How to practice good credit card hygiene to avoid getting hacked
Dear Liz: We have one primary credit card, which we use all the time, that collects airline miles we use for travel. Every few months it is “compromised” and we have to get a new one. Is there something we’re not doing right? Are there “good hygiene” rules for credit cards?
Answer: Yes, and most involve reducing the number of places that have access to your card’s information.
Many online retailers and web browsers offer to save your card information to make future purchases easier.
While these autofills save time, they mean your credit number information is being stored in databases that are outside your control. Refusing this option — and deleting your stored cards from browsers and retail accounts — means less convenience but more security.
Another option is to add two-factor authentication to your retail accounts, which makes them harder to break into. This would require you to enter a code that’s texted or emailed to you or generated by an authentication app.
Some credit cards offer the option to use virtual numbers online. If yours does, this is another option worth using. The retailer never has access to your real credit card number, so it can’t wind up in a potentially vulnerable database.
You can avoid exposing your credit card numbers while shopping in person by using mobile payment apps such as Apple Pay and Google Pay.
These apps create a “token” from your credit card information that’s transmitted to the merchant when you want to buy something. Again, the merchant never sees and can’t store your actual card details.
Other good practices involve steering clear of unsafe merchants and sites. When shopping online, always make sure the little lock symbol shows in the left side of your browser’s address bar and that the site’s address starts with “https” rather than just “http.” If a site doesn’t offer these basic security features, you shouldn’t shop there.
Be wary of in-person merchants that use old-fashioned magnetic card readers, the ones that require you to swipe, without the option of tapping or inserting your chipped card. It’s much easier to clone the information on a card’s magnetic stripe than from its chip, so avoid swiping if you possibly can.
Also be wary of skimmers and shimmers, which are devices that thieves install on unattended ATMs and fuel pumps to steal card information. These devices can be hard to detect, so consider paying for your gas inside the station and using ATMs attached to banks.
You also should avoid using public Wi-Fi for any financial transactions because these networks usually aren’t encrypted and are easily compromised. Finally, be on the lookout for phishing attempts, which is when criminals try to get you to divulge credit card and other sensitive personal information by pretending to be from a trusted source.
Understand that you can do everything right and criminals may still steal your card’s information. Fortunately you’re protected against fraudulent charges, so a compromised card is more of a hassle than a financial disaster.
Did someone send you money ‘by accident’ on Venmo, Zelle or Cashapp? Don’t rush to send it back. Here’s what to do.
Social Security’s complex rules
Dear Liz: You recently mentioned that people can’t always trust the information they get from Social Security representatives. I worked for Social Security for 25 years. When I was ready to file for spousal benefits a few years later in another town, the rep I got immediately told me I wasn’t eligible and was not even going to fill out an application. I knew he was wrong but he was adamant. Always, always tell your readers to insist on filing an application no matter what, as that protects their appeal rights. The applicant might be wrong but will receive a formal determination telling them why. I spent 20 minutes educating that rep on what he should have already known. They don’t train them like they used to.
Answer: Social Security rules can be immensely complicated and, as you note, not every Social Security representative understands those rules as well as they should.
Anyone who’s thinking of applying should first educate themselves as much as possible (the latest edition of “Social Security for Dummies” by Jonathan Peterson is an excellent place to start). Consider using Social Security claiming software or getting personalized advice from a fee-only financial planner. Once you’re well informed, you’ll be better able to recognize and avoid bad advice.
Liz Weston, Certified Financial Planner, is a personal finance columnist for NerdWallet. Questions may be sent to her at 3940 Laurel Canyon, No. 238, Studio City, CA 91604, or by using the “Contact” form at asklizweston.com.
The view from Sacramento
Sign up for the California Politics newsletter to get exclusive analysis from our reporters.
You may occasionally receive promotional content from the Los Angeles Times.