Select Page

How can I keep my credit card details from being stolen online? [Ask ZDNet]

How can I keep my credit card details from being stolen online? [Ask ZDNet]
Female holding credit card making online payment, closeup view

Getty Images/iStockphoto

Welcome to the latest installment of Ask ZDNet, where we tackle the questions that even Google can’t answer.

In the mailbag this week: How to keep your credit card details safe online, especially when dealing with a sketchy merchant.

Think you can stump the Ask ZDNet staff? We love a challenge!  Send your questions to [email protected]

As you’ve discovered, the inconvenience associated with being the victim of credit card fraud is significant. Thankfully, for cardholders in the United States, protections in the Fair Credit Billing Act mean your actual losses are limited to $50, provided you notify the card issuer as soon as you become aware of any theft or unauthorized use. Most card issuers have fraud detection capabilities that will alert you immediately in the event of a suspicious transaction and protect you from any loss. 

One important caveat here: These fraud protections do not apply to debit cards, even if the card has the logo of a major credit card issuer. The Electronic Fund Transfer Act offers similar protections if you report an unauthorized transaction within 48 hours, but after that you’re on the hook for $500 in losses, and the limit vanishes completely if a fraud goes unreported for 60 days. (For details, see this FTC page: “Lost or Stolen Credit, ATM, and Debit Cards.” 

Even with those protections, there’s always a risk with any online transaction. How do you minimize your risk? 

  1. Be vigilant about sites where you use your card. Make sure the page is secure and that the merchant is trustworthy. If you don’t recognize the merchant or the site seems suspicious, think twice before entering your card details. 
  2. Avoid storing your card details unnecessarily. You can probably waive this precaution for top-tier merchants like Amazon and Apple, but it’s really not that inconvenient to re-enter a card number for smaller merchants that you do business with occasionally. (Obviously, you can’t avoid this for recurring payments.) 
  3. Use Apple Pay, Google Pay, Samsung Pay, or other digital wallets whenever possible. Those systems use virtual account numbers tied to your device, which means in the event of compromise, your actual card number is not revealed. (For details on virtual card numbers, see these support documents from Google and Apple.) 
  4. Create your own masked card. The free service, for example, lets you create virtual credit cards for specific merchants. You can assign per-transaction limits or set an overall maximum charge for one of these cards, making it impossible for an unscrupulous merchant to turn a small charge into a larger one without your consent. We’ve used this service and can recommend it enthusiastically. 

In addition to all that, be sure to install the mobile app for your credit card and turn on notifications. That way, in the unlikely event your card is compromised, you’ll know immediately and can use the app to temporarily disable the card while you contact the issuer for help.   

Send your questions to [email protected]. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.