Despite the ubiquity of data breaches, there are things you can do as a consumer to reduce the risk associated with credit card payments.
The law works in your favor if you’re a consumer and you’re affected by a data breach. It isn’t your fault that some skilled criminals busted into a big computer and took your data – it’s the fault of the merchant, usually, for not being completely PCI compliant. In the case of companies that have had records stolen and fraud committed against the people represented in those records, the fraud probably could have been prevented entirely by using data tokenization. Given enough time, someone can surely break into a secure server, but using tokenized data to do anything meaningful, like commit fraud, is impossible.
So, what can you do?
You really don’t have to change the way you shop but it would help to take regular precautions.
What’s the Deal with EMV?
Really, what does it do?
EMV chips add an extra layer of payment security to common mag-stripe credit cards.
Mag-stripe credit cards carry information on magnetic stripes, and the act of passing information from mag-stripe to card reader is passive, meaning the card reader just scoops it right out and it’s done. The card doesn’t do anything – it just slides through or into the slot.
EMV cards have chips embedded in them. These chips are actually microprocessors that don’t just provide information for card readers to scan – they actually communicate with the card readers, providing unique transaction IDs with regular information like a card number and an expiration date. EMV credit cards are much harder to duplicate, what with their added tech, than standard mag-stripe cards, which only need to be programmed to display static information. For this reason, it’s much, much harder to commit fraud with an EMV credit card (although not impossible). The UK saw a dramatic decrease in card-present fraud as soon as EMV became the standard.
The problem is not everyone’s on the EMV boat
There’s a liability shift associated with EMV, and that states that merchants who don’t upgrade their card swipers to accommodate EMV-equipped credit cards will be liable for credit card fraud committed by credit cards with EMV chips, and, card-issuers will be liable for fraud committed with standard mag-stripe cards, regardless of whether or not merchants have upgraded to EMV technology. (Essentially, the party with the lesser technology holds liability for fraud that comes up.) For this reason, banks and other card issuers have been extremely diligent about sending out EMV chip cards to patrons whose cards have expired. But, the same can’t be said for merchants at all – it’s like they didn’t get the memo. The general consensus seems to be that the majority of business owners (and, for the most part, we’re talking about small business owners) think they’re too small to pop up on anyone’s radar, too small to be targets for fraud. It isn’t true. There’s a lack of perfect information about fraud and data breaches related to small businesses.
That said, as long as you use your EMV credit card when you’re issued it, it doesn’t matter what kind of technology the merchant has – you’ve done your part.
Am I Safe at the ATM or the Cash Register?
There’s no denying the existence of people who make their living planting card data skimmers in physical terminals or even designing plastic facades to place over ATMs solely for the purpose of stealing your card data. (If you haven’t seen an example of this, it’s actually pretty nifty, much as it leaves you shaking your head.) If you’re using proper technology (like EMV credit cards) and not copying down your credit card information for someone else to use, you shouldn’t have to worry about being held liable for credit card fraud if it does indeed occur in your name.
But, there’s something else you should know – about debit cards in particular.
If someone uses your debit card fraudulently, they’ve effectively tapped into your bank account, potentially sapping you of a good deal of your funds. While getting those funds back isn’t out of the question, it can take much longer than a simple credit card charge reversal, and you’ll still be liable for any automatic transfers you have scheduled to involve your checking account.
With debit cards in particular, you’re required to notify your bank within 48 hours of the fraudulent withdrawals or you risk further liability – up to $500 in charges you can’t dispute.
So, the real take-away from this is you should try to rely more on your credit cards, if possible, and less on your debit cards. (see tips on using a credit card)
Mobile Payments! Good or Bad?
The articles below touch on the importance of mobile payments not only as a quickly developing technology, but as a solution that makes more and more sense each day (practically) as people rely more on phones and less on anything else (except maybe iPads, which decidedly are not phones) for business and personal life.
So, should you make that purchase on your smartphone?
Data these days is very well protected; SSL encryption is more or less standard these days on eCommerce sites, and tokenization is becoming more popular in the wake of those big data breaches that hit the news from 2013 to ’14.
If anything looks fishy to you when you check out (e.g. you don’t see the word secure listed anywhere, your web address bar doesn’t read https – with an S for secure – the site just looks a little weird), you don’t have to make the purchase.