Here are the five methods I use to protect my credit cards from identity fraud, all of which are simple to implement. As a bonus, I’ve included an experimental move at the end of the post to protect against the recent chip downgrading assault.
1. Don’t make yourself an easy target: never post a picture of your credit card on social media.
While this tip can seem self-evident, people still post photos of their credit cards on social media. The screenshot above is an example of what not to do, taken from Twitter. I obfuscated the main details because the person who shared it had not done so. In reality, you can never post a picture of a document on social media.
2. By leaving the security code blank, you will reduce the possibility of online fraud.
Since the CVV code on the back of your card is just helpful for online shopping, there’s no excuse not to scratch it off once it’s safely saved in your password manager. The best way I’ve found is to use a nail file to erase the majority of the marking and then use a permanent marker to fill in the gaps.
3. If your card is stolen, don’t sign it to reduce the chance of fraudulent charges.
You don’t want to reveal your signature, mainly because it adds no security value. However, you can’t leave the space blank because an intruder would simply sign it if it’s stolen. This leaves us with two choices, both of which have a sizable following:
A. Replace the signature with SEE ID, as seen in the screenshot of one of my cards above. This means that you want a store to ask for identification rather than relying on a fake signature search. If you’re more worried about fraudulent charges and your card being stolen, this is the best solution. When that was my preferred form, the Apple Store still asked for my ID, even though I had a card with SEE ID, indicating that it sometimes works.
B. The other alternative, as seen in the screenshot above, is to fill in the signature field with a black marker. This choice would appeal to people who are concerned about their privacy and would instead not display their ID in a shop. This more privacy-preserving method’s disadvantage is that it does not protect against fraudulent charges if the card is stolen. This is the approach that I recently adopted.
4. Use an RFID blocking sleeve or pocket to prevent remote reading.
If you have a recent passport, it’s likely contactless, leaving you vulnerable to remote attacks and data breaches. For example, as shown in the screenshots above, I was able just to use a dedicated Android app to extract my credit card details, expiration date, and a record of the last ten purchases using a remote NFC reader.
Using various cards, it appears that the most recent transactions are not always registered, particularly in European cards. Research teams have shown that this information can be read from a (short) range of 45 cm, highlighting the importance of safeguarding against remote reading.
Look for the wave icon, which is shown in the screenshot above, to see if your card supports contactless reading. It’s worth noting that the contactless symbol could appear elsewhere on the credit card, such as in the top right corner.
Carrying your credit cards in sleeves that block remote reading is a relatively simple way to protect yourself against this form of attack. I tried a few different sleeves before settling on the one shown in the screenshot above, which is thin, sturdy, and inexpensive. On Amazon, you can get blocking sleeves at affording.
Alternatively, you should use a wallet that covers all of your cards, ID, and passport at the same time. I use one from Ogon, as you can see in the screenshot above, but there are plenty of other brands that I’m sure would fit just as well.
5. Shred your old card and PIN letter to protect yourself from dumpster attacks.
You’ll likely get a new card because your old one is still valid. Since the card number will be the same, make sure you shred the old card. Similarly, shred the letter that came with your new card, as well as the letter containing your PIN (though remember to save it in your password manager first!).
If you don’t already have a shredder, I suggest investing in one that can shred in micro-cuts, as seen in the screenshot above. They make record reconstruction extremely difficult and aren’t any more costly. Furthermore, with micro-cutting, you can’t shred documents the wrong way, leaving them vulnerable to restoration, as in the Enron example.
At home, I use the Cvv shop, which has served me well so far. The resulting micro-cuts, as seen in the screenshot above, are just what you’d expect from a micro-cut shredder. To stop dumpster-diving attacks, a shredder is a wise investment. You should shred all bank statements, insurance letters, bills, and other sensitive documents. It’s also a perfect gift for when you’re stumped for a birthday present 🙂