'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
How can I keep my credit card details from being stolen online? [Ask ZDNet]
Welcome to the latest installment of Ask ZDNet, where we tackle the questions that even Google can't answer.
In the mailbag this week: How to keep your credit card details safe online, especially when dealing with a sketchy merchant.
Think you can stump the Ask ZDNet staff? We love a challenge! Send your questions to ask@zdnet.com.
How can I keep my credit card details from being stolen online?
Someone stole my credit card information recently and it was a major hassle. I had to get the card replaced and then change all my online payments. I'd really rather not go through that again. Is there a way to minimize my risk?
As you've discovered, the inconvenience associated with being the victim of credit card fraud is significant. Thankfully, for cardholders in the United States, protections in the Fair Credit Billing Act mean your actual losses are limited to $50, provided you notify the card issuer as soon as you become aware of any theft or unauthorized use. Most card issuers have fraud detection capabilities that will alert you immediately in the event of a suspicious transaction and protect you from any loss.
One important caveat here: These fraud protections do not apply to debit cards, even if the card has the logo of a major credit card issuer. The Electronic Fund Transfer Act offers similar protections if you report an unauthorized transaction within 48 hours, but after that you're on the hook for $500 in losses, and the limit vanishes completely if a fraud goes unreported for 60 days. (For details, see this FTC page: "Lost or Stolen Credit, ATM, and Debit Cards."
Even with those protections, there's always a risk with any online transaction. How do you minimize your risk?
- Be vigilant about sites where you use your card. Make sure the page is secure and that the merchant is trustworthy. If you don't recognize the merchant or the site seems suspicious, think twice before entering your card details.
- Avoid storing your card details unnecessarily. You can probably waive this precaution for top-tier merchants like Amazon and Apple, but it's really not that inconvenient to re-enter a card number for smaller merchants that you do business with occasionally. (Obviously, you can't avoid this for recurring payments.)
- Use Apple Pay, Google Pay, Samsung Pay, or other digital wallets whenever possible. Those systems use virtual account numbers tied to your device, which means in the event of compromise, your actual card number is not revealed. (For details on virtual card numbers, see these support documents from Google and Apple.)
- Create your own masked card. The free Privacy.com service, for example, lets you create virtual credit cards for specific merchants. Each virtual card looks like a standard credit card, but it's tied to your bank account or a credit card. You can assign per-transaction limits or set an overall maximum charge for one of these cards, making it impossible for an unscrupulous merchant to turn a small charge into a larger one without your consent. We've used this service and can recommend it enthusiastically.
In addition to all that, be sure to install the mobile app for your credit card and turn on notifications. That way, in the unlikely event your card is compromised, you'll know immediately and can use the app to temporarily disable the card while you contact the issuer for help.
Send your questions to ask@zdnet.com. Due to the volume of submissions, we can't guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.
More from Ask ZDNET