Even if you're not one of the 40 million Target shoppers whose credit or debit card information was stolen Nov. 27 to Dec. 15, you've probably heard of the data breach. With the list of hacked companies, websites and apps growing longer, it's time to take a serious look at credit card security and what you can do to stay safe online. We'll run through the basics of credit card companies' fraud prevention methods and what you can do to protect yourself.
How credit cards work
Your credit card has a lot of information that can be used to verify its authenticity: an expiration date, a three-digit security number and your name. There's also a magnetic stripe on the back of the card that contains all that information and more. When you swipe your credit card, the information on the magnetic stripe gets transmitted to a third party, who then verifies with your bank that all your information is correct and approves the transaction.
There are other authentication methods, such as checking your signature or asking to see an ID, but not every merchant takes these steps. Additionally, if you're making an online purchase, you might be required to input the three-digit number called the card verification value, or CVV, as well as the card number and expiration date. Merchants aren't allowed to store the CVV in their databases in an effort to keep that information away from hackers. Therefore, merchants ask you to enter your CVV to prove that you actually have the physical card.
What about the rest of the world?
America lags behind the rest of the world in terms of credit card security techniques. We use magnetic stripes to hold our data, whereas other countries use EMV chips. These chips use a different (some say better) method of encrypting data. While magnetic stripes have the same encryption method, the method for EMV chips varies, making them harder to hack. This has produced dramatic results on point-of-sale transactions. For example, the United Kingdom rolled out EMV technology in the 2000s and saw fraud rates drop by 63 percent between 2004 and 2010, according to the Federal Reserve Bank of Atlanta.
The United States is moving closer to widespread EMV adoption, but for now, we're still using our old magnetic stripe cards.
How can I keep my data safe?
Here are a few ways to protect your credit card data beyond the encryption methods offered by merchants:
--Make sure you sign the back of your credit card - if you don't, your fraud liability might be higher.
--When making online purchases from your computer or phone, make sure the web address starts with "https://" instead of "http://."
--Use a personal finance service like Mint.com to instantly see which transactions have been made on which card.
--Shred credit card statements and anything that has your credit card number or personal information on it.
--Be wary of making online purchases on a public Wi-Fi connection - they're easy to hack. If you find yourself using public Wi-Fi often, consider getting a VPN, which is more secure.
But don't worry too much
While credit card fraud is a hassle to deal with, your liability is limited. By law, you'll never be on the hook for more than $50 if your credit card is stolen and the thief racks up charges. You're also not liable for any purchases made after you report the card lost or stolen. In the wake of the Target data breach, it's reassuring to know that you have no liability if your card information, rather than the card itself, is stolen. Finally, many credit cards offer zero-liability policies that provide better protection than the law requires.
If you ever fall victim to a Target-like data breach, call your bank right away to report the incident. Don't panic, though - federal law gives you quite a bit of protection.
Anisha Sekar writes for NerdWallet, a personal finance website dedicated to helping consumers.
- credit card