The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
Have you ever used your dog’s name as a password, hopped online at a coffee shop or tossed your credit card bill in the recycle bin? A new poll shows you’re not the only one taking these kinds of data security risks.
The new Bankrate.com survey found that more than nine out of 10 (91 percent) of Americans are making data security missteps. The most common risky behaviors include reusing passwords (80 percent), saving passwords on a computer or phone (45 percent) and saving payment information on a device (39 percent) to make shopping faster and easier. (See survey methodology.)
When you factor in all the different ways people can expose their data, the number of risk-takers is probably even higher—close to 100 percent, says Joseph Steinberg, cybersecurity expert and author of “Cybersecurity for Dummies.”
“There are just so many ways you can put your data at risk,” he says.
Common data security mistakes
If you’re one of the many Americans not doing everything you can to safeguard your data, there is good news: your credit card issuer may have your back.
Card issuers watch closely for fraud and tend to err on the side of caution. The survey found that 43 percent of cardholders have received a credit card fraud alert that turned out to be a false alarm.
While card issuers are going to extremes to fight fraudsters, Americans continue to take steps that could give criminals easy access to their data. Here are the most common unsafe behaviors revealed by the poll:
- Reusing online passwords: While 8 in 10 Americans reuse passwords, far fewer (37 percent) say they do so either all or most of the time. About 1 out of 4 adults (26 percent) say they reuse passwords less than half the time. This habit is becoming less common, with 53 percent reusing passwords at least half the time, down from 61 percent last year.
- Saving passwords on a computer or phone: Almost half of adults (45 percent) say they save passwords on their devices. Members of Generation Z (ages 18 to 23 years old) were most likely (50 percent) to take this shortcut to make logging in faster and easier while members of the Silent Generation (age 75 and older) were least likely (38 percent) to do so.
- Saving payment information on a computer or phone: Less than half of consumers (39 percent) save payment information on a device, a behavior that makes shopping easier but also can expose your credit card information if the retailer has a data breach. Millennials (ages 24 to 39) at 42 percent and Gen Xers (ages 40 to 55) at 41 percent were most likely to admit to this risky habit.
- Using public Wi-Fi: Many customers hop on public Wi-Fi at cafes and restaurants, which could expose passwords and other private information to cybercriminals. But this year, only 36 percent of Americans report using public Wi-Fi, down from 48 percent last year. This change is likely due to the pandemic keeping more people at home and out of public places.
Other behaviors Americans admit to doing include: using an ATM somewhere other than a financial institution (28 percent), carrying a Social Security card in a purse or wallet (26 percent), throwing away or recycling personal documents without shredding first (23 percent) and posting their birth date on social media (15 percent.)
The good news is that Americans seem to be getting a bit more careful with their data. Tossing mail without shredding and posting date of birth on social media both dropped by five percentage points from last year’s survey.
Why do consumers get careless with their data? Many people feel they have nothing valuable to protect, says Scott Schober, cybersecurity and wireless technology expert and author of “Cybersecurity is Everybody’s Business.”
Over time, people get “breach fatigue” from seeing news of hacking and scams and having their credit card and debit card compromised, Schober says.
“This all leads to cyber complacency, so they feel no matter what they do they can’t prevent their personal data from being compromised,” he says.
Card issuers zealous about stopping fraud
If you’re like most consumers who tend to get a little sloppy with personal data from time to time, it may help to know that credit and debit card issuers are diligent—and some might even say overzealous—about preventing fraud.
The survey found that over half (55 percent) of consumers have received a fraud alert about one of their credit or debit cards. Of those who have gotten notified of potential fraud, 79 percent said they have had at least one false alert. That means the card issuer flagged normal activity as suspicious.
Of the cardholders who had had one or more purchases blocked by their card issuers due to suspected fraud:
- 49 percent said some of the blocked charges were legitimate and some were fraudulent
- 30 percent said all the blocked charges were legitimate purchases they had made, and
- 21 percent said all of the blocked purchases were fraudulent activity on the card
Cardholders who get a legitimate purchase blocked due to fraud concerns may react with a range of emotions. In fact, the survey found that only 17 percent of U.S. adults would feel “unbothered” in that situation. The most common negative reaction was annoyance (27 percent), followed by anxiety (11 percent), anger (10 percent) and embarrassment (9 percent). In contrast, almost 1 in 4 (23 percent) said they would feel relief.
Even if it bothers some cardholders, credit card issuers need to be extra vigilant because they’re on the hook for fraud losses, says credit card expert John Ulzheimer. By federal law, consumers are liable only for the first $50 in fraudulent charges. However, virtually all card companies offer $0 liability.
Credit card issuers use systems designed to spot and flag activity that doesn’t fall within your normal purchasing patterns, Ulzheimer says. This works well when you’re shopping the way you normally do in the places where you normally go. But a legitimate purchase that falls outside your typical patterns may get flagged, he says.
For example, if you buy $3,000 worth of dog food or pay a 75-cent fee at a parking meter in California when you live in New York, that purchase may get blocked so the issuer can make sure a criminal isn’t using your card.
“You’re going to be asked to verify that the transaction is actually valid,” Ulzheimer says. “That’s not too much to ask a customer to do from time to time.”
4 easy ways to safeguard your data
Do you feel overwhelmed by the thought of protecting your data? Here are four simple steps you can take to keep your personal information more secure:
1. Lock down important accounts
Protect your email, social media accounts and phone with unique, hard-to-crack passwords that you keep in a safe spot at home, Steinberg recommends. These are accounts and devices that could help a hacker gain entry to a trove of very personal information and multiple accounts, he says.
“These passwords are so sensitive they shouldn’t even be in a password manager,” he says.
On the other hand, it’s OK to reuse passwords for blogs or sites you register for just to get free content or some other perk, he says.
2. Make mail shredding a habit
Buy a shredder and put it near the place you sort your mail. Shredders cost $25 to $300, and the best ones make “micro-cuts,” reducing a document to “2,000 pieces of confetti,” Schober says. Then make a habit of running your mail through the shredder before tossing or recycling it.
A good general rule: “Shred anything you wouldn’t want [to be] published on the internet,” Steinberg says.
3. Scour your social media accounts
Take a few minutes to go through your social accounts to delete your date of birth, if you previously shared it, along with any information that could be used to guess your answers to security questions that grant access to your accounts.
For example, if you shared your high school and graduation year, a hacker could easily find out your school mascot—a common security question.
“There are 1,000 times more bots and hackers looking at your social media profile page on any given day than your friends and family,” Schober says.
4. Keep identifying info secure
Be especially careful with your Social Security number and other information that could be used to steal your identity. Take your Social Security card our of your purse or wallet (if you’ve been carrying it around) and put it in a safety deposit box or fire safe, Schober recommends. And don’t give out your SSN at the doctor’s office.
“They really don’t need it,” Steinberg says.
“Hackers want your data,” Steinberg says.
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2,543 adults. The survey was conducted online between Sept. 30-Oct. 2, 2020. The figures have been weighted and are representative of all U.S. adults (aged 18 and older).