Making purchases on your debit card might seem like the responsible thing to do. After all, credit cards make it easier to spend more money than you actually have and pay interest on the balance.
From a security standpoint, however, it’s better to pay with a credit card instead of a debit card, especially in certain high-risk situations.
The Dangers Of Debit Card Fraud
“It doesn’t matter if you are shopping in a physical store or online, using an EMV point-of-sale system or the older mag stripe readers, a corporate retailer or a mom-and-pop. When you use a debit card, you are more exposed to financial loss than you are with a credit card,” said Jason Glassberg, co-founder of Casaba Security, a company that major retailers, financials and other Fortune 500s have hired to conduct hacking tests and security reviews.
Fraud protection for credit card purchases is much better. According to federal law, the most any credit card holder will be liable for in the event of fraudulent purchases is $50.
On the other hand, you must notify your bank of a compromised debit card within two business days to limit your liability to $50; if you notify the bank after two days but before 60 days, you could be liable for up to $500 in fraudulent charges. And if you don’t realize there’s a problem until much later, you could be liable for all charges that occurred up to the date you informed your bank of the issue.
“When fraud hits a credit card, you have a buffer zone between the fraud and your cash.”
– Jason Glassberg, co-founder of Casaba Security
Plus, when you pay with a debit card, the cash is withdrawn directly from your bank account. “If a hacker or a thief gets a hold of your card number and goes on a shopping spree, the banks will probably cover your losses eventually, but … it will take them days, maybe even weeks to process the case and refund your account,” Glassberg said.
“That delay can be painful for a consumer if they don’t have enough money left in their account to pay bills, eat, etc.,” he added. “When fraud hits a credit card, you have a buffer zone between the fraud and your cash.”
That said, it might not be realistic for everyone to spend exclusively on a credit card or with cash. So if you do use your debit card every now and then, avoid these five places that are especially risky to swipe.
1. Gas Stations
Gas stations are a notorious hunting ground for credit card skimmers. Skimming is when someone attaches a device to an otherwise legitimate credit card reader that captures all your information when you swipe your card. That data is stored in the device or transmitted to the criminal, who can then use the information to make purchases online or even transfer the data to a counterfeit card.
According to Glassberg, even though the financial industry has pushed for the switch from regular swiping to chip-and-pin transactions, criminals have figured out a way to overcome this by using “shimmers” instead of “skimmers” to steal the card’s details. “A shimmer is a paper-thin chip that is inserted inside of the card reader slot, where it can steal information from the smart chip,” he explained.
Late last year, the U.S. Secret Service began cracking down on gas station card skimmers and shimmers. According to one special agent, it’s estimated that 20 to 30 skimming devices are recovered every week, and each one holds information from about 80 cards. So to protect your bank accounts, it’s a good idea to pay with a credit card instead of a debit card at the pump.
2. Restaurants And Bars
When the bill comes at your favorite restaurant or watering hole, paying with a card means allowing it to leave your sight for several minutes while the server runs it over to the register. Of course, most service industry workers are honest, hardworking people. But there are bound to be a few dishonest folks who use this as an opportunity to jot down your card information or swipe it through a handheld reader.
Plus, there’s always the chance that the establishment’s point of sale system gets hacked by an outsider. Glassberg suggested that patrons consider the overall condition of a restaurant or bar before pulling out a card to pay. Does it look well-managed, or does it seem disorganized and messy? “Disorganized venues are less likely to keep card readers updated or to follow other basic security measures,” he said.
Paying with a credit card instead of a debit card, in this case, doesn’t eliminate these risks, but it does mean you’re better protected if your card information is stolen.
3. Non-Bank And Outdoor ATMs
Most banks have decent security in and around branches. At the very least, they’re under video surveillance 24/7. And many bank branches require customers to swipe their debit cards to gain access to the branch after-hours as an added level of security.
But plenty of ATMs can be found outside of branches, and many more are nowhere near banks at all. From grocery stores to bars to salons and liquor stores, thousands of freestanding ATMs can be found in areas that are less likely to be monitored, making it easier to tamper with them.
FICO Card Alert Service, which monitors hundreds of thousands of ATMs across the U.S., noticed a huge spike in ATM skimming between 2014 and 2015. In fact, instances of ATM skimming rose a whopping 546 percent that year.
“Criminals also use pinhole cameras to record card numbers and PINs without actually hacking the card reader or ATM,” Glassberg said. So if you need to withdraw cash, plan ahead and use a secure ATM at your bank rather than a freestanding machine that could have been compromised.
4. Self-Checkout Kiosks
Like gas stations and ATMs, self-checkout kiosks are another place where the card reader can easily be tampered with. Examples include parking lot pay stations, public transportation ticket machines and self-checkout lanes at grocery stores.
These kiosks are often located in areas that aren’t supervised, providing the perfect opportunity for scammers to install fraudulent card readers. Before you swipe your card at one of these self-serve stations, check for loose or odd-looking parts that could indicate a skimmer was placed over the original card reader.
The internet might make it easier to find and buy just about anything you could ever want (thank you, Amazon Prime), but it also presents many more ways for your card information to be stolen.
Cybercriminals can hack the retailer’s website directly or hack the third-party service it uses to process online transactions to capture your card information. Glassberg noted that one new attack he’s seeing more of is “formjacking,” in which the criminal uses malicious code to steal your information right out of the online shopping cart fields before you’ve even had a chance to click “send.”
Though it’s not possible to protect yourself 100 percent against online shopping fraud, using a credit card can help mitigate the risks. It’s also a good idea to only shop on sites that have an “https” in the URL (the “s” indicates it’s a secured site), to avoid using public Wi-Fi and to install anti-virus software on your computer.