Rampant Credit Card Fraud is Prevalent
With a number of notable companies making the news for all the wrong reasons lately – Target, Home Depot, and Anthem to name a few, security should be on your mind. I am all too familiar with having my personal information and credit card numbers compromised. My primary VISA card has had fraudulent charges made it to five times since 2007 (most are within the last few years) and my Social Security number has been compromised at least three times thanks to poor security at the University of Maryland. For this transgression that could have a life long impact, they provided five years of free credit monitoring. Keep this in mind; YOU are the one that will ultimately pay for the mistakes made by the companies and organizations you have entrusted with your data.
Defense in Depth
So, what can you do? Let’s start with online purchases: As every security practitioner is aware, the best defense available today is a layered defense -a concept known as “defense in depth.” You can adopt this strategy and apply it to your purchasing habits. The first defense should be to hold multiple credit cards and multiple checking accounts ensuring a sufficient amount of money is always available to pay your bills in the event one of the accounts is compromised. Cleaning up fraud takes time, time during which your compromised accounts and/or credit cards will likely not be available for use.
Please note that only credit cards should be used online, never debit cards. Credit cards offer more protection in the event the card is compromised and fraudulent charges are posted, including a maximum liability of $50 and the ability to withhold payment of suspected fraudulent charges. These protections are guaranteed by law.
The next step is to select a credit card to use solely for online purchases. This helps limit your exposure to that one account, although there are certainly cards that are compromised while making physical purchases as well. Ideally, tie this account to an “online only” checking account that is used to service your other online accounts, such as PayPal. This serves to limit the damage to only these accounts.
Virtual Account Numbers
I had enough after my most recent compromise and decided to take further action. Two U.S. banks – Bank of America and Citibank – currently offer a unique service allowing credit customers to generate new virtual credit card numbers for online transactions. These numbers can be restricted to a desired vendor, have monetary caps applied, and can be set to expire as soon as you would like or can be allowed to remain valid for up to a year. In the event of a compromise, only the virtual number will be affected – the actual account can remain open. A further benefit is the ability to track compromises back to the source if a unique account is used at each online retailer you do business with. My understanding is this technology is originally by Orbiscom who was purchased by Mastercard in 2009. Citi’s version is dubbed “virtual account numbers” and Bank of America’s is branded as “ShopShafe.” Monetary caps on Citi’s are hard caps (i.e. a $101 charge will be declined with a $100 cap) while Bank of America’s are somewhat soft (the $101 charge would be authorized). I have heard Bank of America makes it easier to set up virtual accounts to be used for recurring purchases while Citi’s are better for one time purchases. After evaluating both, I chose to go with Bank of America’s 1-2-3 BankAmericard Cash Rewards card.
Bank of America’s “ShopSafe”
Accessing Bank of America’s “ShopSafe” is simple. After signing up for online banking, look for the “ShopSafe” link as pictured below. Click “Use ShopSafe.” It’s truly unfortunate they don’t highlight this feature.
Once in ShopSafe, you are able to create a new “virtual credit card.” Here I am creating one for my 5D MkIII purchase (we buy the products we review in the interest of remaining unbiased!). Please note the online form rejected the one month time period – Bank of America requires the number remain valid for at least two months.
Rest assured, even if an adversary (or a family member) gains access to your account, Bank of America still requires the CVV number to create the virtual account.
With the CVV number entered, Bank of America generates a literal “virtual credit card.” I have overwritten the actual credit card number with Xs for obvious reasons.
This new credit card number can then be used online to complete your purchase safely and securely. In the event of a compromise, only this virtual number must be revoked.
Virtual accounts are an incredibly easy way to add an additional layer of security to your online shopping experience. Please do yourself a favor and pick up a Citibank or Bank of America credit card today (and no, none of the links on this page are sponsored).
Review Your Account Statements Frequently
It is critical to review your account frequently. The faster you can identify a fraudulent charge, the more the damage will be contained and the faster it can be resolved. If you’re using a debit card against my advice, you are liable for $500 of a fraudulent charge identified after 2 days and completely liable after 60 days. Do not take this responsibility lightly. Some banks / credit card companies allow you to set purchase limits after which you will be notified by text or e-mail when a transaction exceeds the specified limit; I recommend taking advantage of this service and setting the limit to a low threshold as it can easily save you from significant financial fallout. Remember, you must remain vigilant.
Finally, in the event of a compromise, be sure to sign up for credit monitoring, issue a fraud alert, and freeze your credit score if need be. A freeze can be requested by contacting any one of the three major credit reporting companies – Equifax, Experian, or TransUnion. A credit freeze is a last resort; it will prevent your credit score from increasing due to your good behavior, but it will prevent damage should a fraudster wreak havoc.
Shop With Confidence
With the above tips, you can shop with confidence. Don’t limit your purchases to traditional brick and mortar locations – use online shopping to your advantage and save money in the process. Happy spending!