Using Credit Cards for making payments? Follow these steps to protect your data online

From magnetic strips to EMV chips, from cards to UPI and to the boom of the digital age, cashless payments have gone a long way. While we enjoy the convenience, we tend to overlook the threats. In the US, the Federal Trade Commission reported 440,666 cases of credit card fraud in 2022 and 219,713 cases for the first half of 2023. In India, the RBI is combatting fraud by mandating security features such as the EMV chip enablement of all new credit cards and debit cards (2015) or tokenization of payment cards stored by merchants (2022). 

We generally tend to share way too much sensitive information online without giving it much thought: pictures of our payment cards or identity documents on social media, contact numbers, addresses and dates of birth demanded by some services and online merchants at the time of registration, favourite singer, car brand, food and other personal details in personality quizzes and other games, online payments to unverified merchants. Whether it is leaked through a data breach or publicly available on social media, this sensitive information can be used to impersonate us, trick us or our close ones into making payments to a fraudster or gain direct access to our bank accounts or other sensitive services. The first step to protecting ourselves from data and credit card fraud is thus limiting the data we share online to a strict minimum. 

Other steps to protect yourselves from data/credit card fraud 

Unique passwords

Using unique strong passwords and changing them regularly is key. As per FIDO (Fast Identity Online) Alliance, passwords are the root cause of over 80% of data breaches. As we shuffle between many apps and sites, it is tempting to use simple passwords and reuse them for different services. Using a simple password for a home delivery app may seem like not much of a risk. But cracking it could give someone access to sensitive information like our home address and phone number.  And if we use the same password between that home delivery app and other services, one data breach at one service provider is enough to gain access to all our accounts, and all the data we shared with them. Consider using a password manager that will generate and store complex passwords for you and warn you if your password gets leaked.  It goes without saying that the priority should be to protect access to mail services that are commonly used to reset forgotten passwords for other services.

Also Read: Eating out regularly? Here are smart ways to save money at a restaurant

Don’t forget your phone

Always enable screen lock, and PIN and/or biometrics so your phone can’t be used to access your accounts in case it is stolen.

Multi-level authentication

Multi-factor authentication provides an added layer of security. Instead of relying on just a password (something you know), it also relies on something you have (a hardware token, a phone) or something you are (your biometrics). Some institutions mandate it, particularly in the financial sector (mobile OTP, token generation or biometric authentication through the mobile banking app), for others, like social media or mail services, it is optional but highly recommended to avoid fraudulent access or impersonation.

Avoid Public wifi for payments

When accessing online services through unsecured networks you may inadvertently let fraudsters access your data. Avoid logging and making payments or use a VPN to secure your communications. 

Credit card safety

Keep your card close and don’t let others see the card number and other details. Contactless payments are safer as the card doesn’t leave your hand or even your wallet during payment. Mobile wallets are also a good solution. Most financial institutions also allow setting various limits on your payment card, for example blocking ATM transactions or international payments,  or setting a maximum amount for e-commerce. These act as a safeguard in case the card data is compromised. Fraudulent transactions may simply not be possible or cause limited damage due to low transaction limits. 

Also Read: How to balance your festive season spending with Home Loan EMI commitments

Phishing and Social Engineering

The strongest password won’t keep you safe if you share information or trigger a payment yourself after falling for a phishing or social engineering scam. Phishing usually takes the form of a message (Whatsapp, email) tricking unsuspecting users into sharing sensitive information or clicking on malicious links by playing on fear and greed triggers. With social engineering, the fraudster may impersonate a close one or an institution. Keeping ourselves informed of known scams and applying common sense are the first steps to counter such attacks. Taking the time to cross-check and contact the requestor directly through a known number or official channel before taking any action is also highly recommended.

In Conclusion  

Don’t let the fear of fraud prevent you from enjoying the convenience and benefits of cashless payments and online shopping. Being conscious of what you share online, staying away from public wifi, using strong unique passwords, activating multi-factor authentication wherever you can, keeping your phone locked, blocking payment services that you do not require on your card and reacting to unexpected messages or calls with a good dose of scepticism are all simple steps to keep yourself safe and fully embrace the digital world. 

This article has been written by Lucie Fosenca, global head, R&D, Giesecke+Devrient. Views expressed here are personal opinions of the author.