Skip to content

Advertiser Disclosure

Credit Card Insider is an independent, advertising supported website. Credit Card Insider receives compensation from some credit card issuers as advertisers. Advertiser relationships do not affect card ratings or our Editor’s Best Card Picks. Credit Card Insider has not reviewed all available credit card offers in the marketplace. Content is not provided or commissioned by any credit card issuers. Reasonable efforts are made to maintain accurate information, though all credit card information is presented without warranty. When you click on any ‘Apply Now’ button, the most up-to-date terms and conditions, rates, and fee information will be presented by the issuer. Credit Card Insider has partnered with CardRatings for our coverage of credit card products. Credit Card Insider and CardRatings may receive a commission from card issuers. A list of these issuers can be found on our Editorial Guidelines.

Credit Card Security: 9 Do’s and Don’ts for Avoiding Identity Theft

7 min read
Brendan Harkness Michelle Black By Brendan Harkness
Expert reviewed by Michelle Black
Updated Mar 30, 2020
At a glance

To help avoid identity theft, keep your card info private at all times unless you’re sharing it with a verified representative. Manage your accounts carefully, set secure passwords, and monitor your transaction history.

Wanna hear something crazy?

There are 10 trillion possible combinations of credit card numbers out in the universe, and card issuers are only using about 65 million of them.

With odds like that, the statistical likelihood that a criminal will chance upon a valid account number — and then upon your account number — is very low.

But that doesn’t mean you’re out of the woods.

Far from it: Data breaches, identity theft, and credit card fraud have all become more common in recent years, and with most of us living our lives online, you shouldn’t expect that to change.  

In light of these problems, you need to learn how to protect yourself. Here’s what you need to know about credit card security — and how to make sure your cards stay safe.

Insider tip

There are some services you can subscribe to, like Identity Essentials from IdentityIQ and Identity Guard®, that are identity theft monitoring services. These don’t necessarily help you prevent identity theft, but could help you find out if your identity was stolen sooner. Note: We may receive a commission if you sign up for one of these services.

Read more

Dealing With Fraud and Identity Theft

Common Credit Card Security Features

Nearly all credit cards come with the following security features:

  • The basics: All cards used by American shoppers have a signature panel, expiration date, magnetic strip, and unique account number.
  • Signature panel: Believe it or not, credit cards must be signed according to credit card issuer terms. Merchants can refuse to accept cards if the signature box is empty, or if it has the words “See I.D.”
  • Security code: This three-digit code on the back of the credit card (or, for American Express, four-digit code on the front) is required for processing any “card not present” transactions. It’s also known as a CVV — “card verification value.”
  • Chip cards (EMV cards): Unlike cards with only magnetic stripes, chip cards encrypt information at each transaction, making fraud much more difficult.
  • Holographs: These come standard on most credit cards, and are unique to the card network.
  • Usage monitoring: If you make an abnormal purchase — such as for a large amount or in a different location than usual — your issuer may flag the card and take steps to verify the purchase was authentic.

Some credit cards also come with additional security features like:

  • Photos: Bank of America and Citi will add your photo to a credit card upon request. But, thanks to online shopping and point-of-sale keypads, photo cards don’t provide as much security as you’d hope.
  • Temporary purchase numbers: Some credit card issuers — including, again, Bank of America and Citi — allow you to generate single-use card numbers for online purchases. That way, it doesn’t matter if your card number is compromised, since you’ll never use it again.
  • Virtual credit card numbersCertain credit card issuers provide virtual credit card numbers. These are digital versions of your physical card. They’re often provided to prevent fraud and identity theft while shopping online or over the phone. If anything happens to your virtual card, you can delete it and get a new one.
Insider tip

Mastercard and Visa are working on the next generation of credit card security: biometric cards, which use your fingerprint to verify the transaction.

6 Credit Card Security Don’ts

Despite all those security features, you can never be too careful with your credit card number.

Here are six tips for keeping your card safe.

Don’t Use Debit Cards

To put it simply, debit cards don’t offer the same fraud protections that credit cards do. If a thief steals and uses your debit card without your permission, you could be held personally liable for up to $500 or more in unauthorized charges (unless you report the fraud within two business days).

With debit cards, your personal money is on the line for fraudulent transactions. With credit cards, it’s the card issuer’s money. Report unauthorized credit card charges within 60 days and you’ll have zero liability with most card issuers.

It may also be harder to get refunds in cases of debit card fraud — and the associated delays can result in missed bills and added stress.

Learn more about why we recommend credit cards over debit cards.

Don’t Make Transactions on Open Networks

When there’s no password required to access a WiFi network, unencrypted data can be visible to any computer nearby. These other computers may be able to intercept information you’re transmitting and receiving from websites that don’t have “https” in the URL.

That means you could be sending your credit card number or other personal information right into the waiting hands of an identity thief.

Bottom line: Never enter your credit card number when using unsecured public WiFi networks if you’re not sure whether the website uses SSL.

Don’t Share Your Number With Unverified Representatives

“Hello, this is American Express calling. Would you mind verifying your credit card number?”

Identity thieves often call and claim to be from an organization you trust — a fire department that’s conducting a fundraiser, a utility company that’s about to shut off your electricity, an administrator of a contest you’ve won — to trick you into giving them your credit card number. You should also be careful about clicking any links in emails where the sender’s email address looks suspicious.

“Phishing” is another form of fraud that’s common online. With phishing scams, criminals may send emails pretending to be your bank or credit card issuer. These emails may ask for personal information or may provide you with a phony (but realistic-looking) link in an effort to steal your login credentials.

Just remember: If you didn’t initiate the phone call or email, don’t give out your card number.

To check if the request is legitimate, contact the organization via its published phone number or secure messaging system. You may also want to develop the habit of visiting bank and card issuer’s websites directly, not via links provided in emails, out of an abundance of caution.

Don’t Email Your Card Number

Some email hackers employ search tools that scan for strings of numbers likely to be credit card accounts.

Any time you write or type your credit card number and give it to someone in an unsecured, unencrypted manner (including on a piece of paper), you increase your risk of exposure. 

Some businesses, including vacation home websites, ask to hold your credit card number as a sort of deposit or guarantee. While not unusual, this isn’t very safe — and you should seek alternatives.

Insider tip

If you suspect you’re a victim of identity theft or credit card fraud, click here to learn what you can do to resolve the situation.

Don’t Share Your Card Number Where Others Can Hear

Many legitimate financial transactions are conducted on the telephone, and may require you to verbally give your credit card number and other personal information.

If you recite that information out loud, anyone in earshot will be able to use it. It’s best to avoid making these calls in public places.

Don’t Post Photos of Your Credit Card

While it may seem obvious, never post photos of your card online. For example, look at the picture below: Though the woman soon realized her mistake and deleted the image, it lives on in internet infamy.

 

Credit Card Number

Don’t do this.

When it comes to pictures, some people feel safe when they cover the first eight digits of their card. Others obscure the last eight. In either case, it’s a bad idea.

Take the picture below. Hopefully it was a joke, but if not: We have half the card number, plus the expiration date and the cardholder’s name. Since we know all Visa card numbers begin with “4,” and the next five digits identify the bank or card issuer, only two unknown digits remain in the entire 16-digit account number. An enterprising thief could easily figure out what they are.

If you have a legitimate reason for posting a photo of your credit or debit card (which you probably don’t), obscure all the numbers. At the very least, cover the last ten digits, which are unique to your account.

4 Ways to Improve Credit Card Security

We just covered a whole lot of what not to do when it comes to improving your credit card security. Now, here’s what you should do to help keep your credit card safe.

Manage Your Passwords and Accounts Carefully

  • Make secure, unique passwords: Use a password manager, like LastPass or 1Password, to generate and manage passwords for every online account you create.
  • Change your passwords regularly: In addition to creating unique passwords, it’s also wise to change them on a regular basis.
  • Log out after every transaction: Be sure to log out of all online accounts — especially if you’re using a computer accessible by others.
  • Disable autofill: Web browsers will often store your credit card information for you. If you want to be extra cautious, don’t use this feature.
  • Look for “https”: Before submitting your card information online, make sure the website’s address starts with “https://” rather than just “http://”. The “s” stands for secure, and it means information you submit through forms is encrypted.

Sign Up for Additional Protections

Some credit card networks and issuers offer additional protections to online shoppers. You can sign up for Mastercard Secure Code, for example, which will ask you for a six-digit code when you make a purchase.

Similar programs include Visa Secure and Amex SafeKey, neither of which require registration. They work behind the scenes while you shop, occasionally asking you to provide verification for suspicious transactions. Sometimes verification is as simple as replying to a text message.

You can also use payment gateways, like PayPal or Apple Pay, to provide an additional barrier between yourself and online merchants.

Review Your Credit Card Transactions 

You don’t have to wait for your monthly statement to review your credit card activity. Be proactive and log into your account once a week to check for any fraudulent charges.
Credit Card Skimmer Animation
Even small, suspicious charges shouldn’t be ignored. While an unrecognized charge of $1 may seem insignificant, it’s worth looking into. Credit card thieves commonly charge a series of small purchases to see if a card is still active and available for use. If a crook determines your credit card is “live,” then some larger fraudulent purchases may follow.

Credit card fraudsters also use devices called “skimmers” to collect card data at ATMs and automated gas pumps. Skimmers fit over the card slot or PIN pad, and look much like the normal machine. Since they’re hard to detect, it’s important to monitor your bills for suspicious activity. You can learn more about skimmers, and see examples of their authentic appearance, in this post from Krebs on Security.

Review Your Credit Reports

Unauthorized credit card charges won’t show up on your credit reports. However, fraudulent accounts and unauthorized credit applications may.

You should pull your credit reports once a year to make sure they look correct. Quarterly credit checks are recommended, but once a month wouldn’t be considered overkill if you want to add them to your routine. You could also sign up for a credit monitoring service that alerts you to any suspicious activity on your reports with Equifax, TransUnion, or Experian.

Shred Your Documents

Instead of tossing bills, pre-approved credit offers, and other financial statements in the recycling bin, put them through a paper shredder first. These documents may be full of sensitive, personal information that you don’t want to fall into the wrong hands.

Some identity thieves use low-tech methods to steal information, like dumpster diving. Identity thieves could use the information on unshredded financial documents to open accounts in your name, order “replacement” credit cards, and more. Once a scammer has your info, it’s time-consuming and stressful to recover. Since paper shredders cost around $30, we’d say they’re well worth the increased security.

Which Bank Offers the Best Credit Card Security?

No credit card’s security is appreciably better than any other.

The best credit cards all offer strong security measures. As long as you take proper precautions, you should be good to go.

Just remember, no security feature can substitute for user caution, vigilance, and frequent self-monitoring.

Was this helpful?

Credit Card Insider receives compensation from advertisers whose products may be mentioned on this page. Advertiser relationships do not affect card evaluations. Advertising partners do not edit or endorse our editorial content. Content is accurate to the best of our knowledge when it's published. Learn more in our Editorial Guidelines.

Do you have a correction, tip, or suggestion for a new post? Contact us here.

The responses below are not provided or commissioned by bank advertisers. Responses have not been reviewed, approved or otherwise endorsed by bank advertisers. It is not the bank advertisers' responsibility to ensure all posts are accurate and/or questions are answered.