Although many consumers worry about the risks of shopping online, in-store payment systems can be just as vulnerable as online checkouts. Swiping your credit or debit card could be exposing you to hackers and theft just as easily as entering a card number on a website.
In last year’s huge Target breach, stolen credentials from at least 40 million customers were pilfered from the store’s payment system.
And Home Depot’s cash register system was the weak point in a breach this year that exposed the data of some 56 million cardholders.
But don’t despair; there are ways to minimize the dangers when you’re shopping in stores and to make your purchasing more secure.
Special Section: Security
After a year of record-setting hacking incidents, companies and consumers are finally learning how to defend themselves and are altering how they approach computer security.
The safest way you can shop, of course, is with cash. It requires no sharing of personal data whatsoever — it’s the most anonymous transaction you can make.
But cash comes without some other protections: If someone steals the item you just bought as you’re walking out the door, or you drop and break it a few days after purchase, you’re probably out of luck.
Many credit cards offer some sort of purchase protection that can reimburse you for stolen or damaged items. The coverage isn’t usually comprehensive, but check your card’s benefits and you may find that some items are covered up to 30 or even 90 days.
And as it turns out, using your credit card when shopping in a store is relatively risk-free, at least for consumers. Many credit cards, for example, offer zero liability if the card is used to makes unauthorized purchases. That means if your credit card number is stolen from a store database, as happened to Target and Home Depot, you shouldn’t have to pay if someone buys items with that card.
“So the thing to do to protect yourself from in-store shopping breaches is to use your credit card and know that retailers are paying much closer attention than they were a year ago,” said Jason Oxman, the chief executive of the Electronic Transactions Association, a trade group that represents the payments industry.
Debit cards come with greater risks: If that number is stolen and you don’t realize it, you could end up being liable for quite a lot of money — even all the money in your account.
Of course, having a compromised credit card number and getting a new card can be a headache. You may have to change the default card number across multiple online accounts, and you risk having payments declined and potential collections problems.
And the ramifications of a stolen card can extend beyond the trouble of having to get a new card and change your default payment method on various sites and services.
Stolen credentials can be tied to an email address, and that could allow hackers to send sophisticated phishing attacks, like an email that appears to be from your bank and may trick you into a clicking a link and typing in your banking password.
If you’re worried about credit card security, call your bank and ask whether it offers computer chip-based, or E.M.V. cards, instead of the old magnetic-stripe cards.
These cards are more secure than stripe cards. Instead of sending your credit card number when you swipe, the chip generates a different security code for every transaction. And a PIN code acts as a second layer of security to prevent someone from using a stolen chip card.
Credit card issuers are pushing for a transition to E.M.V. cards by October 2015, so many of them may already offer chip-based cards and will replace yours upon request. If your card issuer doesn’t offer chip cards, consider switching to a card that has one, like the Chase Sapphire card.
However, be aware that many retailers don’t yet accept chip cards, so it’s not a perfect solution.
Another way to keep your credit card number out of the equation is to use Apple Pay or another electronic payments service like Google Wallet or SoftCard.
Like chip-based credit cards, Apple Pay and its competitors don’t send your credit card number to a store’s database when you use it for a purchase. Instead, they send a secure, one-time code to authorize the purchase.
Apple Pay or Google Wallet are especially good options for people who like to shop with their debit cards. They protect the card number but still let you shop with the equivalent of cash, but without carrying it all the time. Keep in mind, though, that not all stores accept these forms of payment.
Store breaches continue to happen — the latest retailer to report a big hack was Staples, although officials estimate that more than 1,000 businesses could have been affected by the same hack that took down the Target and Home Depot systems.
But as systems like chip-based credit cards and mobile wallet payments proliferate, credit and especially debit cards may be less vulnerable in time.