Choosing between debit or credit cards when security counts: Internet Scambusters #614
It's not just the way you finally pay for your purchases that makes debit or credit cards different. They also differ in terms of the way you're protected against fraud.
In this week's issue, we explain the security pros and cons of the two different payment card systems, and look at the option of using a one-off "virtual" card number online.
We're also alerting you to a resurgence of an old favorite scammers' trick -- spoofing caller ID.
Let's get started...
Which Card is Safest -- Debit or Credit?
Which card is safest to use -- debit or credit -- in a world where personal financial information seems less secure than ever?
Barely a week seems to pass without news of a hack attack on retailers and other companies that access the records of customers, including card details.
And then there are the everyday risks of card number theft we all face, from stolen wallets through skimming devices to spyware-infested PCs.
The basic fact is that when it comes to the risk of card details being stolen, both debit and credit varieties are equally vulnerable.
Whichever type of card you choose to mainly use for purchases is logically the one that's the most likely to be compromised.
If crooks can get their hands on either of them, they'll steal the information and use it or sell it.
But it's what happens after the theft that can make a difference.
Here are 9 things you should know about them:
- In law, a customer is usually only liable for the first $50 of fraudulent use of their stolen credit card number.
- In practice, most credit card issuers and banks waive this liability and victims end up not having to cover any of the fraudulent use.
- To get the same $50 protection with a debit card, the loss or theft must be reported within two days. Again, some banks may waive this $50 too -- but fewer than with credit cards.
- After two days, debit card users may be liable for up to $500 of fraudulent use within the first 60 days.
- If a debit card theft or fraudulent use is reported later than 60 or sometimes 90 days, the liability faced by the customer can be open-ended.
- With a credit card, any fraudulent payments are usually credited back into the victim's account within a few hours of notification, meaning most victims don't have to cover the misuse because the refund usually happens before the bill payment falls due.
- With a debit card, it can take two weeks or even longer for a bank to investigate fraudulent use and re-credit the cash, during which time the sums involved may be missing from the victim's account -- perhaps even forcing them into an overdraft situation.
- Debit cards are normally linked directly to the victim's bank account. If the thief also has access to the card's PIN number, he or she will be able to entirely drain the account almost immediately.
- Many credit card issuers will send you a daily account alert if you order one so you can spot discrepancies. This can be more difficult or not even available for bank-account-linked debit cards.
So on financial risk and liability, a credit card is a better bet. Plus, credit cards often offer damage or theft insurance on items purchased with the card and they tend to offer better dispute rights with merchants.
If you must use a debit card, the two-day reporting deadline for fraud and the risk of your account becoming overdrawn through fraudulent cash withdrawal underline the importance of frequently checking your bank and card accounts.
A word of warning though: Don't forget that credit cards do call for a higher level of self-discipline than debit cards.
With debit cards, your spending is generally limited to how much cash you have in your account. With credit cards you can spend money you don't have -- and that can land you in trouble.
Credit cards may protect you better against theft but it's up to you to protect yourself from spending unwisely with them!
Are Virtual Cards a Solution?
One of the ways to protect yourself against card number theft when shopping online is to use a virtual or temporary card number.
These are one-off credit card numbers provided by some issuing banks for individual or recurring transactions.
Interestingly, the number of financial institutions offering this service appears to be declining, though we can't say why.
American Express stopped their service years ago and, this year, Discover quit offering them. Among institutions still offering the service (at the time of writing) are Bank of American and Citibank -- though there may be others.
It's also possible to find software products that offer what they call "masked credit card numbers."
In this case, you provide the software company with your card number and, when you make online purchases, the company actually makes the payment itself on your behalf, using a virtual card number, and then they charge your card, keeping the number to themselves.
You can use the number for more than one transaction if you wish, setting a limit for the total amount to be charged.
These software firms may make an additional charge for this service.
If you use one of these services, however, it's important find out three things:
- Will they let you stipulate a limit for the transaction?
- Could a crooked merchant alter the charge allocated to that number?
- If the number is used fraudulently in this way, are you still protected by the $50 limit discussed above?
Find the answers to these questions from the providers before deciding whether to use this service.
An alternative is to use online payment services like PayPal (there are several others too).
They also hold your card number -- debit or credit -- so the merchant you buy from never sees it, nor has it on their system, meaning it won't be compromised if the merchant's system is hacked. However, PayPal can also have disadvantages, so check your options carefully.
Of course, there is always the possibility that the payment or masked card service could be hacked, although they usually employ the highest levels of security.
Spyware on your PC may also hijack your PayPal account details and drain your account that way.
Let's face it; cash and checks are on the way out. Cards and, in the near-future, cellphones and virtual currencies, will be the payment method most us will be using.
Our security will be in the hands of others but, whether you're using a debit or credit card, best-practice security still begins with you.
Alert of the Week
We're seeing a huge increase in the incidence of an old favorite scammers' trick -- caller ID spoofing.
As we explained in an earlier issue, Scammers Can Now Use Fake Caller ID Number, spoofing is used to mislead victims into thinking an incoming phone call is from a legitimate source. Learn more here:
Simply don't assume that a caller is who your ID service says it is. If you don't recognize the voice, don't give confidential information or agree to pay anything without independently checking.
Time to conclude for today -- have a great week!
Leave a Reply