It’s no secret that paying with a credit card now comes with the risk of having your card details compromised, but the good ol’ piece of plastic is still a key piece of technology that makes paying for things, and collecting revenue safe and easy. It’s not something we can expect to ever disappear. If there was an easier way to send our cold hard cash through the internet to make payments for online transactions, we would all already be doing so.
So how is an honest everyday person supposed to avoid losing their personal information? A large number of consumer technologies have been developed to help you keep your credit card’s magic sixteen digits a secret. How safe are they, though? And are they more trouble than they are worth?
Chip and Pin (EMV)
If you’re doing a “Card Present” transaction which usually means shopping in a retail store when paying always make sure the transaction is performed using the chip on your card (and if your card doesn’t have a chip – call your bank and demand one!). Chip transactions are secured at the source before any transmission occurs, so even if hackers have broken into the retailer’s computer network and are listening to every byte of network traffic within the retailer’s network, your card details will remain safe as only the bank can decrypt the details of the transaction and process it. Never let the retailer swipe your magnetic stripe. This can quickly lead to your details being stored somewhere that’s easy for hackers to steal, as proven countless times by the large number of US retailer hacks that have occurred over the last several years.
Apple Pay (and Other NFC Payment Methods)
NFC (near-field communication) is not a very new technology, but Apple is investing serious effort into trying to make it mainstream. Paying with NFC is as simple as placing an NFC-enabled device near a terminal to make a purchase, and it’s supposedly more secure than paying with a credit card.
After tapping your device on the credit card terminal, you will have to scan your finger or enter a passcode to approve the transaction. NFC payments are designed to be tamper-proof and protected by a unique digital signature.
So how secure is NFC payment? One mobile payment system known as CurrentC, which is backed by a large number of retailers like K-mart, Walmart and Target, was hacked while still in the beta testing phase. While Apple Pay and Google Wallet haven’t had any vulnerability issues to date, they’re not exactly seeing frequent use. But if history has taught us anything, hackers see terms like “tamper-proof” as more of a challenge than a restriction, and they aren’t the type to give up easily.
UPDATE: Fraud is already rampant on Apple Pay, although it’s technically not Apple’s fault. Still: not foolproof.
What of online payments? How are we to stay breach-free when purchasing pants two sizes too small on the internet?
Just like how the only way to bend a spoon in the Matrix is to realize that there is no spoon, perhaps the only way to avoid your credit card being hacked is to have no credit card.
One solution is eWallets like Ecopayz and Matchmove which allows you to purchase prepaid pseudo-credit cards you can use to buy stuff online. All you have to do is sign up for a virtual card, top it up via online banking or at an ATM machine, and you’re good to go.
The downsides are that you don’t earn any perks or reward points for using these cards, and that they are pretty much limited to making purchases online. While you only stand to lose the amount you have topped up inside your prepaid card, we figure that these cards are more likely to be used by youths without credit cards looking to make online purchases than paranoid adults in tinfoil hats trying to stave off getting hacked.
Wallets with Data Safe Lining
As mentioned in this previous blog post, a very specific scenario was published where hackers could trick your chip-n-PIN card into approving transactions amounting to a million dollars, and the best part is your card never has to leave your wallet. Now, cards with RFID (Radio Frequency Identification) can be scanned by hackers in a similar manner, where they can procure your personal information.
To combat this threat, wallets with Data Safe lining have been developed. The lining blocks radio waves, much like how Magneto’s helmet protects him from all forms of psychic attacks.
Another alternative is using an Altoids mints tin, which accomplishes the same thing but at a fraction of the price. The downside is, well, you’re using a mints tin as a wallet- all the obvious drawbacks apply, like the sound of metal jingling with every step you take, or looking like you might be homeless.
Virtual Credit Card Numbers
Some banks, including CitiBank and the Bank of America, are offering virtual credit card number services for their customers. How this works is that you generate a new virtual credit card number which is tied to your actual credit card account, which you may use to shop online as per-normal. You can even set a spending limit on the dummy card, which means that even if hackers manage to get your details they won’t be able to make any purchases that go beyond your spending limit.
However, this technology has not caught on. While it does sound like an ideal solution, there are some drawbacks. The biggest one is that you can’t use your virtual card for purchases like hotel room bookings or rental cars, because those companies will request to see your credit card upon arrival, and if the virtual number you used doesn’t match your real credit card number, it’s not going to end well for you.
Another problem with virtual card numbers is that using them makes returning purchases difficult, and when you top that off with the hassle of having to generate a new number every time you buy something online, it’s easy to see why many consider using this service a royal pain in the behind.
Pre-paid cards are built along with a similar concept to virtual credit cards and eWallet solutions. You may set up a rechargeable pre-paid card and charge it up periodically with just enough of a limit to cover your regular online spending activities. In a worst case scenario, you’ll be losing only a limited amount of capital. No need to worry about the adverse effects of having a large credit card limit.
The same limitations and hassles apply- No points/rewards system, and the frequent need to continuously top-up your card.
Many newfangled security methods seem to be catered for the data security equivalent of hypochondriacs. Research has shown that consumers are becoming increasingly jaded regarding data breaches (as shown in this blog post), leading us to believe that the average person probably isn’t all too worried about being the victim of a hack. Since your associated bank will (hopefully) pay you back for whatever you lose in a data breach, it almost seems like more hassle to stay secure than it is to simply lose your personal information and deal with the aftermath as it comes. In short, in this case, the cure seems to be easier than prevention. Although, why not both?
Good consumer data security habits will never let you down. Keeping a vigilant eye on your credit card statements is something everyone should be doing, regardless of whether your wallet blocks radio waves or not.
Consumers aren’t the only ones with brand new tools to play with- keep an eye out for a follow-up blog post on what new toys hackers are playing with coming soon.