When a website address does not begin with “HTTPS”
If you don’t see these five letters in the address bar of the website you are trying to make a payment on, it means the site is not secure. “HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet,” explains Robert McKee, lawyer and certified international privacy professional. “Its main motivation is authentication of the visited website and protection of the privacy and integrity of the exchanged data.” When the URL begins with “HTTPS,” the site is secure, and you are safe to use a credit card. If the site does not include an “s” in this beginning part of the URL, opt out of the online purchase, and try using a third-party payment system like PayPal instead. These sites act as another barrier between an organization and your credit information. If all else fails, try paying in person.
When you’re responding to an email
It is actually better to provide your credit card to someone over the phone (only when you have initiated the call—more on that later) or even via text message than it is to respond with your credit card number in an email. “There is a technique called ‘phishing’ or ‘spear phishing’, and it involves emails that are designed to extract your credit card number for an unauthorized purchase,” warns Stephen Lesavich, Ph.D., JD, attorney, credit card expert, and best-selling author. Before clicking on any link, look for phishing clues like spelling mistakes, strange use of English, and logos that look off. Another technique is to hover over a link while not clicking on it and see if you can recognize the URL. Look for the same site outside your email and compare them. If there is anything suspicious, do not make the purchase or make it from another site.
When charity fundraisers approach you on the street
Quite often, and mostly in big cities, you’ll see charity fundraisers walking the streets in an attempt to collect donations in the form of money for a variety of causes—the environment, child welfare, and pet care, to name just a few. They might only ask to take your name down so they can contact you at a later date, but if they ask you for your credit card, beware. “These causes are known to target people’s emotions to get them to donate,” warns Lesavich. “Although legitimate in some cases, they could instead be scams to charge your credit card and get your credit card information.” If you want to contribute to these causes, a safer bet is to visit their website, check that it’s secure and then make a donation from there.
When speaking to anyone over the phone
Try to avoid giving your credit card information over the phone for the simple reason that you don’t know where it will go once you hang up. You also don’t know who’s listening in on the call—whether it’s people around you, someone else on the line, or even the person on the other end of the phone who’s taking down your digits. “One of the most common examples of card information being given over the phone is through delivery food purchases,” says Jeremy Brant, VP of Information Technology for Florida Capital Bank. “In situations like these or other instances where a vendor is asking for card information over the phone, order the service online or pay cash in person.” With delivery food, should the location not have its own website (or the website is not secure), third-party smartphone apps like Seamless or GrubHub can fill in the gap. Here are 13 things credit card companies know about you.
When an online merchant has no reviews or previous listings
If you’re considering buying from a merchant on any type of marketplace—from eBay to Etsy—look them up online. If you Google them and there’s only one listing for the merchant, with no online reviews, no past experiences from other customers, and no social media accounts, you should think twice about handing over your card. This is true for online merchants, of course, but real-world merchants as well. “The Internet has given consumers a much more effective way to gauge the reputation of the companies we do business with, so use it,” suggests Adam Jusko, founder, and CEO of creditcardcatalog.com, a card comparison and news site. Along these same lines, look for contact information on the websites you buy from, including address and phone number if you’re unfamiliar with the merchant. “Cross-reference the address and phone numbers by looking them up in a search engine to see if they match the merchant.”
When you’re making a purchase you can’t afford
This sounds like a no-brainer, but the mounds of debt many people hold on their credit cards prove that it’s not. “Use your credit card for the convenience it provides and any rewards you might receive, but only charge what you know you can completely pay back at the end of the month,” suggests Jusko. “While some people are building up debt on their credit cards, other people who treat their cards as a tool of convenience are actually making hundreds of dollars from their cards.”
When a merchant needs to take your card out of view for payment
This scenario is common when paying your tab at a restaurant or bar. Especially if you’re not traveling overseas, chances are that it’s fine, but allowing any merchant the chance to take your card out of view provides the potential for writing down or taking pictures of the card for use later. “A high-risk destination example is Brazil. During the 2016 Olympics, multiple people had their CCs cloned while at restaurants,” Mark Deane, CEO of ETS Risk Management in Bethesda, Maryland, says. “One cyber security manager of a large corporation even told a story of being at a table and catching the waiter with a cloning device under his jacket, trying to swipe the card at the table. The waiter ran off when challenged.” The best practice is to never to let your card out of your sight and don’t be afraid to ask merchants to bring payment options to you. “This is becoming more and more common in Europe, where restaurants bring devices to the table to accept payment, and we think this may become more prevalent in the U.S. as well,” says Alex Cramer, Head of Cards at Final, a mobile-first credit card startup. These are the times you should never open a store credit card.
When purchasing online while connected to public Wi-Fi
Inputting any personal information into a website (whether the site itself is secure or not) can pose risks if the Internet connection is not secure, and this includes the public Internet or any Internet without password protection. The consequences are that any sensitive personal information (think passwords, personal data, and credit card information) can be read by anyone trying to break through the network. It is best to wait until you are over a secure connection before inputting any sensitive information, like passwords or credit card numbers. “Delete Wi-Fi networks from your devices that aren’t yours, and make sure to secure your Wi-Fi connection with a unique, private password,” suggests Emmanuel Schalit, CEO of the password manager Dashlane. “Also, don’t use Wi-Fi connections that aren’t known to be secure (think: your coffee shop Wi-Fi, the free Wi-Fi in your building or the airport) unless doing so over a secure VPN.”
When purchasing something on a public computer
When surfing the web on a public computer or another person’s computer you don’t know or trust, keep your credit card under lock and key. “A public computer may have devices or software to record all of your keystrokes, also known as keyloggers,” McKee explains. “The computers also might contain malware with other tools for stealing your information.” Because you can’t verify the security of a public computer, you shouldn’t use your credit card on a website you accessed from that computer. Check out these reassuring ways to improve your credit score.
If you see bulky, plastic, exposed wires on devices you’re about to swipe through
Point-of-sale devices that have been tampered with (including setup of “skimmers” to steal payment card data) can be hard to spot, but they are something to be aware of and avoid. If you see bulky, plastic, exposed wires, or other things that look “off” about the device you’re about to use, consider alerting employees or law enforcement. “More and more, consumers should be looking to ‘dip’ instead of ‘swipe,'” says Cramer. “The former reads static data from the mag stripe off the back of the card; the latter reads dynamic data from the chip on the front of the card, adding an additional level of payment security.” Next, make sure you know the 10 times swiping your debit card puts your money at risk.