What are the safest kinds of credit cards to use?
If there’s one thing we can say is undoubtedly on everyone’s minds today when they think about using a credit card for payment, it’s data security. Just how safe are different kinds of credit cards? Despite what you may believe, not all cards are created equally; some have built in security features to address changes in the payment industry.
Currently it appears that the safest option is offered by a digital wallet. These are “cards” inside digital wallets like Google Wallet and Apple Pay. These presently appear to be the safest cards because they combine the same NFC technology as contactless cards with the benefit of being completely virtual, so you can never lose the card (unless you lose your phone—but, even then, your digital wallet-enabled smartphone will come with additional security features like a lock or a remote shutoff option).
In addition, data stored from some mobile wallet providers is tokenized, which translates actual credit card numbers into token substitutes and moves them onto an outside server. That aspect doesn’t affect consumers, but makes transactions safer for businesses to accept as it removes fraud liability from them.
Contactless cards employ NFC (near-field communication) to transmit their information to appropriate card-reading devices. NFC is similar to technology employed by vehicle transponder readers for toll roads—albeit at a much lower power, meant to be read only at a distance of a couple of centimeters as opposed to great distances. Information transmitted that way never touches a card-reading terminal (hence the word contactless), so it’s not vulnerable to attack by card skimmers and the like; the information instead is transmitted by a chip directly to a computer. In addition, NFC portals allow card users to hold onto their card throughout an entire transaction, eliminating the chance of an unknown entity skimming your card without your knowledge.
The contactless card earns my number 2 spot because although critics of these cards say fraud can be committed by waving an NFC reader near an NFC card, information grabbing has only reportedly occurred in demonstrations; there has been no fraud reported from NFC card transactions, making it easily one of the safest kinds of credit cards to use.
EMV chip-equipped card
These cards are making waves in the United States after much ado, as we have a fraud liability shift on our hands that will make merchants—not card issuers—responsible for fraud that could have been prevented with the use of EMV-enabled cards and terminals. Chip-equipped cards communicate with chip-equipped card readers, encrypting given transactions differently than a regular magnetic stripe can. The dynamic nature of the encryption makes card-present fraud not entirely impossible, but much more difficult to pull off with EMV-equipped cards.
When using these cards online, however, all bets are off, as you’re only using a card number, billing address, and other pertinent information to complete your transactions. Hackers with enough resources can access EMV card data the same way they can access legacy mag-stripe card data since the EMV security feature is accessed by an EMV card reader, which isn’t present during an online transaction. (It’s therefore incumbent upon merchants who accept card-not-present transactions to choose a payment processor that offers tokenized products in order to further protect themselves against those kinds of attacks.)
Legacy mag-stripe card
This card is the most common kind in the United States—and, it’s also one of the least safe. The mag-stripe card’s information is stored on a magnetic stripe—and that includes information like your name, address and ZIP code, and, in some cases, a PIN—and it’s encrypted, but only one time. That means the encryption stays the same for each transaction, which in turn makes it easier for fraudsters to skim your information from a card reader and create a counterfeit credit card using that information. That kind of fraud isn’t something schoolchildren can do, but, based on the number of Americans who’ve been affected by fraud lately (a little more than 1 of every 4 frequent credit card users based on CreditCards.com’s statistics: 4 of every 10 users getting a fraud alert and two thirds of those alerts being false alarms), it isn’t exactly rocket science either.
When you use a mag-stripe card online, most all retailers employ extra security measures like asking for a CVV code and billing address to provide information that would have been provided with a swipe of the card. At that point, your data can still be vulnerable, but it’s in the hands of the merchant or their payment processor, not your own.