Are you being safe with your account info -- or paranoid?
Phrases such as "security," "data breach," "credit card skimmers" and "identity theft" make the headlines so often they've become part of our vocabulary. The massive Yahoo breach in September 2016 is just one of the largest in a line of similar incidents.
In response, we change our passwords (again), reconsider using mobile wallets, and look a little more seriously into identity-theft protection, all the while wondering: am I being safe, or just paranoid?
Security and banking experts offer some examples of smart actions you can take to remain safe - and some that may be a little over the top.
RFID-blocking devices claim to protect you from electronic pickpockets. The commercials for these products would have you believe that scammers are walking around with devices that scan your tap-and-go credit and debit cards for personal information.
"It's obviously personal preference if you decide you feel safer with one of these wallets," says Maura Drew-Lytle, director of media relations and communications for the Canadian Bankers Association. "But we don't think they're necessary."
She says while tap-to-pay debit and credit cards use Radio Frequency Identification (RFID), there are a lot of security features already built into them, including encryption.
"They use international EMV standards and cryptography," says Drew-Lytle. During a transaction, the card and terminal communicate with each other and do security checks.
"For that transaction to happen, there's a unique encryption code that is transmitted," she says. "So even if somebody was able to intercept that code, it would be useless to do another transaction, because the code is unique to each transaction."
The cards must also be used within a very short range - within centimetres - of the terminal to work.
Even if someone could scan your card, no personal information would be transmitted, says Drew-Lytle.
"The only things that are transmitted during a transaction include language preferences, the card number and other coding," she says. "But your name, your bank account number, or the three-digit security code on the back of the card aren't transmitted during a contactless transaction."
In addition, there's a low transaction limit with contactless payments, usually $100 or less. "If you try to buy anything for more than $100, you have to insert your card and use your PIN," says Drew Lytle.
On top of all of this, she says, the banks electronically monitor transactions. They'll flag anything that looks like unusual spending patterns for you.
"That's true whether it's a normal credit card transaction or a contactless transaction," Drew-Lytle says.
afraid of mobile payments.
Mobile payments, such as Apple Pay, use technology and security similar to contactless systems. Some mobile payment systems have added security features. With Apple Pay, for example, you must authenticate transactions with your thumbprint.
Like contactless payments, mobile payments also have low transaction limits and, just as with other transactions, there is behind-the-scenes monitoring.
In addition, Drew-Lytle says, "you've got all the same zero liability protection, and that's for credit cards and debit cards. The bank is the one who covers the loss."
Daniel Williams, senior fraud specialist with the Canadian Anti-Fraud Centre, agrees. "We simply are not getting complaints on it," he says.
It's important, though, to password protect your phone so that if you lose it, no one will have access to your mobile wallet.
If scammers aren't getting your personal information from contactless payments, where do they get it from? One possibility is your garbage or recycling bin.
"Shredding paper before it goes out will always be a good idea, even though the majority of breaches that occur are certainly going to be cyber," says Williams. "Dumpster diving still occurs. There's a certain amount of information that's going to be stolen from your trash."
The Canadian Identity Theft Support Centre, in its Identity Theft Protection Guide, lists the 10 types of information most useful to identity thieves. The list includes your name and address, date of birth, government-issued ID numbers and financial account numbers. Your safest bet is to shred everything that contains any of this information.
"Assume nothing," says Williams. That means that unless you speak to your bank and find out otherwise, shred your ATM receipts as well.
what you put on social media.
Social media sites, such as Facebook, Instagram and Twitter, can be gold mines of personal information.
Depending on your privacy settings, your birthday (and often year of birth) will pop up on all your friends' newsfeeds. If you list relationships on your page, scammers may be able to determine your mother's maiden name or your maternal grandmother's name, which often are answers to security questions to access your online accounts.
Check your privacy settings, and don't display your birth date on your profile.
Williams recommends doing a Google search on your name, email address and any phone numbers connected to you.
"See how much of your information is actually posted that you don't know," he says. You might be surprised at what you find. If you've posted your résumé on a job-search website, that may be easily accessed by anyone.
your statements, reading the fine print.
"The way we look at it, everything can be counterfeited," says Williams. "Any security system can be breached. It's a matter of: are you going to be able to spot it and react to it in a timely manner?"
He recommends checking your credit card statement online at least once a week. Don't just glance at it. Check that each charge is legitimate, even the little ones.
"You can't ignore anything," Williams says. He says a scammer using your card might test it with a small amount before making a big purchase.
"As soon as you spot something untoward, you need to report it to your credit card company," he says. "The protection offered by the card companies is phenomenal. A consumer simply needs to be aware of their account."
For the most part, that protection includes zero liability for fraudulent purchases. It's important to know what your rights are, and that means reading the fine print of your card agreement.
You also need to understand your responsibilities to safeguard your accounts, says Drew-Lytle.
"You do have a responsibility to choose safe PINs and passwords," she says. Don't use your birthday, child's name, "Password123" or any other easy-to-guess combinations. In addition, don't share your card, PIN or password with anyone, not even a family member.
"If you've done that, you might be liable for whatever's spent," says Drew-Lytle.
credit monitoring/identity-theft protection.
Instead of manually checking your statements, you might think it's easier to pay for credit monitoring or identity-theft protection.
"With a lot of security issues, really and truly, it's a state of mind," says Williams. The money for these services might be well-spent "if you're the nervous type," he says. "If it makes you feel more comfortable and if it makes you feel more secure," then you should use these services.
But for most people, he says, credit monitoring and identity theft protection probably are unnecessary.
Despite the number of breaches and scams we hear about, "the percentage overall is quite low when you consider the billions of transactions worldwide," Williams says. "Fraud really and truly is a tiny fraction."
The best protection, he says, is diligently checking your statements, which is free.
choosy about where you store you card details online.
While credit card fraud may make up a small percentage of overall transactions, that doesn't mean you shouldn't pay attention to where you shop online.
Make sure you know who you're dealing with, not only when choosing where to save your card details, but any time you make a transaction, says Drew-Lytle. Only shop at retailers you know and trust.
Whether to store your credit card number with a trusted website is a personal decision based on weighing the benefit against the risk. If it's a retailer you frequent, you're likely more inclined to make your shopping experience more convenient by storing your card info online. Choose a strong password, and then rest easy.
"Even in the case of data breaches, your credit card company will cover the losses, because it's not something that you have contributed to," says Drew-Lytle.
"Remember, credit cards are still the safest way to make a legitimate payment," Williams says. "You've got a phenomenal amount of protection against fraud."See related: How to secure your phone to keep financial data safe, 3 common online financial security mistakes for young adults, 5 myths about credit card security after a retail data breach
Most recent Legal, regulatory, privacy Stories
- Using 'autofill' for card info is convenient, but is it safe? -- Your computer and your smartphone use autofill settings to make shopping online a breeze. But how safe is the technology? ...
- Is there privacy in a cashless society? -- Canadians favour plastic and mobile payments, but are we trading privacy for convenience? ...
- Are you being safe with your account info -- or paranoid? -- Data breaches, identity theft and other scary situations have become routine. We change passwords, get credit monitoring and shred documents. But is any of it over the top? ...