Credit Card Insider receives compensation from advertisers whose products may be mentioned on this page. Advertiser relationships do not affect card evaluations. Advertising partners do not edit or endorse our editorial content. Content is accurate to the best of our knowledge when it's published. Learn more in our Editorial Guidelines.
Wanna hear something crazy?
There are 10 trillion possible combinations of credit card numbers out in the universe, and only about 65 million of them are being used.
With odds like that, the statistical likelihood that a criminal will chance upon a valid account number — and then upon your account number — is very low.
But that doesn’t mean you’re out of the woods.
Far from it: Data breaches, identity theft, and credit card fraud have all become more common in recent years, and with most of us living our lives online, you shouldn’t expect that to change.
Here’s what you need to know about credit card security — and how to make sure your cards stay safe.
Common Credit Card Security Features
Nearly all credit cards come with the following security features:
- The basics: All cards used by American shoppers have a signature panel, expiration date, magnetic strip, and unique account number.
- Signature panel: Believe it or not, credit cards must be signed according to credit card issuer terms — and merchants can refuse to accept cards if the signature box is empty, or if it has the words “See I.D.”
- Security code: This three-digit code on the back of the credit card (or, for American Express, four-digit code on the front) is required for processing any “card not present” transactions.
- Chip cards (EMV cards): Unlike cards with only magnetic stripes, chip cards encrypt information at each transaction, making fraud much more difficult.
- Holographs: These come standard on most credit cards, and are unique to the card network.
- Usage monitoring: If you make an abnormal purchase — such as for a large amount or in a different location — your issuer may flag the card and take steps to verify the purchase was authentic.
Some credit cards also come with additional security features like:
- Photos: Bank of America and Citi will add your photo to a credit card upon request. But, thanks to online shopping and point-of-sale keypads, photo cards don’t provide as much security as you’d hope.
- Temporary purchase numbers: Some credit card issuers — including, again, Bank of America and Citi — allow you to generate single-use card numbers for online purchases. That way, it doesn’t matter if your card number is compromised, since you’ll never use it again.
- Virtual credit card numbers: Certain credit card issuers provide virtual credit card numbers. These are digital versions of your physical card. They’re often provided to prevent fraud and identity theft while shopping online or over the phone. If anything happens to your virtual card, you can delete it and get a new one.
6 Credit Card Security Don’ts
Despite all those security features, you can never be too careful with your credit card number.
Here are six tips for keeping your card safe.
Don’t Use Debit Cards
To put it simply: Debit cards don’t offer the same fraud protections that credit cards do.
With debit cards, your personal money is on the line; with credit cards, it’s the card issuer’s money. It’s also harder to get refunds in cases of debit card fraud — and the associated delays can result in missed bills and added stress.
Learn more about why we recommend credit cards over debit cards.
Don’t Make Transactions on Open Networks
When there’s no password required to access a wifi network, unencrypted data can be visible to any computer nearby. These other computers may be able to intercept information you’re transmitting and receiving from websites that don’t have “https” in the URL.
That means you could be sending your credit card number or other personal information right into the waiting hands of an identity thief.
Bottom line: Never enter your credit card number when using unsecured public wifi networks if you’re not sure whether the website uses SSL.
Don’t Share Your Number With Unverified Representatives
“Hello, this is American Express calling. Would you mind verifying your credit card number?”
Identity thieves often call and claim to be from an organization you trust — a fire department that’s conducting a fundraiser, a utility company that’s about to shut off your electricity, an administrator of a contest you’ve won — to trick you into giving them your credit card number.
“Phishing” is also common online, when criminals send emails pretending to be your bank and asking for personal information.
Just remember: If you didn’t initiate the phone call or email, don’t give out your card number.
To check if the request is legitimate, contact the organization via its published phone number or secure messaging system.
Don’t Email Your Card Number
Some email hackers employ search tools that scan for strings of numbers likely to be credit card accounts.
Any time you write or type your credit card number and give it to someone in an unsecured, unencrypted manner (including on a piece of paper), you increase your risk of exposure.
Some businesses, including vacation home websites, ask to hold your credit card number as a sort of deposit or guarantee. While not unusual, this isn’t very safe — and you should seek alternatives.
Don’t Share Your Card Number Where Others Can Hear
Many legitimate financial transactions are conducted on the telephone, and may require you to verbally give your card number and other personal information.
If you recite that information out loud, anyone in earshot will be able to use it — so avoid making these calls in public places.
Don’t Post Photos of Your Credit Card
While it may seem obvious, never post photos of your card online. For example, look at the picture below: Though the woman soon realized her mistake and deleted the image, it lives on in internet infamy.
When it comes to pictures, some people feel safe when they cover the first eight digits of their card. Others obscure the last eight. In either case, it’s a bad idea.
Take the picture below. We have half the card number, plus the expiration date and the cardholder’s name. Since we know all Visa card numbers begin with “4,” and the next five digits identify the bank or card issuer, only two unknown digits remain in the entire 16-digit account number. An enterprising thief could easily figure out what they are.
finally got a debit card so it’s time to start making some appropriate purchases online pic.twitter.com/UrWNsb8Y2B
— meme queen (@salviaxplath) September 8, 2014
If you have a legitimate reason for posting a photo of your credit or debit card (which you probably don’t), obscure all the numbers — or at the very least, the last ten digits, which are unique to your account.
4 Ways to Improve Credit Card Security
That was a whole lot of what not to do — now here’s what you should do to improve your credit card security.
Manage Your Passwords and Accounts Carefully
- Make secure, unique passwords for each site: Use a password manager like LastPass or 1Password to generate and manage passwords.
- Change your passwords regularly: It’s also a good idea to change your passwords on a regular basis.
- Log out after every transaction: Be sure to log out of all websites — especially if you’re using a computer accessible by others.
- Disable autofill: Web browsers will often store your credit card information for you. If you want to be extra cautious, don’t use this feature.
- Look for “https”: Before submitting your card information online, make sure the website’s address starts with “https://” rather than just “http://” — the “s” stands for secure, and it means information you submit through forms is encrypted.
Sign Up for Additional Protections
Some credit card networks and issuers offer additional protections to online shoppers. You can sign up for Mastercard Secure Code, for example, which will ask you for a six-digit code when you make a purchase.
Similar programs include Visa Secure and Amex SafeKey, neither of which require registration. They work behind the scenes while you shop, occasionally asking you to provide verification for suspicious transactions. Sometimes this is as simple as replying to a text message.
You can also use payment gateways like PayPal or Apple Pay to provide an additional barrier between you and online merchants.
Review Your Credit Card Transactions
You don’t have to wait for your monthly statement to review your credit card activity. Be proactive and log into your account once a week to check for any fraudulent charges.
And, while an unrecognized charge of $1 may seem insignificant, it’s worth looking into. Credit card thieves commonly charge a series of small purchases to see if a card is still active and available for use. If a crook determines your credit card is “live,” then you could expect some larger fraudulent purchases to follow.
Credit card fraudsters also use devices called “skimmers” to collect card data at ATMs and automated gas pumps. They fit over the card slot or PIN pad, and look much like the normal machine. Since they’re very hard to detect, it’s important to monitor your bills for suspicious activity. You can learn more about skimmers, and see examples of their authentic appearance, in this post from Krebs on Security.
To take it a step further, you should pull your credit reports once a year to make sure they look correct. You could also sign up for a credit monitoring service that alerts you to any suspicious activity.
Shred Your Documents
Instead of tossing bills, credit card and loan offers, and other financial statements in the recycling bin, put them through a paper shredder.
Identity thieves could use these documents to open accounts in your name — and once they have your info, it’s time-consuming and stressful to recover. Since paper shredders cost around $30, we’d say they’re well worth the increased security.
Which Bank Offers the Best Credit Card Security?
No credit card’s security is appreciably better than any other.
The best credit cards all offer strong security measures — so as long as you take proper precautions, you should be good to go.
Just remember: No security feature can substitute for user caution, vigilance, and frequent self-monitoring.