Credit Card Security

With the ever rising reports of credit card fraud, fraudulent use, internet phishing and identity theft, people are rightly concerned about credit card security. Fraudulent credit card use can be an annoyance at best, and seriously damage your credit at worst. It's only reasonable that people have questions about credit card security and authentication methods. Here are some of the most frequently asked questions about credit card security.

1. How does the ATM or store terminal know my PIN number?

PIN (personal identification numbers) are the most often used way to authenticate your identity when you use your credit or ATM card. When you first choose your PIN number, it is 'encrypted' - stored in a secret code of letters and symbols - and either stored in a database or on the magnetic stripe on the back of your card.

2. If my PIN number is stored in a database, doesn't that mean that bank or credit card employees have access to it?

The encryption method that's used by ATM and credit cards is called 'one-way encryption'. It makes it easy for the bank's computer to verify the PIN given the bank's key and the PIN, but nearly impossible to extract the PIN in text form from the encrypted database.

3. How does the machine 'read' my card?

The stripe on the back of your credit or ATM card is called a magnetic stripe. It's actually made up of thousands of tiny magnetic iron-based particles. The card can be 'written to' much the same way that the hard drive on your computer can be written - by means of magnetic interaction changing the charge. Written into the stripe are your account number and identifying data. When you swipe the card, that information is read and sent via modem to an 'acquirer' - a company that 'acquires' a payment guarantee from the credit card company based on the information stored on your card's magnetic stripe.

4. Isn't buying on the internet dangerous and insecure?

Honestly? Your credit card information is in less danger being transmitted over the internet than it is when you hand your card to a store clerk at the counter. The real danger to your credit card information isn't from hackers hitting online merchants, or stealing your credit card information via modem or phone lines. The real internet security dangers come from two different directions:

a. Hackers using back doors to get into the records of banks, credit card companies and data repositories.

This is the biggest danger. It's also a danger for stores and companies that have records 'online' for billing purposes. There's a great deal being done to improve security of data repositories, which are far more vulnerable than any data transmission stream.

b. The second big credit card security danger is the practice that's sometimes called 'phishing'. In this case, the credit card thieves trick you into giving them your identification and credit card data. They may do this with an email purporting to be from an official of your internet service provider or email, your credit card issuer or anyone else. They also may build sites that are identical to sites like Paypal, American Express and others for the express purpose of capturing your information so that they can use it.

5. How do I protect myself from phishers?

First, never provide your social security number or other identifying data to anyone without first verifying that they are exactly who they say they are. Experts recommend that you never use the link provided in an email to go to the site of someone you do business with. Instead, open a new browser window and type in the known address by hand