5 ways to use a credit card securely
18 Apr 2024|720 views
Over a period of five months spanning November 2022 to April 2023, cyber security firm - Palo Alto Networks - detected more than 100 malicious URLs related to ChatGPT. These were reported alongside multiple phishing URLs, which attempted to mimic official OpenAI websites.
As a result, several credit and debit cardholders in Singapore had to deal with fraudulent charges imposed on them through a host of legitimate firms.
In an era where cash is no longer king and transactions for a plethora of goods and services - facilitated by convenience - are increasingly exchanged online, the number of credit card users will only continue to grow.
We've previously looked at the key considerations that go into choosing between a credit and debit card. Having now made your decision based on what best suits your spending habits, it's time to consider some best practices we can adopt to have peace of mind when using credit cards.
1. Use a private device and a secure network
When shopping online, be sure to do so in private - away from the prying eyes of the public. You should also only use your personal device to complete your purchases.
Communal computers, such as those found in public libraries, can save your login details and credit card credentials on the websites that you use. This leaves your personal information vulnerable to the next user.
Even if you log out of public devices, your personal data is still at risk of being leaked if they are already infected with spyware
Logging out after you're done could help; one thing though is that these shared resources run the risk of having spyware installed on them. By recording keystrokes, spyware can gain access to your passwords, credit card numbers and security code, for instance. This will render your conscientious efforts to logout each time effectively futile.
As a best practice, shop online using your own personal laptop or mobile phone because it tends to be safer. That said, it isn't entirely foolproof particularly if you're using a Wi-Fi connection that's free for all to access. What you might want to consider doing is to subscribe to a virtual private network (VPN), which allows for your data to be encrypted.
2. Research merchants and check their URL
It isn't all that uncommon these days to find advertisements that want to sell you things when you're surfing seemingly unrelated websites.
For example, I could be reading an article in The New York Times but have a Van Cleef & Arpels banner luring me to buy a new necklace they have recently launched. On other occasions, it could take the form of unbelievably affordable items sold on discount platforms.
Beat that urge to click on a luring sales advertisement and redirect yourself to the merchant's website!
Admittedly, a part of these has got to do with paid advertising and algorithms that curate relevant content based on our previous online searches. No matter which it is, there's a possibility that you'll click on it if it's something on your radar.
Instead of diving right into shopping by clicking on the advertisement, a precaution you can take to protect yourself and your personal data is to visit the company's website. From there, look up the product or service that interests you. Alternatively, navigate to the official site via the search engine. This simple habit can prevent you from falling prey to phishing malware that are potentially embedded in such links to external websites.
If the merchant happens to be a lesser known one, you might want to do some research on it to find out if there were any customer complaints relating to its products or security features. One way to do so is through consumer reviews on social media.
A good practice to cultivate is to verify the webpage address before inputting your credit card information to complete any checkout
Before inputting your credit card information to complete checkout, it is good practice to verify the webpage address to confirm its legitimacy. If, for instance, there are any misspellings, it could mean you are on an unsafe website that was deceptively designed to look just like the merchant’s official page.
Sgcarmart's e-shop is a case in point that assures customers of a safe shopping experience through facilitating trusted payment methods. A one-time password (OTP) will typically be requested - more on this later - if you choose to pay via credit card. This adds on a round of verification before the transaction goes through.
Also transact only on secure websites. Check for 'https' at the start of the URL; this tells you that the website is encrypted, which increases the security of any data transferred on it.
3. Make payments extra securely
Online shopping with a credit card can offer you more security than some other payment options. But again, they aren't infallible. There are some additional measures that you can adopt to keep your credit card extra safe.
Contrary to the myth that digital wallets risk compromising personal data, adding your credit card to Apple Pay or Google Pay can provide a second layer of protection. These digital wallets do not reveal your credit card information to merchants. Instead, how they facilitate payment is via tokenisation: A process that creates a one-time virtual account number for each purchase. In that sense, there is no way to trace data used for any singular purchase to a previous one.
Be suspecting of any merchant that asks for more personal information than is typically needed for a simple online purchase
Do also consider if you're giving out information that's absolutely necessary to make a simple purchase. A case in point that should raise a red flag would be when an online merchant asks for your National Registration Identity Card (NRIC) or Foreign Identification Number (FIN) to complete a shopping transaction.
4. Leverage your credit card app's security features
Most credit cards have an accompanying mobile banking app that offers security features to safeguard your card against frauds. These include two-factor authentication (2FA) and account alerts.
Say, for example, you lose your credit card. Having 2FA set up will help to block those who get their hands on your card from accessing further information, such as from logging in to your credit card account. That's because the authentication process layers on a second step: An OTP via text or email to ensure the authorised user is accessing the account.
Setting up 2FA gives you an extra layer of protection since it requires the cardholder to authenticate the transaction with an OTP
In a bid to stop digital banking scams, the Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS) have mandated in 2022 a default transaction limit of $5,000 or lower a day for online fund transfers.
Pay attention to the requested confirmations from your bank on big-ticketed transactions that are identified to be potentially high risk, through fraud surveillance efforts. This can help you to spot unauthorised transactions in a timely manner and dispute them quickly.
5. Keep up with scheduled routine maintenance
With online transactions being so commonplace today, an integral part of keeping your credit card details safe requires you to also stay up to date with security measures. This means you should:
- Enable automatic updates of your apps, browsers, firewalls, and anti-virus software on your devices. You could choose to do this manually too, if you prefer.
- Use strong, unique passwords for your online banking accounts and change them regularly.
- Periodically review your credit card statements for any unauthorised transactions and dispute fraudulent charges.
How should I respond to transactions I didn't make?
This leads us to the task of addressing the all-important question: What should I do if I receive unauthorised transactions made with my credit card?
According to ABS, there are a few commonly raised dispute scenarios - the most prevalent of which arise from Card-Not-Present (CNP) transactions. One such instance could take the form of unauthorised online or mail order purchases.
You might detect the transaction from your bank statement belatedly if there is no OTP authentication in place. Lodge a report immediately with your card-issuing bank and if need be, request the bank to block your card to prevent any further fraudulent use.
In case you haven't already noticed, all banks regulated by MAS have introduced an emergency self-service "kill switch" in their respective mobile banking apps. This switch lets customers freeze their bank accounts if they suspect their account has been compromised. You can also temporarily lock your card(s) via your banking app.
If you, however, have already set up OTP authentication, the risk of unauthorised card transactions is mitigated since you will have to verify your identity before any transactions are being processed. Your bank will also reserve the right to hold back the credit temporarily until it completes its investigations.
Remember: Your card-issuing bank should always be your first line of defence if in doubt
If the unauthorised charge is a delayed billing to you for a hotel stay or car rental, for example, the first line of defence you should fall back on should - again - be your bank. The card-issuing institution would be able to assist you in raising dispute reports to Visa or MasterCard, as long as you're able to provide it with the relevant supporting document(s).
Be vigilant, conscientious and pre-emptive
Cyber criminals are a smart breed. One tactic they often deploy is to make use of small value deductions since these go easily unnoticed. But their tactics will continue to evolve with time. Even if there's no way for us to outsmart them, we can at the very least reduce our risk of falling prey to their schemes.
And to do that we need to apply these best practices religiously.
Over a period of five months spanning November 2022 to April 2023, cyber security firm - Palo Alto Networks - detected more than 100 malicious URLs related to ChatGPT. These were reported alongside multiple phishing URLs, which attempted to mimic official OpenAI websites.
As a result, several credit and debit cardholders in Singapore had to deal with fraudulent charges imposed on them through a host of legitimate firms.
In an era where cash is no longer king and transactions for a plethora of goods and services - facilitated by convenience - are increasingly exchanged online, the number of credit card users will only continue to grow.
We've previously looked at the key considerations that go into choosing between a credit and debit card. Having now made your decision based on what best suits your spending habits, it's time to consider some best practices we can adopt to have peace of mind when using credit cards.
1. Use a private device and a secure network
When shopping online, be sure to do so in private - away from the prying eyes of the public. You should also only use your personal device to complete your purchases.
Communal computers, such as those found in public libraries, can save your login details and credit card credentials on the websites that you use. This leaves your personal information vulnerable to the next user.
Even if you log out of public devices, your personal data is still at risk of being leaked if they are already infected with spyware
Logging out after you're done could help; one thing though is that these shared resources run the risk of having spyware installed on them. By recording keystrokes, spyware can gain access to your passwords, credit card numbers and security code, for instance. This will render your conscientious efforts to logout each time effectively futile.
As a best practice, shop online using your own personal laptop or mobile phone because it tends to be safer. That said, it isn't entirely foolproof particularly if you're using a Wi-Fi connection that's free for all to access. What you might want to consider doing is to subscribe to a virtual private network (VPN), which allows for your data to be encrypted.
2. Research merchants and check their URL
It isn't all that uncommon these days to find advertisements that want to sell you things when you're surfing seemingly unrelated websites.
For example, I could be reading an article in The New York Times but have a Van Cleef & Arpels banner luring me to buy a new necklace they have recently launched. On other occasions, it could take the form of unbelievably affordable items sold on discount platforms.
Beat that urge to click on a luring sales advertisement and redirect yourself to the merchant's website!
Admittedly, a part of these has got to do with paid advertising and algorithms that curate relevant content based on our previous online searches. No matter which it is, there's a possibility that you'll click on it if it's something on your radar.
Instead of diving right into shopping by clicking on the advertisement, a precaution you can take to protect yourself and your personal data is to visit the company's website. From there, look up the product or service that interests you. Alternatively, navigate to the official site via the search engine. This simple habit can prevent you from falling prey to phishing malware that are potentially embedded in such links to external websites.
If the merchant happens to be a lesser known one, you might want to do some research on it to find out if there were any customer complaints relating to its products or security features. One way to do so is through consumer reviews on social media.
A good practice to cultivate is to verify the webpage address before inputting your credit card information to complete any checkout
Before inputting your credit card information to complete checkout, it is good practice to verify the webpage address to confirm its legitimacy. If, for instance, there are any misspellings, it could mean you are on an unsafe website that was deceptively designed to look just like the merchant’s official page.
Sgcarmart's e-shop is a case in point that assures customers of a safe shopping experience through facilitating trusted payment methods. A one-time password (OTP) will typically be requested - more on this later - if you choose to pay via credit card. This adds on a round of verification before the transaction goes through.
Also transact only on secure websites. Check for 'https' at the start of the URL; this tells you that the website is encrypted, which increases the security of any data transferred on it.
3. Make payments extra securely
Online shopping with a credit card can offer you more security than some other payment options. But again, they aren't infallible. There are some additional measures that you can adopt to keep your credit card extra safe.
Contrary to the myth that digital wallets risk compromising personal data, adding your credit card to Apple Pay or Google Pay can provide a second layer of protection. These digital wallets do not reveal your credit card information to merchants. Instead, how they facilitate payment is via tokenisation: A process that creates a one-time virtual account number for each purchase. In that sense, there is no way to trace data used for any singular purchase to a previous one.
Be suspecting of any merchant that asks for more personal information than is typically needed for a simple online purchase
Do also consider if you're giving out information that's absolutely necessary to make a simple purchase. A case in point that should raise a red flag would be when an online merchant asks for your National Registration Identity Card (NRIC) or Foreign Identification Number (FIN) to complete a shopping transaction.
4. Leverage your credit card app's security features
Most credit cards have an accompanying mobile banking app that offers security features to safeguard your card against frauds. These include two-factor authentication (2FA) and account alerts.
Say, for example, you lose your credit card. Having 2FA set up will help to block those who get their hands on your card from accessing further information, such as from logging in to your credit card account. That's because the authentication process layers on a second step: An OTP via text or email to ensure the authorised user is accessing the account.
Setting up 2FA gives you an extra layer of protection since it requires the cardholder to authenticate the transaction with an OTP
In a bid to stop digital banking scams, the Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS) have mandated in 2022 a default transaction limit of $5,000 or lower a day for online fund transfers.
Pay attention to the requested confirmations from your bank on big-ticketed transactions that are identified to be potentially high risk, through fraud surveillance efforts. This can help you to spot unauthorised transactions in a timely manner and dispute them quickly.
5. Keep up with scheduled routine maintenance
With online transactions being so commonplace today, an integral part of keeping your credit card details safe requires you to also stay up to date with security measures. This means you should:
- Enable automatic updates of your apps, browsers, firewalls, and anti-virus software on your devices. You could choose to do this manually too, if you prefer.
- Use strong, unique passwords for your online banking accounts and change them regularly.
- Periodically review your credit card statements for any unauthorised transactions and dispute fraudulent charges.
How should I respond to transactions I didn't make?
This leads us to the task of addressing the all-important question: What should I do if I receive unauthorised transactions made with my credit card?
According to ABS, there are a few commonly raised dispute scenarios - the most prevalent of which arise from Card-Not-Present (CNP) transactions. One such instance could take the form of unauthorised online or mail order purchases.
You might detect the transaction from your bank statement belatedly if there is no OTP authentication in place. Lodge a report immediately with your card-issuing bank and if need be, request the bank to block your card to prevent any further fraudulent use.
In case you haven't already noticed, all banks regulated by MAS have introduced an emergency self-service "kill switch" in their respective mobile banking apps. This switch lets customers freeze their bank accounts if they suspect their account has been compromised. You can also temporarily lock your card(s) via your banking app.
If you, however, have already set up OTP authentication, the risk of unauthorised card transactions is mitigated since you will have to verify your identity before any transactions are being processed. Your bank will also reserve the right to hold back the credit temporarily until it completes its investigations.
Remember: Your card-issuing bank should always be your first line of defence if in doubt
If the unauthorised charge is a delayed billing to you for a hotel stay or car rental, for example, the first line of defence you should fall back on should - again - be your bank. The card-issuing institution would be able to assist you in raising dispute reports to Visa or MasterCard, as long as you're able to provide it with the relevant supporting document(s).
Be vigilant, conscientious and pre-emptive
Cyber criminals are a smart breed. One tactic they often deploy is to make use of small value deductions since these go easily unnoticed. But their tactics will continue to evolve with time. Even if there's no way for us to outsmart them, we can at the very least reduce our risk of falling prey to their schemes.
And to do that we need to apply these best practices religiously.
Thank You For Your Subscription.
