Internet and e-mail policy and practice
including Notes on Internet E-mail


2011
Months
Oct

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Money


10 Oct 2011

Is there a reasonable way to use credit cards online? Money

A friend whose daughter just had yet another credit card cancelled and reissued due to online fraud asked me what she did that let bad guys steal her credit card.

The answer is probably nothing. Bank security stinks, and large company security stinks more. For example, a few years ago someone stole 45 million card numbers from TJ Maxx, cards which as far as I can tell, the customers swiped at the register and never left their hands. Banks are figuring out that they need to do better, but they are ponderous, timid, and move in herds, so change comes slowly. I've seen estimates from well-informed people that crooks may have something like half of all credit card numbers issued in the US.

He said ``A fraud staffer at the bank told my daughter that when she herself purchases online she uses a debit card attached to an empty checking account and transfers in only the exact amount, so it won't matter if the thieves try to use it because there will be no funds in the account. But we are now talking serious inconvenience.''

Wow, that's the kind of really bad idea that only a security professional would have come up with. It's right up there with changing your password every week.

You have 30 days after the statement arrives to challenge a bogus transaction. Pretty much without exception, the merchant won't counterchallenge, and you'll just get the money back. The key difference between a credit card and a debit card is that during the dispute process, with a credit card you have the money, but with a debit card, they have the money.

Hence: get yourself two credit cards with reasonably large credit limits. Use them however you want. When each bill shows up, look at all the charges, and if you see ones you don't like, challenge them. This used to involve writing a letter, but now you can usually do it online. The challenged charges will go away. The reason to have two cards is that if one blows up, hits the credit limit, they cancel and replace it, etc., you have the other one while the replacement cards are in the mail.

I'm a fairly obsessive guy, so I keep my receipts and match them up each month, partly for this, partly because a lot of them are tax receipts, but for most people, just looking at the bill is plenty. There is no reason to look at the bill online every day, since you have a month to report fraud.

As far as debit cards, Just Say No. I have one, but I only use it as an ATM card at the bank, where I know what their ATMs look like and could presumably recognize a skimming device attached to one, and at one store (Aldi) that doesn't take credit cards, since I really like their chocolate.

Needless to say, pay your credit card in full every month, and you might as well get one that gives you a rebate or miles or something. For what it's worth, I use my credit cards online all the time, and although I've also had my share of bogus transactions and had cards reissued several times, I've never seen a bogus transaction that appeared related to an online charge I'd made.


posted at: 23:23 :: permanent link to this entry :: 1 comments
posted at: 23:23 ::
permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)

hassle factor
i agree a credit card is much safer than a debit card, but it wasn't quite that simple for me ... i discovered my first fraud this summer — several transactions for download of music from Amazon and a Napster subscription all within a few days — and after i called in the details and also notified both vendors of the fraud (despite which Napster issued a recurring charge a few days later), i got my first piece of mail from Citicard, on which i had to pick out the bad charges from a puzzling accounting tabulation and return within 10 days, then a month or more later i got a packet with about 15 pages of material documenting just the initial Napster charge — i guess you'd call that a counterchallenge; it included the name and address of a woman i'd never heard of, so the charges were somehow made without even my name; i had to certify that i had nothing to do with it and return within a week; so there's been a considerable amount of paperwork and even some postage to pay for just to clear about $75 in charges

(by steve 17 Oct 2011 19:58)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
90 days ago

A keen grasp of the obvious
My high security debit card
397 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.