There's no gentle way to say this. There are a lot of nasty criminals out there. Individual hackers, organized crime gangs, terrorist groups, even nation state actors are enriching themselves at our expense. While there are as many varieties of cybercrime as there are criminals, there is one overriding constant: your bank account is at risk.
A few weeks ago, our own Charlie Osborne wrote about her personal experience with credit card fraud in Here's the one surprising lesson I learned as a victim of debit card fraud. She is far from alone.
Many of us at ZDNet (and many of you out there) - including me - have experienced what happens when a criminal gets access to your card. Sometimes, there are a bunch of tiny charges, where the criminals test the waters to see what cards work. Other times, there are huge charges, often cleaning out accounts, or racking up huge bills.
See also: Symantec enterprise, consumer product security flaws 'as bad as they get' | One of the nastiest types of ransomware has just come back to life | A hacker is advertising millions of stolen health records on the dark web | Hackers would like to join your LinkedIn network - and you'd probably accept them
No matter what, it sucks. It's also very hard to defend against. Because so many retailers are breached with such a degree of regularity, nearly all of us have had our personal identifying information fall into criminal hands.
The reality of the situation is bleak. No matter what you do, your credit card information will find its way into criminal hands. Its inevitable that you will find your finances under attack. Short of hiding all your money under your mattress, there's nothing you can do, really, to prevent it.
But that does not mean you can't protect yourself
First, let me tell you what might not work. There are hundreds of companies out there that promise to monitor your accounts and inform you of illicit activity. Some offer promises of a guarantee if you fall victim.
I'm not going to mention any companies specifically, but I will tell you that while using these companies can sometimes help, you're not as well protected as you might wish. First, not all companies can successfully monitor your accounts. Some companies aren't really companies at all; they're just fronts for data harvesting operations.
These companies also add another risk vector. You are giving them all your information, hoping that they'll protect you. But you are putting yourself at further risk, because one more entity now has a comprehensive view of your overall financial picture.
Don't rely on others to keep your finances safe. You need to do it yourself. There is a single, relatively simple practice you can do, which you'll be far safer using than you would with any other approach.
Banks and bills
Way back in the early days of my first company, money was very, very tight. I needed to know, every single day, exactly how much money we had, and who we owed. So back then, I started the practice of making a short list of what I called "banks and bills." This was a list of how much money was in each back account, what my current bills were for everything I (and the company) owed money on, and any expected very near term accounts receivable.
To be honest, doing all that once a day was a huge hassle. But I was self-funded with a payroll, and it got us through some very lean times. We successfully made payroll, and kept the business afloat.
I started the practice of banks and bills well before the level of hacking we see today was a problem. But because I was doing it, fraudulent credit card activity became immediately apparent.
I no longer have to make a payroll, but my wife and I still have a banks and bills meeting each and every week.
Here's how to do it
What's interesting is that this practice not only helps you catch credit card fraud, it also helps you manage your financial situation, keep to a budget, and make conscious spending decisions.
In other words, it's a good practice, even if you're not worried about fraud.
The process takes somewhere between a half hour and an hour each week. Again, for fraud protection you don't need to be quite as rigorous as I am. However, it's a heck of a money management solution, so I recommend you follow along.
We have a spreadsheet with sections for bank accounts, retirement accounts, credit cards, and other bills.
Each week, we create a new copy of the spreadsheet. You can use tabs, but because I have a lot of additional analytics on other tabs, I prefer the simplicity of a new sheet. I just copy over the previous week's spreadsheet, give it a new date, and make changes.
We have a line item for every bank account, another line item for every credit card. During out banks and bills session, we individually log into each account and copy the balance into the spreadsheet.
Note that some services, like Quickbooks, theoretically allow you to download this information automatically. But they can be unreliable. Also, we've found that by actually taking the few annoying moments to log into each account, we can glance at the activity. It's here, in this glance, that we can often spot spurious activity.
That is, by the way, the key. When you log into each account, look at the charges and activity on the account. Do you see anything weird? Do you live in Florida, but have a gas station charge from Indiana? Are there a bunch of odd little charges? Is you balance suddenly far less than it should be?
Usually, banks and credit card companies operate fraud departments, but their algorithms don't always catch all the possible inconsistencies. But if you notify them about fraudulent activity in a timely manner, they'll usually make your account whole again.
This is another key reason to do this weekly. If you discover something, you're going to be able to work with your banking partners for resolution. That way, it's not something you discover months later, possibly after the date for any possible resolution has passed.
We do a few other things with banks and bills. We have a running chart outlining our overall credit card debt. I don't ever like that amount going over a certain threshold, so it's a quick way to tell, at a glance, whether we're in the danger zone.
We also have interest rates listed next to each card. Some of the cards have zero percent rates for a year or two, so we have what we call a "pumpkin date" listed next to those cards. Those are the dates the interest free deal turns into a pumpkin. We want to make sure we pay those accounts off before they pumpkin.
We also make sure to pay off the higher interest cards and credit accounts earlier, especially if they start to build up. Sometimes, it's not easy to remember which card is eating you alive with interest charges, but the banks and bills spreadsheet makes that immediately apparent.
Finally, I have a running net worth and liquid net worth chart going. Net worth includes things like the value of my house, which isn't exactly a liquid asset. Liquid net worth is the amount of money we have that could be turned into cash relatively quickly.
Our goal with both charts is to make sure that they always increase. If either net worth indicator goes down for too many weeks, it's an indicator that we're spending above our income, and that's never really a good practice.
Like I said, overall, this process takes less than an hour a week. We have, multiple times, found evidence of credit card fraud by doing this. Because we had a weekly historical summary of activity, we were able to provide that information to the bank, which helped in recovery.
To reiterate: This is the single best way to protect yourself. That's because you're not delegating your financial affairs to someone else. Think about it. With such a high prevalence of breaches, no matter who you choose to delegate your financial watchdog activities to, that delegate might also be the victim of a breach.
Only by checking each account, by hand, each week, can you be sure you're safe. Do it now. Do it weekly.
Finally, my wife (who was my company's chief financial manager way before we ever got married) had a couple of additional recommendations. She said you need to make financial management, whether for a company or a family, into a hobby. It has to be part of your ongoing constant practice in order for it to be a priority. She also recommended a blog she likes called Budgets Are Sexy. Check it out.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.