Identity theft is no longer a fringe concern. Whether they’re hacking Wi-Fi networks, smartphone apps or online financial transactions, identity thieves are diligent about obtaining all sorts of personal data, including credit card information.
Nonetheless, experts are concerned that the average consumer may be unwittingly helping thieves, particularly when it comes to compromising our credit cards.
“Consumers still don’t pay proper attention to some of the most basic identity theft protections, and I think it’s because we bias ourselves to convenience,” says Michael Bruemmer, vice president of identity protection at Experian, which recently rolled out IdentityWorks, a suit of consumer identity theft-protection products. “Also, if you’ve never suffered from having your credit card information stolen, you probably don’t see it as a particularly pressing threat.”
According to a recent national survey conducted by Experian, 84 percent of respondents acknowledged being concerned about the security of personal information online, but nearly two-thirds—64 percent—said it’s “too much of a hassle to constantly worry about securing personal information online.”
Plus, 53 percent said staying on top of financial transactions is a challenge, 48 percent said they don’t check their credit reports regularly for errors or suspicious activity and 52 percent said they’re convinced it’s “not very likely” they will become a victim of identity theft.
“Consumers seem to be tuning out rather than tuning in,” says Bruemmer, adding that in 2016, more than 15 million Americans were victims of identity theft, an increase of 16 percent from the previous year.
Here are some everyday ways you might be unknowingly helping identity thieves steal your card information.
1. You’re not getting texts or emails after every purchase
The number-one mistake consumers make is not actively engaging with their credit card statements, says Robert Siciliano, identity theft expert and CEO of IDTheftSecurity.com.
“Your statement is the pulse of your credit card activity, and you should always be checking your pulse so you know what’s going on,” says Siciliano. “Consumers should be relatively obsessed with their credit card statements and check them as often as they use their cards.”
This doesn’t mean you have to log in to online banking multiple times a day. The easiest and most effective way to make sure your credit card information is safe, Siciliano says, is to set up digital alerts every time one of your cards is used.
“I get a text message every single time my wife and I use any of our credit cards,” says Siciliano. “You can easily sign up for these alerts, and it’s the single best thing you can do to make sure nothing fraudulent is taking place.”
Monitoring your transactions is particularly important if you’ve recently taken a trip, says Justin Lavelle, spokesperson for the online background check site BeenVerified.com.
“Continue to regularly check your statements or your account online for a few weeks after a trip to make sure there aren’t latent fraudulent charges,” says Lavelle. “Thieves will often steal information but then not use it for months, long after your trip is over.”
2. You’re using a debit card for retail purchases
According to Siciliano, your debit card should be used only for ATM withdraws — never for in-store purchases.
“If a crook gets ahold of your debit card, the money will instantly be stolen from your bank account,” says Siciliano. “If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute, assuming you regularly monitor your statements.”
Yes, you’ll get reimbursed for fraud that occurs with a debit card, but this will only happen “after your bank account has been sucked dry,” Siciliano points out.
“I also tell people to avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader itself,” says Siciliano.
3. You’re using public Wi-Fi for financial transactions
According to Lavelle, one of the easiest ways for identity thieves to steal your credit card information is by hacking public Wi-Fi at places like coffee shops, hotel lobbies and bookstores.
These often-unsecured connections give cybercriminals an easy opportunity to see when consumers are shopping online or checking bank accounts. When this happens, says Lavelle, they have an opportunity to steal credit card information on the spot.
“You should be very wary of public internet connections,” says Lavelle. “Free Wi-Fi is convenient, but these networks aren’t necessarily properly secured and could leave you open to identity theft if you are using your phone or computer to engage in any financial transactions.”
If you must engage in sensitive transactions using public connections, Lavelle suggests setting up a virtual private network, or VPN.
“This software will mask your identity and location, so if you’re using public Wi-Fi you’ll essentially be disguised and less likely to be picked up by those seeking to prey on users of that particular network,” says Lavelle.
4. You’re not using strong enough passwords
These days our credit card information is stored on everything from websites like Amazon to apps like Uber and GrubHub. If you’re not vigilant about the strength of the passwords used to access these portals, you’re making it easy for identity thieves to break in.
“The key is using long, alphanumeric passwords for any site or app that uses your credit card information,” Bruemmer says. “Make sure every one is different and never reuse any of your passwords.”
Furthermore, Lavelle recommends changing passwords and PINs every six months. Also, be aware of unexpected notifications that you have a password reset request or that you’re being locked out of an online account because of too many failed login attempts—these may be signs that thieves are targeting your accounts.
“Your passwords should all be at least eight characters long and should use numbers, symbols, and upper and lower case letters,” says Lavelle. “And remember ‘password’ is not a password.”
5. You’re not paying attention to the little things
In addition to the broader tips above, plug these smaller security holes:
- Use only ATMs inside banks if possible. The riskiest locations are restaurants, bars, nightclubs and public kiosks, says Siciliano. Regardless of an ATM location, inspect the machine. “A red flag is if the scanner’s colors don’t jibe with the rest of the machine,” says Siciliano. “Also, look around for areas a camera might be hidden. Even if all seems clear, cover your hand when you enter the PIN.”
- Consider using a one-time card number online. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Citibank, Bank of America and others offer single-use (i.e. disposable) card numbers.
- Delete smartphone apps you no longer use. “Outdated versions of apps can still run in the background and expose personal information without you knowing it,” says Krystal Rogers-Nelson, safety and security expert with ASecureLife.com. “And make sure your phone automatically updates your apps, since most updates include security fixes.”
- Don’t get lazy. “I get a physical every year without fail, because otherwise I’m rolling the dice on my physical well-being,” says Siciliano. “And if you’re not staying vigilant about your credit card information and transactions you’re rolling the dice on identity theft and pretty much just hoping something doesn’t go wrong. And that’s not a plan.”