How to protect your credit card online

Keep your credit card details away from prying eyes and avoid fraudulent transactions with these tips for shopping online.

Lexy Savvides Principal Video Producer
Lexy is an on-air presenter and award-winning producer who covers consumer tech, including the latest smartphones, wearables and emerging trends like assistive robotics. She's won two Gold Telly Awards for her video series Beta Test. Prior to her career at CNET, she was a magazine editor, radio announcer and DJ. Lexy is based in San Francisco.
Expertise Wearables | Smartwatches | Mobile phones | Photography | Health tech | Assistive robotics Credentials
  • Webby Award honoree, 2x Gold Telly Award winner
Lexy Savvides
4 min read

It pays to protect yourself when shopping online to avoid getting more than you bargained for.

With high-profile data breaches potentially affecting millions of people, here are some card-specific tips to keep in mind when virtually swiping your plastic.

The basics

  • Use a credit card. Debit cards often don't have the same level of fraud prevention and protection
  • Only enter details on secure sites. Look for an https connection and valid security certificates
  • Don't send credit card details over email or social media
  • Keep your antivirus software and browsers up to date

Turn on your credit card's added layer of security

Many credit cards will have an additional layer of security that might not be enabled by default. MasterCard's SecureCode is a one-time code you enter every time you make a transaction on a supported site.

Verified by Visa also requires a passcode to authorize a purchase. On top of these safeguards, some banks also have their own verification system in place that works in place of SecureCode and Verified by Visa. This may include the bank sending a one-time PIN or security code to your phone as a second layer of authorization. Check with your bank or financial institution to see if one of these options is available.

Both Mastercard and Visa offer Zero Liability protection against fraudulent transactions for both online and offline use.

Lexy Savvides/CNET

Consider a separate card for online transactions

For those who want to keep online purchases completely separate from everyday credit card transactions, prepaid cards are one option.

They allow you to load a set amount of money at the time of purchase. The advantages are plentiful when it comes to using a prepaid card for online shopping, but the big one is that even if the card's details are compromised somewhere along the chain, there is a limit to the amount of money that can be taken.

Virtual credit cards

Some banks and financial institutions let you generate a virtual credit card number. This is a single-use number linked to your real card that often has a fixed spending limit and an expiry date. Even if a merchant is compromised and your details are exposed, thieves only get this temporary number. Bank of America calls this ShopSafe and Citi's version is Virtual Account Numbers.

A third-party option is Privacy, a browser extension for Chrome that links to your bank account. Click the icon in the Chrome toolbar to generate a virtual card on demand and load it with an amount of your choosing. You can create burner cards so numbers self-destruct after use. Privacy is currently only available in the US.

A payment system such as PayPal, Mastercard Masterpass, Visa Checkout, Amazon Pay or Apple Pay can add an extra layer of protection between you and the merchant. Your payment details aren't revealed to the store when you use one of these services.

Watch statements for any unusual transactions

While many banks have sophisticated 24/7 monitoring systems designed to detect fraud and unauthorised credit card use, it's important to keep an eye on your financial statements. If you spot anything suspicious, call your bank immediately.

Hamid Karimi from Beyond Security also suggests letting your bank know where you do your online shopping and to block certain geographies. "For example, if you live in the US, a purchase conducted in Eastern Europe is illegitimate," he says.

Check your browser settings

Turn off your browser's autocomplete settings to avoid it storing your credit card number or personal information.

In Chrome, go to Settings and select Advanced. Under the Passwords and Forms section, click Autofill settings. Delete any credit card information that is automatically stored, then toggle off the option to use autofill.


Toggle off the Autofill switch altogether, or just choose to have addresses rather than credit cards stored.

Screenshot by Lexy Savvides/CNET

In Firefox, go to Preferences. Find the Privacy panel and look for the History drop-down box. Choose Use custom settings for history then uncheck Remember search and form history.

In Safari, go to Preferences, AutoFill. Uncheck the options to remember form data, including the credit card option.


Uncheck the credit card option in Safari.

Screenshot by Lexy Savvides/CNET

In Edge, select the More Actions button, then Settings and View advanced settings. Uncheck the save form entries toggle.


Be sensible about where and how you use your card

Reduce the chance of falling victim to a large-scale breach by not allowing the retailer to store your credit card details. Enter your credit card details each and every time you make a purchase.

Make sure to use a separate password for every account you make with an online retailer. A password manager is the easiest way to generate and store unique passwords across sites.

It might sound obvious, but don't type your details out in public view where people can see your screen. Also, avoid connecting to public Wi-Fi networks if you're shopping on a mobile device and use your cellular data instead.

Be on the lookout for fake apps

Not every app is legitimate, especially when it comes to retail apps. Double-check before downloading to make sure it's from the real merchant. A lack of reviews on the app store, typos in the description or app itself could be red flags. Apps that ask for you to grant excessive permissions, paid apps, or those that ask for your credit card details immediately are also warning signs. Here are some more ways to identify fake apps.

First published Nov. 24, 2014

Update, Nov. 29, 2017: Adds information about virtual credit cards, fake apps and payment systems.