Four Safer Ways to Pay Online

Worried about hackers snagging your credit card info? A few precautionary steps can go a long way in protecting your account.

Who has your private info? Who knows, given how common security breaches have become. And credit card information is one of the most common types of personal data we volunteer online. So what can you do to minimize credit card fraud? Well, you can't stop the break-ins, but here are four ways to keep your funds out of the hands of the bad guys.

Disposable credit card numbers: Why share your 16-digit number with online merchants, particularly those you've never heard of? Many major banks let you create a unique, temporary card number for each online purchase.

For instance, ShopSafe is a free service for Bank of America Visa and MasterCard holders who bank online with the financial giant. When you want to make a purchase online, you open a new browser window and sign in to your Bank of America account. Next, you follow the ShopSafe instructions to create a 16-digit credit card number, which you use on the vendor's site in lieu of your regular number. (The vendor won't know the difference.) The temporary number has its own expiration date and security code, and is valid at only one online vendor. You may reuse the number when you buy from that vendor again, however. Other institutions, including Citibank and EntroPay, have similar services.

Even if you don't use a disposable number, you're protected from unauthorized credit card purchases. If someone uses your card without your permission, your liability typically ends at the first $50, according to the U.S. Federal Trade Commission. And many card issuers now have zero-liability policies, where you won't have to pay a penny.

Online payment services: If you would rather not fuss with lengthy credit card numbers, expiration dates, and security codes, an online payment service is a handy alternative. The free Google Checkout service stores your credit card details and doesn't share your full card number with merchants. If a vendor accepts Google's payment service, you can make a purchase simply by clicking the Google Checkout button on its site. Naturally, you'll have to sign in to your Google account to complete a transaction. The venerable PayPal is another option, and it won't charge you a fee to buy stuff online. Both sites will reimburse any unauthorized purchases in full, as long as you report the fraud within 60 days.

Prepaid credit cards: Personal finances shaky? Can't obtain a regular credit card? You still have online-shopping options, albeit pricey ones. Usually you can get a Visa Prepaid card without a credit card or bank account.

When you buy a prepaid card, you load it with the cash amount you want; as you buy stuff, the goods' purchase total is deducted from the balance. Visa's zero-liability policy applies to prepaid cards, as well. Just remember that these cards are often loaded with sneaky fees. A Western Union Prepaid Visa Card, for instance, has a $10 "non-refundable activation fee" and a $5 "load fee."

Secure cards: For additional protection online, consider services such as MasterCard SecureCode and Verified by Visa. Both require you to enter a password to complete a transaction at participating merchants' sites. The lists of participating vendors are short for both services, but if you regularly buy, say, plane tickets on British Airways, using an extra layer of security could help throw potential fraudsters off your tracks.

One last important rule of thumb: Never use wire transfers. "It's just like sending cash--once it's gone, it's gone. You can't get it back," the FTC's Consumer Alert site warns. The agency also points out that using cash equivalents, including debit cards, personal checks, cashier's checks, or money orders, to buy online is wise only if you're familiar with the seller. Buying a $50 herbal supplement from a dubious Siberian pharmacy? Say nyet to cash.

Using any of these methods can help you significantly reduce the chances of being duped by a malicious seller or site hacker. Of course, even if you take steps to disguise your financial information, you should regularly check your accounts to spot fraud more quickly. But with a little vigilance and extra effort, you can stay one step ahead of cybercriminals without losing the convenience of shopping in your pajamas.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersonline securityapplication developmentWeb services developmentBank of Americavisaweb servicesshoppingConsumer Advicesoftware

More about British AirwaysCitigroupFederal Trade CommissionFTCGooglePayPalVisaWestern Union

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeff Bertolucci

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts