swipe passed along enough information that the reader learned that there was also a chip. I've seen this on multiple credit cards and have confirmed that the card has no RFID. Maybe you shouldn't have used the word swipe and only mean to say that you were told to use the chip when you got the card near the card reader, but if you actually swiped it then you know nothing about if RFID is present. It does not seem to be as common as many fear mongering commercials for cheap crappy wallets would have you believe.
As to what to do if your card really does have RFID, I suggest doing the same thing that I do with my card without RFID, keep a close eye on your charges and alert the issuing bank if there are any discrepancies. Beyond that, don't worry. It is the problem of the idiots who put RFID chips in the cards if their cards get sniffed, and it is the problem of the issuing bank if they accept bogus charges on your card. Your only issue is to not be completely stupid and pay the credit card bill without checking it for accuracy (and there are certainly some people who do).
Get a credit card which notifies on each charge (Score:5, Insightful)
The 16-digit system is ridiculous. If you're going to use your card online, or in restaurants, etc. your card number is quasi-public.
Two of my cards have an option which sends email and/or SMS and/or app-notifications upon every transaction, accepted or denied.
I caught a bogus attempted charge last month - this saved a lot of exposure & aggravation. It also informed me last week when my personal activity caused my card to be suspended ( several international charges, different countries in the same hour). CapitalOne, Discover, & Chase offer this, and I assume some other competitors do so as well.
Re: (Score:2)
The problem with chips (EMV or RFID) is that the banks are pretending they're "secure" so any charge done by EMV/RFID is actually yours unless you can prove otherwise. Sure, the merchant will still eat the charges but it's a heck of a lot harder to dispute than a swipe.
Re: (Score:2)
Re: (Score:2)
This won't happen. Cards get stolen all the time. The only time I see problems with a CC vendor is when
1. They have the card
2. They used a PIN (we have pins here)
Since these two pieces are essentially never together illegitimately, there's never problem. A hacked pin pad can get you #2, but you still have your physical card. Stealing can get you #1, but the pin isn't on the card (challenged against online). Pretty much the only way it happens without specific permission is if your card is stolen after using
Re: (Score:2)
Mint.com does that across all your banking options (cc, debit, checking, etc), they also email you when you pay an unusual bank fee. All free.
It's an amazing service. I love getting that weekly "can you guess on what you've spent the most money this week?", it makes me realize when I go on spending benders.
Re: (Score:2)
You said it first. I do the same thing.
My own testing (Score:2)
I have a chip and RFID enabled card, and of course the first thing I did when I got it was to test what could be pulled from the card with tools available.
Interestingly enough, the thing you can pull from both the chip and the wireless are general details of the last 10 transactions placed on the card. This in and of itself is only a small part of what you would need to get access to funds - I think you would need keys and application access (in RFID parlance) to access that part - but having the last 10 th
check your bill (Score:2)
Re: (Score:2)
Vigilance, that's how (Score:2)
Criminals have committed fraud with credit cards for a long time. They will continue to do so, no matter what technologies we use to protect our cards. And we will continue to use credit cards despite this, because they're convenient.
Check your statement every month, and report fraudulent charges. I have never had a problem getting fraudulent charges reversed. Also, credit-card companies have an interest in avoiding fraudulent charges, so many employ analytic algorithms to detect suspicious charges, and con
Citibank does ok. (Score:3)
It ain't perfect but they have about as much interest in it that I do, on a statistacial basis. In a very personal perspecitve, it may seem like they don't give a shit. But thinkg about it. It ain't worth spending 1% of your money to stop thieves from stealing 0.5% of your money, just like it ain't worth crawling under a car for a dime or quarter or dollar you dropped in the parking lot (depending on circumstances).
Problem with perspective is that the folks stealing from citibank aren't stealing 0.5 % from each customer, which would be "allowed" or ignored at least, they are stealing everything (identity theft and all bank accounts) from 118 specific people--who are really pissed off for excellent reasons.
Identity Theft Victim Here with My Insight (Score:4, Informative)
Here is how to stay out of trouble.
1. DO NOT USE YOUR ATM CARD ANYWHERE, EXCEPT AT THE BANK THAT ISSUED IT IN THE LOBBY.
2. Feel free to use your credit card anywhere, AS LONG AS YOU CHECK THE MONTHLY STATEMENT AND DISPUTE ANY CHARGES.
3. Anywhere especially seedy, PAY CASH or use a Green Dot Card from Walmart money card loaded with the exact amount.
4. Only use checks for re-occuring variable bills like phone, gas, electric so an error can no clean out your bank account. Some phone cable and phone companies occasionally have problems with sending customers erroneous $1000 monthly bills.
5. Do not use online banking. Make sure you have it turned off.
6. Make sure you have an ATM only card that can not be used as a debit card. This means it only works at ATM machines.
7. Setup all fixed cost bills, mortgage, car, insurance, student loan for auto pay so you don't need to use online banking or write a check.
8. Do not let money pile up in your PayPal account. Paypal is not a real financial institution and can play games with your money and you have very little protection.
9. Bank with a real bank, an 800 lb. gorilla like Chase that has 24-hour fraud people.
10. Keep a copy or scan of all documents/cards in your wallet. If you wallet gets stolen you can quickly cancel everything, instead of trying to figure out what was in your wallet.
11. Pay your credit card off EVERY MONTH, no exceptions. 20% interest is for suckers. If you can't control yourself, set you limit for what you are able to pay. NEVER carry credit card debt. NEVER.
The safest forms of payment are:
1. CASH / Walmart Green Dot Money Card
2. Credit Card
3. Check
4. ATM Card
Why do I make these recommendations?
1. Cash can't be hacked.
2. VISA provides you with protections to dispute charges. That means if you get hit with a charge, you can dispute it and during the dispute period you aren't out any money, unlike bank fraud. If a vendor is getting a lot of chargebacks from VISA, they will figure out they have a hole in their system and fix it or go out of business.
3. Your ATM card connects directly to real money. If you have Autopay setup and someone hacks your ATM/Debit card, you could be in a world of hurt because your account might get emptied out and there would not be any funds available to pay your bills. This is a bad, expensive situation.
4. Your checks have a magnetic toner on the bottom with your bank routing number and bank account number. With these numbers, someone could possibly access your account. Only use checks for variable payments like phone, gas, electric.
5. If you need to buy something that you don't want associated with you directly, get a Walmart Green Dot Card. This is great in case you are in need of a burner phone or other untraceable payment. By law you are supposed to register these cards but Green Dot will still allow you to use it but will deny you a personalized card. Many illegal/undocumented immigrants use these cards. These cards can be sketchy and prone to fraud, so buy it, load it, and spend it as soon as possible.
If you have any questions, let me know and I will check this thread again. Be smart. Guard your privacy, credit score, and your hard earned money.
Re:Identity Theft Victim Here with My Insight (Score:5, Insightful)
Sheesh. Apparently you omitted the part where you hire an armed security force and an assistant who carries your cash in a briefcase handcuffed to his wrist.
No way I would live that way. Keep most of your money in an account separate from the one you pay stuff out of day to day. That should do it.
Re: (Score:2)
Much of this isn't terribly bothersome and some of it actually ends up being more convenient. Some of it's a little paranoid but not much. Mostly just be mindful of the risks of using each type payment.
You can sum up most of it with "Credit card risk is very limited and anything tied to your bank account is terribly dangerous".
Re: (Score:3, Insightful)
Yeah, you're a paranoid fuckwit. Bank with a non-abusive company and don't be a dumbass.
If you're using a bank, you're using an institution that is probably trying to fuck you. Don't do that. Pick a local credit union instead. Better service, better rates, less ass-fucking. My wife and I both push a monthly amount to a joint account which is tied to our bills and debit cards. I noticed fraud on that account recently. Went to the credit union at lunch, told them that I didn't know what card it was o
Attack dogs (Score:2)
I got 3 attack dogs to guard it. I keep my wallet in my right back pocket and one of the attack dogs in each of the remaining 3 pockets.
Seriously, you must have a really problem-free life if this is what you spend your time on. If you're really, sincerely worried about your RFID credit card getting hacked, I'd suggest a talking to a psychiatrist. There are medications to help you so you don't always have to worry about everything all the time.
Why do you need to? (Score:2)
Serious question from an European viewpoint: If I have bookings on my statement that I do not recognize, I request the original receipt. If that does not show up, my card is not billed. If it does show up bit does not have a signature or a fake one, my card is not billed unless the merchant can actually prove it was me making the purchase. In case of fraud, he obviously cannot. As long as I do not cancel bookings fraudulently, my card or credit-rating is not in any danger. I did have my card replaced a few
Re: (Score:2)
If you see a charge you don't recognize, you tell the bank immediately and it gets sorted. Your total risk is limited. It doesn't impact your credit rating.
If the CC company is good enough, they will overnight you a replacement card.
Although as others have said... if your card issuer is really diligent they will recognize a strange pattern themselves and tell you first.
Re: (Score:2)
Thanks for the info, that is what I would expect. So what is the problem here? People that do not read or do not understand their credit card statement?
Highly secure location. (Score:2)
Review your statement (Score:2)
not responsible for fraudulent charges. review your monthly statement; contest unknown activity.
I don't get it... (Score:2)
How are they confusing? You insert the card and enter your pin. How are they slow? You wait 5 seconds or so and then you're done. How are they insecure? While only ten thousand pin combinations is not much for a computer to crack, more than a few invalid attempts locks out a card from
Re: (Score:2)
> You wait 5 seconds or so and then you're done.
5 seconds is an eternity for a computing device.
I find it certainly conspicuous. Although it doesn't quite raise to the level of annoying.
Re: (Score:2)
Half the companies decided that PINs are too hard, so they went with signature instead. So instead of swiping and then signing, you insert, wait, wait, it beeps. You push a button. You sign. It asks if you want cash back. You say fuck off. You pull the card out, it beeps saying that you ruined the transaction and that you need to do all that shit again.
You see, we largely didn't implement chip-and-pin. We replaced the quick swipe and sign with an insert of the chip card, and then layered a bunch of
easy (Score:2)
Check out this one weird tip; fraudsters hate him! (Score:2)
I keep my credit card secure by posting the number online and linking to it as the article in my Slashdot submissions, thereby ensuring no one will ever read it.
Don't have or need a credit card (Score:2)
I live without a credit card. I do have a debit card though. I keep it secure by keeping it on me. If you can get it from me, then I guess you earned it.
Re: (Score:2)
So you choose to use a card that provides less legal protections to you?
SignalVault (Score:2)
This. Tested and works. http://www.signal-vault.com/ [signal-vault.com]
My card leaks visible spectrum radio signal also! (Score:5, Funny)
I recently found out that my card was leaking radio waves in the visible spectrum! This is really nefarious because the radio waves do not actually originate from the card itself. When a store, hacker, or other third party sends radio waves in the visible spectrum towards my credit card, the card returns the signal back to a wide range of locations with the user's name, the credit card number, and even the cvv code on the back!
The worst part is that there are even visible spectrum enhancers on the market, which turn the radio signal, which is usually only decipherable at 2-3 ft, into a signal that can be deciphered from 30-100 ft. I can't even believe that these things are legal, or that the card returns these radio waves in the visible spectrum!
The world is going to hell in a handbag!
Re:My card leaks visible spectrum radio signal als (Score:4, Funny)
You're overreacting. The technology to block that portion of the spectrum has been integrated into wallets for centuries. It's quite neat tech - google for leather.
Re:Easy (Score:5, Interesting)
If you cannot afford to buy something with cash, then you can do without it.
There have been serious suggestions here in Norway to forbid cash payments for various things. This includes buying tickets from bus drivers, paying at restaurants and for purchases above some threshold (think 2000 USD and such).
The bus drivers don't want to have cash because of robberies, the tax administration wants to make it harder for restaurant owners to cheat, and the police wants to make it harder to launder money.
We're not there yet, but I'd say it's coming soon.
Re: (Score:3)
Not going to work in all cases. Some people would revert back to things like gold or some digital currency for trading. As long as you can bribe people to launder the profits for you, it keeps on going. A better approach could be to fix the system and the people keeping it in its current version.
Re:Easy (Score:5, Insightful)
If you cannot afford to buy something with cash, then you can do without it.
There have been serious suggestions here in Norway to forbid cash payments for various things. This includes buying tickets from bus drivers, paying at restaurants and for purchases above some threshold (think 2000 USD and such).
The bus drivers don't want to have cash because of robberies, the tax administration wants to make it harder for restaurant owners to cheat, and the police wants to make it harder to launder money.
We're not there yet, but I'd say it's coming soon.
A card-only system is the perfect surveillance solution. Not only does it reveal everything that you've purchased and from whom, but the time and location as well.
Presidents Putin and Erdogan recommend them!
Re: Easy (Score:5, Insightful)
Re: (Score:3)
What has being able to afford it got to do with anything? I buy pretty much everything with a credit card that's paid off automatically by direct debit. I get 1% of everything I spend directly as cashback, I get 15-45 days of interest-free loan so that the money that I've earned can be sitting in an interest-earning account for longer, and I get various forms of consumer protection (the card company will reverse transactions if the seller doesn't comply with various regulations regarding after-sale suppor
Re: (Score:2)
You could also just be a minor.
There are so many trivial economic transactions that suddenly become bothersome the moment you force a middle man into it.
Also, there's no reason to belittle or exclude the poor.
Re:The PNOs are clueless (Score:4, Insightful)
Honestly, the best you can do is to use a system (like Apple Pay) that uses a device specific PAN for your transactions.
Or you could use a PIN, with is how chip+pin was designed to be used, and how it is used in other countries that have far less CC fraud than America.
Re: (Score:2)
CC fraud in the US is more likely an inside job. We should be very suspicious of all these stories about hacks and breaches into their systems and so-called "stolen" money, such things make very effective electronic "drop points". They leave the door open and tell the cops someone came and stole all your shit. Every little glitch, "Oops, so sorry, your balance has been corrected. By the way, we are raising our fees a bit to cover our new 'anti-fraud' features." We know the nature of their business [cnn.com].
It's time [latimes.com]
Re: (Score:2)
The PIN doesn't make any difference between easy-to-skim/hard-to-skim. The chip makes it virtually impossible to clone a card issued by a bank that properly authenticates its cards, meaning skimming is worthless for creating cloned chip cards. The US will continue to have problems with skimming until online/card-not-present security can be solved, and that doesn't matter if the card technology uses PINs or signatures.
Other countries no longer have cloning problems, but they all have had massive increases i
Re: (Score:2)
Keeping it secret is difficult. A customer decided to add credit card transactions to the booking and reservation program when their service contract was up. Shouldn't be a problem i thought but I was told about it only 4 hours after implications. Their software couldn't negotiate the proxy properly so I went on site. After double checking settings with no luck, I decided to sniff the packets to see if there was a clue there. Immediately I noticed they were sending the CC information in clear text. They act
Re: (Score:2)
Both my Citibank and Bank of America cards have this feature. Set the limit and the expiration date. Only the merchant who initiates the first charge can charge to it again (I don't think either one offers "allow only one charge" though). You can close the number at any time.
Re: (Score:2)
I don't see it as a disaster. I didn't see the old state of things as a disaster either. I think that media outlets just need to manufacture excitement in order to sell ads.
I'm not sure what this lot has to steal really...
Re: Pay Cash for everything! (Score:2)
Get a load of this guy.