Simply swiping a debit card at a card reader can put you at risk of fraud, but you can easily reduce this risk by knowing where not to swipe your card.
Illegally obtaining credit or debit-card information from a card reader is a type of scam called skimming. The scammer uses captured data or records the cardholders’ personal identification number (PIN) to fraudulently create a fake card and steal from the associated account. Skimming costs financial institutions and consumers over $1 billion each year, according to the FBI.
Debit cards, unlike credit cards, aren’t protected by the Fair Credit Billing Act, regulation that limits consumer liability for unauthorized transactions to $50. Instead, debit cards fall under the Electronic Funds Transfer Act. Under this law, consumers could lose up to $500 if they don’t report fraud within two days.
The first step to prevent your debit-card information from being stolen is to use it only at trusted locations. Here’s where to avoid using a debit card, plus tips on how to protect your account from scammers.
Though gas stations are slowly updating their payment terminals to accept more secure chip or contactless cards, many pumps remain easy targets for criminals to install skimming devices.
“Consumers should especially avoid utilizing their debit cards at gas pumps given their heightened vulnerability to skimming activity,” says Jason Zirkle, CFE, training director of the Association of Certified Fraud Examiners. “It’s much safer to pay inside, or to use a credit card at the pump, since credit cards have legal fraud protections in place for consumers that don’t exist with debit cards.”
Bars and restaurants
When you open a tab at a bar or pass a debit card to a server to pay for the check, you don’t know where the card will be swiped or who will see its information. Some bars and restaurants have contactless payment machines that can be brought to the table. With contactless payment, the payer doesn’t have to pass the card on to anyone and won’t have to worry about the card’s magnetic stripe being scanned.
Another option to mitigate fraud at restaurants and bars is paying with cash or a credit card, since credit cards have enhanced liability protections.
Though it isn’t always avoidable, paying with a debit card at retail stores can make consumers vulnerable to skimmers. An alternative to swiping your debit card is using a contactless payment method. Any information that can be obtained from contactless payment is insufficient to create a fraudulent card, according to Secure Technology Alliance. Most stores offer a tap to pay option on their card readers, which works with many debit cards as well as Apple Pay and Google Pay.
Using a credit card is another safer option to pay. If none of these options are feasible, then using a debit card with chip technology is still safer than swiping it.
Over half of U.S. consumers prefer shopping online rather than in a store, according to a 2022 study by Raydiant. But shopping online is not necessarily safer. The Federal Trade Commission reported that online shopping scams were the second most common type of scam in 2021, and the financial losses caused by these scams are increasing each year.
To combat online shopping scams, avoid entering personal details and card numbers when possible.
“If you are using a browser to purchase items, make sure it’s a merchant you trust that offers a payment option you feel comfortable with, like PayPal or some other encrypted payment option that maintains your payment card information without the need to key in data,” says John Buzzard, lead analyst of fraud and security at Javelin Strategy & Research.
It’s easy to fall for tourist traps when on vacation — common tourist areas make for popular skimming targets. A simple way to lessen the risk of being scammed while on vacation is to use a credit card instead of a debit card. Plus, if you’re abroad, you can avoid foreign transaction fees with a credit card.
The FBI also recommends sticking to ATMs and point-of-sale terminals that are in well lit, indoor locations. Be sure to cover your PIN if you need to enter it anywhere.
Use your smartphone to make payments to help outsmart fraudsters
More brick-and-mortar retailers offer payment options that don’t require a debit card. More than half (56 percent) of retailers accept mobile payments, according to 2020 data from the National Retail Federation. With contactless payment, consumers are avoiding not only germs but also scammers.
It’s smart to leverage digital wallets and other types of digital payments, says Buzzard of Javelin Strategy and Research. “Each time you make a payment using one of these methods, your payment card information is not exchanged with the merchant but rather with a stand-in token that makes up a safer encrypted transaction. You can speedily purchase gas at the pump using these methods as well.”
Though the transactions are safer, it’s important to remember that your mobile wallet is susceptible to theft, too, so it’s important to follow the basics of smartphone safety.
“Enable ‘find my phone or device location’ in case you lose your mobile device,” Buzzard says. Some smartphones can also be wiped clean remotely, if it appears to be in a suspicious location.
Make sure to keep your screen locked. “There are really no excuses for not protecting your payment apps from criminals. Facial scans [and] fingerprint protections known as biometrics work splendidly to protect your information,” Buzzard says.
Additionally, be wary of the potential for cybercrime. Consider installing identity theft-protection software to protect your devices from malware and data breaches.
Malware is usually downloaded via phishing, which can occur when you click on an unknown link from a text or email, says Zirkle of ACFE. Further, he says, “Credit cards in a mobile wallet are always going to be safer than using debit cards due to legal protections.”
What to do if your debit card is compromised
The first step to take if you notice suspicious activity on a debit card is to lock the card. Some mobile banking apps allow users to lock a card through the app, but if not, call the bank or credit union and ask the representative to do it.
When someone becomes a victim of fraud, there are some protective measures in place. Consumers aren’t liable for fraudulent debit-card transactions under the Electronic Funds Transfer Act, as long as they report the fraud within two days. Contact the bank as soon as possible when you notice suspicious activity and alert it of any unauthorized transactions, so that the bank can give your money back.
Finally, report the incident to the FTC. The law-enforcement agency uses consumer data to build cases against scammers and works to prevent future scams.
No matter how safe you are with your payments, the reality is that fraud is always a possibility. In addition to watching where you use your debit card, spend an equal amount of energy watching the activity in your checking account. Consider setting up mobile banking alerts for when a banking app detects any suspicious activity.
“The best thing you can do is monitor your own bank and credit card accounts weekly, if not daily,” ACFE’s Zirkle says. “If you spot any unusual transactions, verify them with your spouse or other account holders, then notify the bank or card issuer right away.”
–Freelance writer David McMillin contributed to a previous version of this article.