5 useful tips to bulletproof your credit cards against identity theft
I will provide you with five simple methods to safeguard your credit cards from identity theft. These strategies are easy to implement and can be used by anyone. Additionally, I have included an experimental technique at the end of this post to protect against the recent chip downgrading attack.
-
Don’t be an easy mark: never share a photo of your credit card on a social network
Despite being an obvious tip, individuals still tend to share pictures of their credit cards on social media. The provided Twitter screenshot serves as a prime example of what not to do. To protect the individual’s sensitive information, I obscured the key details that were not obscured by the person who originally shared the image. In fact, it is best to refrain from sharing any photographs of documents on social media.
-
Reduce the risk of online fraud by blanking the security code
The CVV code located at the back of your card is solely utilized for online purchases, and therefore, there is no rationale to keep it on the card once it has been securely saved in your password manager. I have discovered that the most effective approach is to utilize a nail file to erase the majority of the code before using a permanent marker to obscure any remaining remnants.
-
Limit the risk of fraudulent charges when your card is stolen by not signing your card.
It is unnecessary to disclose your signature as it does not enhance security measures. However, leaving the signature field blank could lead to a potential attack, as a thief could easily forge your signature. Therefore, there are two alternatives, both of which have garnered considerable support.
The first option involves inscribing “SEE ID” in place of your signature. This indicates to the merchant that you prefer to present your identification rather than relying solely on a fraudulent signature check. This option is optimal if your primary concern is fraudulent charges and theft. In the past, when I used this method, the Apple Store consistently requested my ID when I presented a card with “SEE ID,” which demonstrates that it can be successful.
Alternatively, you can obscure the signature field with a black marker, as seen in the screenshot above. This option will appeal to individuals who value their privacy and prefer not to present their identification in stores. However, this approach does not mitigate the risk of fraudulent charges in the event of theft. Recently, I have shifted to this method.
-
Prevent remote reading by using a RFID blocking sleeve or wallet
If your card is relatively new, it is likely to be contactless, which can leave you vulnerable to remote attacks and privacy breaches. For instance, as shown in the screenshot, by using a dedicated Android app, I could easily extract my credit card details, including the number, expiry date, and the last 10 transactions, using a remote NFC reader. While testing different cards, I discovered that the last transactions were not always recorded, especially on European cards. Researchers have proved that this information can be read from a short distance of 45cm, making protection against remote reading essential. To determine if your card supports contactless reading, look for the wave symbol, such as the one highlighted in the screenshot. Note that the contactless symbol may also appear in other parts of the credit card, such as the top right corner. Fortunately, you can defend against this type of threat easily by carrying your credit cards in sleeves that block remote reading. I experimented with a few sleeves before settling on the one featured in the screenshot. It is thin, robust, and reasonably priced. You can purchase eight RFID/NFC blocking sleeves for $10 on Amazon. Alternatively, you could opt for a wallet that protects all your cards, ID, and passport at once. I personally use one from Ogon, as shown in the screenshot, but there are many other reliable brands to choose from.
-
Defend against dumpster attacks by shredding your old card and PIN letter
It’s likely that you’ll receive a new card while your old one is still valid. It’s crucial to shred the old card, as the card number will remain the same. Similarly, shred the letter that came with your new card and the letter with your PIN, but make sure to store it beforehand in your password manager! If you don’t have a shredder, I recommend purchasing one that has micro-cut shredding capabilities, as seen in the screenshot. These shredders make it extremely difficult to reconstruct documents and are not much more expensive. Additionally, micro-cutting ensures that you can’t shred documents in the wrong direction, leaving them vulnerable to reconstruction, as was the case with the Enron scandal. At home, I use the cheapest shredder from Amazon, which has worked flawlessly thus far. As demonstrated in the screenshot, the resulting micro-cuts are exactly what you would expect from a micro-cut shredder. Overall, a shredder is a wise investment as you should shred all bank statements, insurance letters, bills, and other sensitive documents to prevent dumpster-diving attacks. It also makes for a great gift when you’re not sure what to give for a birthday 🙂
Prevent a downgrade attack by demagnetizing the strip
In 2015, Sami Kamkar demonstrated a method for modifying the magnetic strip on a card to fool card readers into thinking the card lacks a chip, leaving it vulnerable to cloning. To learn more about the security concerns associated with this, read the relevant section of his blog post. The only way to prevent this type of attack is to demagnetize the strip. However, this is a risky modification, particularly in the US, where some retailers still do not accept chip cards. Although all US retailers were expected to be capable of reading chip cards by 2015, only 37% were able to do so as of February 2016. While the situation is improving, I am considering demagnetizing some of my cards to reduce my exposure. Nevertheless, this is a highly risky action and should only be undertaken if you have a contingency plan and assume full responsibility for any consequences. Please share this post with your friends and family so they can also learn how to protect their credit cards. Additionally, let me know via your preferred social media platform whether you have left the signature space on your card blank or written “SEE ID,” as well as which sleeve you are using.