Paying Safely and Securely

Last time we discussed how to stay cyber-safe while out and about. This time we’ll discuss how to pay for things safely and securely whether you’re at home or out and about. You might wonder why I’m writing about this. Many people don’t trust payment apps like Apple Pay and Google Pay. Some think that checks are the safest way to pay. We’ll explore some of the various ways to pay and try to evaluate each of them for their level of safety and security.

Let’s take up checks first. Consider what you give someone when you write a check to them. Your check likely contains your address and possibly your phone number and driver’s license number. It definitely contains your bank’s routing number and your account number. To initiate a transfer, often all that’s required is for someone to enter those last two items and a dollar amount. You might be informed of the transfer after the fact if you’ve set up notifications with your bank - you have set up notifications, haven’t you? If you haven’t, stop reading right now and go do it!

Do you mail checks? Do you trust everyone in the mail system that might come in contact with your check? Why does that matter? You’ve made the check out to a certain party for a certain amount. What could be more secure? Well first, there’s the bit I mentioned earlier about your routing and account numbers along with your address and possibly your phone number and maybe even your driver’s license number. Next, though, is this thing called “check washing” where a nefarious party washes away everything you’ve written except your signature. Then they can change anything they like.

Certainly there are times that paying by check is unavoidable so how can you make it more secure? First, don’t have anything preprinted on your check but your name. Next, invest a little bit extra and get checks with security features that will, for instance, disappear or change colors when the check is washed or otherwise tampered with. Finally, just verify that there’s no other way to pay. Concerned about the safety and security of those other ways? Well, let’s discuss that.

Credit cards used to be inherently insecure because all you needed was the account number, the expiration date and the verification code on the back of the card. All of that information is freely available to a “skimmer” - a device put over a real card reader that would read all that information from the magnetic stripe on the back of the card. Newer cards have a computer chip embedded in them that creates a new token, similar to an account number, for each transaction. All of your cards, credit and debit, should have a chip by now. If any don’t, contact your financial institution to get a new card that has a chip. If, when paying at your grocery or somewhere else, you’re presented with a card reader terminal that has both a swipe option (to read from the magnetic strip) or an insert option (to read from the computer chip), choose to insert it.

Most cards will also have the ability to pay “contactless” by NFC (Near Field Communications), indicated by a set of curved lines (see https://www.usatoday.com/money/blueprint/credit-cards/credit-cards-what-is-a-contactless-credit-card/ for what the symbol looks like along with some other information about contactless payments). These cards use the same basic technology as the computer chip and generate a unique token for each transaction. Those cards need to be within an inch or so of the reader terminal for them to work so you may just want to place them on the reader to ensure they’re read. Of course this also raises the possibility that a nefarious party might bring an NFC reader close to your card, be it stored in your purse or wallet. NFC blocking wallets are available to stop just that. Also, credit card companies will protect you from fraudulent use. Make note of their phone number, enable notifications for transactions, and call them immediately if a transaction is reported to you that you don’t recognize.

Now, what about payment apps like Apple Pay and Google Pay? They use the same technology that your contactless cards use, plus, you can turn NFC on and off so you don’t really need to worry about NFC wallets. But you will be sharing your purchase with Apple or Google so you might not want to use those services if you’re concerned about that.

Then there are online services like Paypal and Venmo and Zelle. Zelle has come under fire recently so read this article - https://www.cnn.com/2022/10/03/business/nightcap-zelle-fraud-warren-investigation/index.html - and maybe avoid it for now. Paypal is generally considered not only very secure but also gives you options for recovering from fraudulent use (https://www.businessinsider.com/guides/tech/is-paypal-secure). Venmo is owned by Paypal and is also generally considered secure (https://www.forbes.com/advisor/money-transfer/what-is-Venmo-how-it-works/) but you have limited resources to recover fraudulently obtained money.

That's all for this week's column. I hope this helps you understand some of the various ways to pay and how safe and secure they are. Don't hesitate to write to me if you have questions!

As always, my intent is to help you understand the basics and equip you to search for more detailed information.

Please feel free to email me with questions, comments, suggestions, requests for future columns, to sign up for my newsletter, or whatever at [email protected] or just drop me a quick note and say HI!

You’ve got choices as to how you read my columns! You can read all my columns and sign up for my newsletter to have them delivered to your email when I publish them at https://ttot.link or https://TonysTakeOnTech.beehiiv.com. If you decide to sign up, look for a confirmation email from [email protected]. Check your SPAM folder if you don’t see it. You can read the most recent column in the Hillsboro Times Gazette at https://go.ttot.link/TG-Column - it should be updated shortly after this column appears in the online version of the newspaper.