As a developer, I am blessed to have a background in financial matters and am a Certified Government Financial Manager. I also have the Security+ CE certificate from CompTIA. I find that what I learn in the course of my job affects other areas of my life in positive ways.
Recently Target had a large security breach where credit and debit card numbers were stolen at the point of sale from November 27 and December 15, 2013. There has been a lot of negative fallout from Target, as well as surprise that this particular retailer would be susceptible to this kind of problem.
Whatever the case, your security can be compromised at any time without your knowledge from any retailer who takes your credit or debit card information, from gas stations to grocery stores to outlet malls to online retailers. Every time you make a purchase, you place your trust in that institution and its vendors to safeguard your data.
I believe that is an impossible task, and what happened to Target is the rule rather than the exception. There is literally no way of knowing if another security breach is taking place right now at a store that you have recently patronized and whether your information has been sold. What is your best course of action?
Using a debit card is by far the worst method you can use to purchase items. Whether an attacker has your PIN or not, if a fraudulent charge goes through, your attached checking account WILL be debited. This is exactly like writing a check to CASH with a blank amount and leaving it on the street. You never know who will pick it up nor what amount that person will write on the check. You are totally open and naked to fraudulent transactions. Granted, the bank should make things right for you and refund your money, but how long will this take? If you do not have overdraft protection, you may also incur charges and fees from other institutions, and receiving a refund from them may be more problematic. If you have a debit card, never shop with it. For institutions which only allow debit card transactions, it’s best to write a check.
Using PayPal® is similar to using a debit card. I have a PayPal® account, but I rarely use it except for making purchases on eBay, where the market on transactions has been pretty much cornered. As PayPal® purchases are debited to my PayPal® account much as a debit card for a regular checking account, I normally keep only enough in PayPal® to cover any impending purchases. Otherwise I’ll always use a credit card.
Using cash to make purchases can be a very dangerous option. You could end up with incorrect change and not realize it until you get home. However, the most important reason not to use cash is once it is lost, you’re out. Even with debit cards, if a thief takes your card you can have it canceled. Once cash is lost, it is gone forever.
Using a credit card is by far the safest means of making a purchase. Not only does the law protect credit card users from fraud better than debit card users, but if fraudulent charges are made on a credit card, no money comes out of your checking account. Your largest inconvenience is getting a new card number and maybe proving which charges are fraudulent. While a case is pending, you will not have to make a payment against those charges. You are financially whole at all times until the case is settled.
Even with a credit card, there are some best practices you should follow when making online purchases. The magic of PayPal®, so they say, is that they protect your financial information. You can protect your credit card information by providing a virtual card number. Some banks and institutions allow you to create a credit card number to be used only by that vendor. This can be done for one-time purchases or recurring purchases (for a utility, for example). My suggestion is to only use virtual cards that allow you to specify an expiration date. Some credit card providers do not allow this and I think this is a bad practice.
Another note on virtual cards, I have had one vendor, who shall remain nameless, continue to make recurring charges against my credit card even after I had stopped using the service. With a debit card this could have been financially catastrophic, but it was just an annoyance with a credit card. I eventually had to cancel the card. Had I used a virtual card, I could have canceled the virtual card and used my normal credit card unhindered.
In summary, sooner or later, one of the many businesses you patronize either on or off the internet will be the victim of a security breach where your account information will be stolen. The best thing that you can do is to use credit cards to best insulate yourself from this kind of fraud. If you must, then use cash. A debit card simply invites disaster.
For recurring or internet purchases, consider using a virtual card with an amount and time limit. This gives you much more control over your finances.
Note, the image is from thewalkingdead.com, ©2013 Skybound LLC