Click the comments link on any story to see comments or add your own.
Subscribe to this blog
10 Oct 2011
A friend whose daughter just had yet another credit card cancelled and reissued due to online fraud asked me what she did that let bad guys steal her credit card.
The answer is probably nothing. Bank security stinks, and large company security stinks more. For example, a few years ago someone stole 45 million card numbers from TJ Maxx, cards which as far as I can tell, the customers swiped at the register and never left their hands. Banks are figuring out that they need to do better, but they are ponderous, timid, and move in herds, so change comes slowly. I've seen estimates from well-informed people that crooks may have something like half of all credit card numbers issued in the US.
He said ``A fraud staffer at the bank told my daughter that when she herself purchases online she uses a debit card attached to an empty checking account and transfers in only the exact amount, so it won't matter if the thieves try to use it because there will be no funds in the account. But we are now talking serious inconvenience.''
Wow, that's the kind of really bad idea that only a security professional would have come up with. It's right up there with changing your password every week.
You have 30 days after the statement arrives to challenge a bogus transaction. Pretty much without exception, the merchant won't counterchallenge, and you'll just get the money back. The key difference between a credit card and a debit card is that during the dispute process, with a credit card you have the money, but with a debit card, they have the money.
Hence: get yourself two credit cards with reasonably large credit limits. Use them however you want. When each bill shows up, look at all the charges, and if you see ones you don't like, challenge them. This used to involve writing a letter, but now you can usually do it online. The challenged charges will go away. The reason to have two cards is that if one blows up, hits the credit limit, they cancel and replace it, etc., you have the other one while the replacement cards are in the mail.
I'm a fairly obsessive guy, so I keep my receipts and match them up each month, partly for this, partly because a lot of them are tax receipts, but for most people, just looking at the bill is plenty. There is no reason to look at the bill online every day, since you have a month to report fraud.
As far as debit cards, Just Say No. I have one, but I only use it as an ATM card at the bank, where I know what their ATMs look like and could presumably recognize a skimming device attached to one, and at one store (Aldi) that doesn't take credit cards, since I really like their chocolate.
Needless to say, pay your credit card in full every month, and you might as well get one that gives you a rebate or miles or something. For what it's worth, I use my credit cards online all the time, and although I've also had my share of bogus transactions and had cards reissued several times, I've never seen a bogus transaction that appeared related to an online charge I'd made.
My other sites
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.