It is actually better to provide your credit card to someone over the phone (only when you have initiated the call—more on that later) or even via text message than it is to respond with your credit card number in an email.
“There is a technique called ‘phishing’ or ‘spear phishing’, and it involves emails that are designed to extract your credit card number for an unauthorized purchase,” warns Stephen Lesavich, PhD, JD, attorney, credit card expert, and best-selling author.
Before clicking on any link, look for phishing clues like spelling mistakes, strange use of English, and logos that look off.
Another technique is to hover over a link while not clicking on it and see if you can recognize the URL.
Look for the same site outside your email and compare them.
If there is anything suspicious, do not make the purchase or make it from another site.
3. When charity fundraisers approach you on the street
Quite often, and mostly in big cities, you’ll see charity fundraisers walking the streets in an attempt to collect donations in the form of money for a variety of causes – the environment, child welfare, and pet care, to name just a few.
They might only ask to take your name down so they can contact you at a later date, but if they ask you for your credit card, beware.
“These causes are known to target people’s emotions to get them to donate,” warns Lesavich.
“Although legitimate in some cases, they could instead be scams to charge your credit card and get your credit card information.”
If you want to contribute to these causes, a safer bet is to visit their website, check that it’s secure and then make a donation from there.
If you’re considering buying from a merchant on any type of marketplace – from eBay to Etsy – look them up online. If you Google them and there’s only one listing for the merchant, with no online reviews, no past experiences from other customers, and no social media accounts, you should think twice about handing over your card.
This is true for online merchants, of course, but real-world merchants as well. “The Internet has given consumers a much more effective way to gauge the reputation of the companies we do business with, so use it,” suggests Adam Jusko, founder and CEO of a card comparison and news site.
Along these same lines, look for contact information on the websites you buy from, including address and phone number if you’re unfamiliar with the merchant.
“Cross reference the address and phone numbers by looking them up in a search engine to see if they match the merchant.”
7. When a merchant needs to take your card out of view
This scenario is common when paying your tab at a restaurant or bar. Especially if you’re not travelling overseas, chances are that it’s fine, but allowing any merchant the chance to take your card out of view provides the potential for writing down or taking pictures of the card for use later.
“A high-risk destination example is Brazil. During the 2016 Olympics, multiple people had their CCs cloned while at restaurants,” Mark Deane, CEO of ETS Risk Management in Bethesda, Maryland, says.
“One security manager of a large corporation even told a story of being at a table and catching the waiter with a cloning device under his jacket, trying to swipe the card at the table. The waiter ran off when challenged.”
The best practice is to never to let your card out of your sight and don’t be afraid to ask merchants to bring payment options to you.
“This is becoming more and more common in Europe, where restaurants bring devices to the table to accept payment,” says Alex Cramer, Head of Cards at Final, a mobile-first credit card startup.
8. When purchasing online while connected to public wi-fi
Inputting any personal information into a website (whether the site itself is secure or not) can pose risks if the internet connection is not secure, and this includes public internet, or any internet without password protection.
The consequences are that any sensitive personal information (think passwords, personal data, and credit card information) can be read by anyone trying to break through the network.
It is best to wait until you are over a secure connection before inputting any sensitive information, like passwords or credit card numbers.
“Delete wi-fi networks from your devices that aren’t yours, and make sure to secure your wi-fi connection with a unique, private password,” suggests Emmanuel Schalit, CEO of the password manager Dashlane.
“Also, don’t use wi-fi connections that aren’t known to be secure (think: your coffee shop wi-fi, the free wi-fi in your building or the airport) unless doing so over a secure VPN.”
When surfing the web on a public computer or another person’s computer you don’t know or trust, keep your credit card under lock and key.
“A public computer may have devices or software to record all of your keystrokes, also known as keyloggers,” McKee explains. “The computers also might contain malware with other tools for stealing your information.”
Because you can’t verify the security of a public computer, you shouldn’t use your credit card on a website you accessed from that computer.
10. If you see bulky, plastic, exposed wires on devices
Point-of-sale devices that have been tampered with (including setup of “skimmers” to steal payment card data) can be hard to spot, but they are something to be aware of and avoid.
If you see bulky, plastic, exposed wires, or other things that look ‘off’ about the device you’re about to use, consider alerting employees or law enforcement.
“More and more, consumers should be looking to ‘dip’ instead of ‘swipe’,” says Cramer.
“Swiping reads static data from the mag stripe off the back of the card; dipping reads dynamic data from the chip on the front of the card, adding an additional level of payment security.”