Key Post How to keep your credit and debit cards secure

Would someone like to write a Key Post on the following

Steps you can take to keep your credit and debit cards secure
Brendan I've taken a stab at this. I've left it deliberately rough as I would welcome any feedback and suggestions and will edit it accordingly. Also, if anybody wanted to take it over and give it a thorough edit I have no problem passing it on.

The Basics - Your Card/s
  • Keep the number of cards you have to the minimum that works for you (perhaps one live and one for backup, or one debit card and one credit card, or one fintech and one "bricks and mortar") and cancel and destroy any others
  • If using a debit card, consider having it attached to an account that is used exclusively for that purpose and keep the balance on this account as low as possible (i.e. top it up weekly or in advance of card use)
  • If you change your phone no, address etc ensure that your bank is notified so they can contact you if there is suspicious activity on your card/account
  • Switch on any transaction notifications that your bank/app allows (e.g. N26 and Revolut send instant notification of all transactions to your phone/watch)
  • Familiarise yourself with the safety features that your bank/app has and use these frequently e.g. limits on transactions, limit types of transactions, suspend or freeze card when not in use etc
  • Make a habit of looking at your online transaction history at a set time daily ( first thing when you wake or at breakfast, when you arrive at work, at lunchtime, before/after dinner, before bed)
  • Never ignore a small or trivial unrecognised transaction that appears on your account, these are often a test and will be followed hours/days later with a large transaction
  • Consider using a digital wallet (ApplePay or Google Pay) These can offer added protection as they don’t provide your credit card information to the merchant, instead the send a token code
  • When using your card to pay in restaurant etc, never part with your card, go to the payment terminal or have it brought to you
  • When using your cards in public, look around before use, and shield the keypad before entering your pin or passcode
  • When giving your card details over the phone, choose your location carefully and look around you before doing so
  • Keep a record of all cards in a secure location at home, and keep your bank/s emergency phone numbers in your phone
The Basics - Your Devices
  • Keep your phone/computer software up to date. This includes the operating system, all apps and any security, anti-virus and anti-malware software
  • Switch on the highest level of security/authentication available on your phone, in particular; encrypt your phone, use facial or other biometric recognition and if only using passcodes change these from time to time
  • Switch on any in-app security available for banking and payment apps
  • When you are finished with a device that has been used for financial transactions, ensure that (1) the device is wiped prior to disposal and (2) that it is de-registered by the financial institutions and/or their applications
Online Purchases
  • Consider having a separate card for online use only
  • If available to you, use one-time cards
  • Consider using PayPal
  • If using a credit card ensure that it's one with a low credit limit, and in the case of a debit card ensure that the balance in the account is kept low
  • Avoid using your cards when on unsecured connections (e.g. free WiFi). If you must use your card online when in an airport for example, turn off WiFi and use your 4G connection for the duration of the transaction
  • Avoid using your card on devices that you don't own/use exclusively and never use your cards on a shared/public computer/device
  • Know the retailer that you are buying from and go directly to their website (i.e. enter http://www.retailers-name.com/ (www.retailers-name.com) in your browser to initiate the transaction, do not click on a link supplied in an email or message)
  • Check that the url begins with https:// at all times during the transaction, and in particular on the "checkout page" when entering your credit card details even if you checked it previously
  • Be particularly careful if using an unknown retailer
Foreign/Overseas Use
  • Block all foreign currency and overseas use, and switch on these on only when needed (e.g. when travelling) and off again afterwards. Use a diary to remind you to turn them off on arrival home
  • Some Banks/Apps allow you to specify the countries/currencies that are active, use this facility if it is available
Other Considerations
  • The so called Fintechs such as Revolut operate online only businesses which tend to have lots of convenient and innovative features, however they can be very difficult to deal with when issues arise as it is impossible to meet them face to face and often difficult to make useful phone contact, whereas you can always walk into a branch of one of the traditional banks and discuss your problem
  • There is a perennial argument as to whether it is better to use a credit card with a low limit or a debit card with a low balance in your account. Each of these has its merits/demerits. Either can be made to work. Educate yourself and make the decision that is best for you.
  • Free banking comes at a price. Putting all your money into one Fintech account can simplify life and can save you the cost of account maintenance and transaction charges, but you get what you pay for and when things go wrong resolving problems can be very difficult
Examples of how to organise yourself and your cards
  • Have your salary paid into a bricks and mortar bank, pay your mortgage utilities and and other large transactions from this account, and have a debit card associated with this for limited use (e.g. occasional large in-person purchases). Use a Revolut debit card for for all other chip and pin, contactless, online transactions. Keep the balance in the Revolut account to the minimum necessary and top it up frequently "as required"
  • Have your salary paid into a bricks and mortar bank, pay your mortgage and other large transactions from this account, and have a debit card associated with this for limited use (e.g. occasional large in-person purchases). Use a credit card from all other chip and pin, contactless, online transactions and pay this off monthly by DD. Keep the credit limit on the credit card to the minimum
  • Use an N26 debit card for overseas transaction when traveling (no transaction charges, no commission, very good exchange rates (same as xe.com) and instant transaction notification. (Drain the account the moment you deplane and switch it off until your next trip
 
@Freelance I think that’s excellent!

Perhaps warn people that it is a belt and braces approach. If your digital hygiene is perfect, then it shouldn’t matter if you have one card or 10 for example.

On specific points.
Consider using PayPal
Personally, I would avoid it. The security features are good, but as a product it’s not user-friendly and my customer experience was not good with them when I had a problem.

Avoid using your cards when on unsecured connections (e.g. free WiFi). If you must use your card online when in an airport for example, turn off WiFi and use your 4G connection for the duration of the transaction
I am open to correction on this, but to my knowledge the encryption protocols from device to your bank are now super strong. I’ve used online banking on dozens of Wi-Fi networks over the years and never had a problem. I think the risk is so close to zero here as to be negligible.

I would perhaps also add something on the need for caution when using social media or messaging apps. Scammers increasingly take over accounts and exploit the connections within the network. If someone gets in touch with you looking for any kind of financial assistance seek to speak to them in person.

Finally, share your IBAN not more than strictly necessary. I won’t disclose scammers’ techniques, but there is a risk of fraud when someone has your name and IBAN.
 
Brilliant job @Freelance

I would add that you should never give your card details over the phone or by email.

I was checking in at a hotel not long ago and a member of staff was talking payment over the phone. Instead of taking secure payment, she just wrote the full 16-digit card number, expiry date, and CVV code in a book which I could see was full of previous customer card payment details!!!
 
Excellent ideas above folks - I have learned a lot - thank you. One further suggestion- switch off any automatic top-up from you bank to Revolut etc.
 
Thanks @Freelance - great work!

I am open to correction on this, but to my knowledge the encryption protocols from device to your bank are now super strong. I’ve used online banking on dozens of Wi-Fi networks over the years and never had a problem. I think the risk is so close to zero here as to be negligible.
@Dr Strangelove - you are incorrect to trust public wi-fi - it's very high risk for anything important like payments, and Freelance's comment is correct.
See here for example:
https://www.aura .com/learn/dangers-of-public-wi-fi
 
If you must use public wifi then I would suggest setting up a VPN on your phone. Either a privately hosted one on your home router (this often needs technical know how and is a niche solution for most) or a reputable paid VPN provider. In most countries it would be safe to just use your mobile data instead when making payments or checking balances, but I guess in some countries even the telcos can't be trusted to run a secure operation. I would probably not really trust the local telco in x, y or z country and would enable my VPN.
 
How did you figure out that this was how they skimmed you?
It was a brand new card, never used. Brought it with me to France. I contacted the Ulster Bank and they suggested that this is what happened. They could offer no other explanation.
 
you are incorrect to trust public wi-fi - it's very high risk for anything important like payments,
Thanks.

I do 90% of business via the mobile app, either 4G, home WiFi with VPN or occasionally public WiFi but I’ll put a stop to the latter. In any case my understanding was that encryption via app was better than via browser.

I login via browser occasionally either from work PC or home PC both VPN.

Would you say my habits are low risk once I stop using public WiFi?
 
A word of warning about VPNs. Not all VPNs are equal. A properly managed and secured VPN with up to date security brings benefits, but is expensive to operate and this has to be paid for. A VPN is worse than useless if the owner isn’t fully on their game or worse turns out to be a bad actor. The following are a couple of comments from a Microsoft article on using VPNs:

Just how secure is a VPN?​

A VPN may boast strong protocols and military-grade encryption, but that doesn't mean it's infallible. It can't prevent cookie tracking, viruses, or malware, and it can't protect against phishing scams. Data leaks could occur. But most pivotally, a VPN is only as secure as the company that runs it. A VPN provider that uses out-of-date protocols, leaks IPs, and logs your data isn't one you can trust. No VPN can guarantee absolute security, though choosing a reliable one—and being proactive with securing your systems—can bring a world of difference.

Are free VPNs safe?​

It's best to go with a premium service. To pay for the costs of running a service, a free VPN provider may limit your usage, skimp on features, or even access and sell your data to third-party advertisers. Even free VPNs come at a price.
in general, if using a VPN I would avoid free VPNs and only use a reputable premium service.
 
@Freelance

Would it be useful to add a post to this thread on "How to avoid being scammed on Revolut?"

@thedaddyman tells people not to use public wifi for banking transactions.


Does that need to be incorporated?

What is "public wifi"? Is it all wifi outside your home?

The initial post is very comprehensive. Most people won't read it. I wonder would it be worth "Top 5 mistakes people make which result in them being scammed" . I can edit it so that it appears at the top.

Brendan
 
Excellent advice OP - Well done
Some of these might be worth considering on the Devices Section:

Add a PIN to your SIM card (as well as phone security) and do not disable.
If someone steals your device and you have the device securely locked down with face ID etc, they can remove your SIM from your phone, and put it in another unlocked phone. - If you have no SIM PIM. they can then receive all six digit codes, make call pretending to be you etc

Add some security to your email app (fingerprint, face ID etc)
If someone gets past your phone security, you have another level of security before they can get reset password emails etc.

Add some security to your chosen Authenticator app (fingerprint, face ID etc)
As above another level of security, before they get six digit codes for 2FA logins or new app setup on their own device

Delete all saved passwords from your browser, and do not enable saving them for banking apps, email app, etc to prevent unauthorized logins
 
@Brendan Burgess

I had intended to revise this anyway in light of the feedback received previously to which I'll also add the contribution from @Giggs11

And yes, I had actually thought of "a lazy person's guide" (top 5 or whatever) and I'll put that in too.

I'll try to get to it this week, assuming we get a wet day or two.
 
Delete all saved passwords from your browser, and do not enable saving them for banking apps, email app, etc to prevent unauthorized logins
Great work guys, thanks.

As of the last release of their OSes on various devices, (Mac, iPad, iPhone, etc) Apple now includes a new password-protected app called Passwords, that can store encrypted passwords and passkeys. This is an alternative to storing passwords multiple times for each of the browsers you use or entrusting your security information to a 3rd-party product.

Apple Passwords App

MODS: If this is unhelpful or confusing the thread, please delete
 
Last edited:
Back
Top