Prop gun kills one on set of Alec Baldwin movie iPod at 20: Inventor looks back Moderna booster approved Ryan Gosling could play Ken in upcoming Barbie movie Uncharted movie trailer PS5 restock tracker

Shop smarter: 10 tips for improving your credit card security and privacy

While some security threats are out of your control, take these steps to protect your credit card information while shopping online.


These days, it seems like there's always a new data leak in the news, leading to hackers swiping your financial data, including your credit card number. From fraud and identity theft to data breaches and surveillance capitalism, our financial information faces a multitude of threats, some of which we can mitigate, and some of which we can't.

The good news is using a credit card is actually a smarter move than shopping with your debit card. That's because credit card companies offer more protection than most debit cards -- not to mention you decrease your risk of thieves getting ahold of the money in your checking or savings accounts. 

Combined with conscientious shopping, smart internet awareness and a few other good habits, you can use these tools to protect your financial data. Here are some best practices to keep in mind to maximize credit card security and privacy.

10 ways to protect your credit card data 

1. Determine your risk appetite

There's often a trade-off between security and convenience, so understanding the lengths you're willing to go to protect your credit card will help determine which steps are worth it to you. Maximum security requires a greater time investment on your end, so you'll want to decide how much effort you're willing to spend to keep your card safe.

If you're set on reducing the risk and hassle of fraud -- and the requisite time it requires to fix -- to the greatest extent possible, punching in an authorization code for each purchase and setting up customized alerts is your best option. If you don't want to authorize each transaction or take the time to regularly review your statements, then focus more on automated services and features offered by your card provider. 

2. Regularly review statements and transaction history 

While most credit card issuers won't hold you liable for fraudulent charges, you'll need to pay attention to your spending history in order to catch charges that weren't made with your permission. We recommend reviewing your credit card activity every three to four days to ensure erroneous charges are identified as soon as possible. If that's too often for you, we recommend at minimum reviewing charges twice a month or billing cycle. Under the Fair Credit Billing Act (FCBA), you have 60 days to alert your card issuer of fraudulent charges -- if you catch charges past this window, your issuer may no longer be able to remove them, putting you on the hook for these purchases. Any longer than that and you may exceed the period during which the issuer can rectify the situation.

3. Turn on purchase notifications and activity alerts

Nothing beats reviewing your credit card activity line by line, but automated notifications come close. Some credit cards allow you to turn on notifications and alerts based on your preferences. Wells Fargo, for example, allows users to receive alerts via text, e-mail or app for ATM withdrawals, cash advances or purchases made above a specified threshold. While this level of customization isn't standard among all card issuers, a few other banks and card providers offer similar options. Just make sure your contact information is up to date so your bank isn't sending activity alerts to the wrong cell phone or email address.

4. Take advantage of your credit card's additional security features

After notifications and alerts, do a little research on the other security features your card offers. Remote locking and unlocking, for example, allows you to "freeze" your card if you think it may have been lost or stolen to prevent fraudulent charges. Also, many banks now offer extra levels of account sign-on protection, like Face and Touch ID, to ensure no one but you is accessing your banking app.

5. Look into your card network's security features

You can look beyond your card issuer or bank to keep your money safe. Card networks such as Mastercard, Visa and American Express offer additional security features, like Mastercard Secure Code, which asks for a verification code whenever you make a purchase, and Visa Secure, which does the same for suspicious transactions. 

6. Don't save credit card information automatically with apps or browsers

Sure, it may be convenient to store your passwords and payment information on your browser, but saving this information on browsers, apps or websites puts you at a greater security risk. Not only are you increasing the number of entities you're sharing this information with, you're also potentially exposing your information to a stranger if your device is lost or stolen. It's better to manually enter your credit card information every time.

7. Use virtual card numbers to shield your information from merchants

When shopping online, you can limit the amount of access companies have to your data by using "virtual card numbers" or other services that shield your data from the merchant. Capital One, for example, offers virtual card numbers through its app's virtual assistant, Eno. Each time you make a purchase, the app will generate a new card number for you to give to the merchant, which draws funds from your account but doesn't reveal your account information.

If your credit card doesn't offer this capability, consider a third-party virtual card service like Privacy. Just be aware that you will have to turn over your account information to the app -- but this can be a better option than handing it over to dozens of online vendors.

8. Consider privacy when choosing a credit card

If data sharing is your main concern, focus on privacy features when shopping for your next credit card. The Apple Card's privacy policy, for example, states that it will "never share or sell your data to third parties for marketing or advertising" -- a rare commitment in the industry, and one that extends to its banking partner, Goldman Sachs. Other cards may openly share your data with all sorts of companies, including non-affiliate marketers. 

9. Take advantage of opt-out options

Some credit card issuers and banks offer ways to opt out of data sharing, through either online forms or phone numbers. Card networks like Visa and Mastercard also enable you to limit the extent to which they share your data, as do some stores, like Target. These services are another step in the right direction, but there are usually exemptions that allow them to still use and share your data. 

10. Use one card for all online purchases

To keep your money and other credit accounts safe, limit the number of cards you use online. If possible, opt for one credit card for all of your online purchases, rather than using multiple cards. The real trade-off here is you won't be able to rack up rewards for each card if online shopping is your primary means of earning points or cash-back. We recommend looking for a well-rounded cash-back credit card to solve this problem. 

Credit card security and privacy FAQs

How do credit card companies use my data?

Credit card companies primarily use and share your information for marketing and advertising purposes. This allows companies to see what you're buying and react accordingly, with tactics like serving up targeted ads based on your shopping history. Your data is also used for "everyday business purposes," which generally means financial forecasting but can include a wide variety of other activities like product development and sales strategy. 

Every credit card company has its own rules and regulations around customer data, so it's important to read and understand your issuer's disclosure. To see an example list of how your data is used and shared, Wells Fargo's Privacy Notice offers an accessible, straightforward explanation.

What do I do if my credit card information is stolen?

Even if you follow all security precautions, it's still possible for thieves to gain access to your credit card. If this happens, you should report the charges to your credit card issuer immediately to report any unauthorized purchases. Be prepared to provide them with personal information, including your legal name, address and Social Security number. From there, your card issuer will likely cancel your current card, review and remove fraudulent charges and issue you a new card.

We also recommend checking any other credit accounts to make sure hackers didn't gain access to additional payment methods. You can reduce your chances of becoming a victim of credit card fraud by keeping your eye on your credit card bills, using enhanced security tools and following basic credit card privacy guidelines.

If someone has my credit card information, can they steal my identity?

Generally speaking, no -- but it's a bit more complicated. Identity theft occurs when a thief steals someone's personal information and uses it to commit fraud. Stealing credit card information is generally a consequence of identity theft. 

If a thief only gains access to your credit card information, they can't commit the same level of fraud as someone who commits identity theft. They'll be able to rack up debt on your account and may gain access to your home address and credit card account information, but they generally cannot access your sign-on information or other personal details that would allow them to open new accounts in your name.

Is it safe to give credit card information over the phone?

When you give your credit card number over the phone, you have the same protections available as you would if you entered it online or swiped it at a store. The FCBA limits your personal responsibility for fraudulent charges to $50, no matter how your credit card was used.