Online apps that require CC to be on file to use.
May 19, 2015 2:57 AM   Subscribe

How do I protect my credit card on apps that require it to be on file to use like Uber, Amazon or Walmart?

I trust the larger established online companies with my CC (credit card) but want to do it correctly. Should I use a prepaid card?
posted by BillyAnne to Computers & Internet (15 answers total)
Definitely not a prepaid or debit card, you have more protection with a credit card. When the number inevitably is swiped, they are taking the banks money, and you file a claim to get it sorted. With a prepaid card its your money that's gone, and the rules are different.

Check with your bank if they offer virtual credit card numbers with set spending limits, it would be some work to manage them so they are current. Bank of america calls their virtual numbers the shopsafe program.

I'd recommend getting a separate credit card to use for these services, plus you'll have a backup card in case something happens with your main card.
posted by TheAdamist at 3:19 AM on May 19, 2015 [1 favorite]

Response by poster: TheAdamist, Very good information. I do have a BofA card and use it as a virtual card but I tried using the same card and number a second time and it was refused. Also it's time consuming to get a new virtual card each time I use it. Thanks
posted by BillyAnne at 5:12 AM on May 19, 2015

The magic of credit cards is that almost none of the risk is yours if something should go wrong. Regardless of whether the card you give them is your "real" credit card or not, the risk for fraudulent charges falls on your bank -- and indeed, if you dispute a charge, the burden of proof is on the merchant to tell the issuer why you really did get something for your money.

For these reasons I would argue that you should feel free to use your normal credit card on your phone and invest the energy into monitoring your statement regularly.
posted by goingonit at 5:22 AM on May 19, 2015 [8 favorites]

One more vote for using your regular card and monitoring your statement.

Over the years, I've had a debit card and several different credit cards compromised, and the bank and credit card companies knew about it immediately and notified me. I never had to pay any of the charges. The bank and credit card companies froze my cards, called me, and issued new cards.

I've also had card companies send me a new card even when they suspect there was a possible breach of security, even though no fraudulent charges had gone through.
posted by The Deej at 5:31 AM on May 19, 2015

Definitely not a prepaid or debit card….

Anything with the VISA or MasterCard logo afford the same protections whether prepaid or debit.

Once your card is on file with Uber, Amazon, you should be pretty safe. It would require a hacking of their systems for the card to be compromised.

You are far more likely to be compromised by an actual person than using it online.
posted by cjorgensen at 6:04 AM on May 19, 2015 [1 favorite]

We two different cards, one for recurring/on-file online transactions (Amazon, utilities, etc), one for physical transactions (and the occasional one-off online transaction).

It's always the physical transaction card that gets compromised.

Credit card fraud protections are good enough that you should be partitioning this out more along a "what's the easiest way to recover when my card gets compromised" strategy. Your card company dealing with fraud is a part of their doing business. You're just out the hassle of changing cards, not the money.
posted by straw at 6:45 AM on May 19, 2015

Ditto most of what's already been said. I'd add that you should set alerts on your debit and credit cards to let you know (via text or email) as soon a transaction over a certain dollar amount occurs or when a "card-not-present transaction" occurs (which covers online transactions using a CC number on file). In my experience some CC companies and banks are more timely about such notifications than others but in general you'll know relatively quickly when/if a transaction has occurred that you didn't initiate.
posted by fuse theorem at 7:09 AM on May 19, 2015

Best answer: Anything with the VISA or MasterCard logo afford the same protections whether prepaid or debit.

Technically, yes. But if your debit card gets compromised, your actual checking account is out the cash the fraudster stole until you get the bank to put it back. This can cause bounced checks, inability to withdraw cash when you're on a trip, failed bill pays, etc. When it happens to your credit card, none of those problems will happen - worst case you just don't pay for the fraudulent portion of the bill. While the protections are the same on paper, the risk profiles are vastly different. You could have a separate checking account just for this, or use pre-paid cards, but then you're adding a whole additional level of overhead for yourself, when you could achieve the same amount of safety (arguably more since it's still your money leaving your account, even if it's a separate account) by using a credit card.

I'd also like to point out that companies keeping your credit card on file is actually not the highest risk thing for credit card theft at this point. Remember that the high profile breaches like Target, Home Depot, etc. all happened in bricks and mortar stores for one-off transactions. And many online breaches happen at the point that the card is entered or processed, so they get it even if the merchant doesn't store the card number. If you're going to stress about credit card theft, I'd worry more about those situations than merchants keeping the card on file.

But overall, as long as you don't use a debit card, I think your energy is not well-spent on stressing out about this. The consequences of your credit card number getting compromised are very small. If you use straw's tip of using a separate card for recurring charges (I do the same thing), the consequences are even smaller.

In the scheme of things I worry about in life, this is so far down the list that it barely even registers.
posted by primethyme at 7:25 AM on May 19, 2015 [4 favorites]

Anything with the VISA or MasterCard logo afford the same protections whether prepaid or debit.

Debit cards (even if branded and run as "credit") are governed by the Electronic Funds Transfer Act/Reg E and credit cards are governed by the Truth in Lending Act/Reg Z; these two schemes are similar but not the same. Generally, Visa/MC require that the issuing bank extend additional protections to their branded debit cards via merchant contracts, but this is not 100% consistent or guaranteed.

A credit card that is not tied to your checking account and that you check at least monthly is your best bet.
posted by melissasaurus at 7:58 AM on May 19, 2015

I use a separate credit card with a relatively low limit ($2K) for all online transactions and when a system requires a card to be on file.
posted by rabbitrabbit at 8:14 AM on May 19, 2015

The problem with credit cards is exactly in your question. "Trust". When you give someone your credit card, you are trusting them to do the right thing. That is, charge you the correct amount and then store your credit card information in a secure way. For a restaurant that means the receipt (and trusting the staff), and for an online venue that means the technology (and trusting the IT staff). There is no other choice. Your credit card number is the information needed to charge your account, and you give it every time you make a charge (chip+pin help this to some extent, but not for online charges (at least yet, certainly in the US)).

To help deal with the annoyance of switching cards, I now have two, one for recurring charges and utilities, and one for the rest of my life (ie shopping). Charging new things with a new card is almost no effort, but switching over all the utilities if my card is compromised is annoying.

As others have mentioned, the financial risk to you is small, assuming you notice the problem relatively quickly. The annoyance factor may be high, which is why having an extra, backup credit card is a good idea, and using a credit, not a debit, card is a good idea. With a credit card, you may have "used" some of your credit while they figure it out. With a debit card, the money in your checking account might be gone while they figure it out.
posted by Phredward at 9:09 AM on May 19, 2015 [1 favorite]

A few of my credit cards offer linked credit card numbers that are generated for online purchases and are only good for one transaction. If they can do this, I'm sure they can do the same for a given merchant that requires the number on file. Call your bank or the card issuer.

Anything with the VISA or MasterCard logo afford the same protections whether prepaid or debit.

Yes and no. In my experience, credit cards refund you the money right away at the start of the investigation (and charge it back later if it's deemed not to be a fraudulent transaction), whereas with debit cards you are out the money until the bank completes their investigation, which could be up to three months. Depending on the amount of the fraudulent transaction and what you can afford, this difference in handling can matter significantly.
posted by tckma at 11:03 AM on May 19, 2015

If you are really worried, ask if your bank offer a "restricted card" which is basically a second credit card number that is ONLY good for ONE merchant only, but still billed to your account. There is no physical card, and the number only exists online, and since it's ONLY good for one merchant, it can't be used anywhere else.
posted by kschang at 11:27 AM on May 19, 2015

I do have a BofA card and use it as a virtual card but I tried using the same card and number a second time and it was refused. Also it's time consuming to get a new virtual card each time I use it. Thanks

Are you using BoA's "ShopSafe"? I use that for generating low-limit virtual cards for repeat-billing merchants (eg, Spotify) where I really need to have a card on file. I set up something like a 12 month card with precisely 12 months of charges on it, and then forget about it until I get an expiry notification, and I've not had any issues with recurring charges being rejected.

You might want to contact BoA customer service if that's not working for you, or if you have some other feature, see if you can get ShopSafe instead.

But I'd also like to Nth the comments above about physical being more of a risk than internet. How many times do you give your card to the waitron at a restaurant and watch them disappear to the back with it? Every one of those is a theft opportunity.
posted by jammer at 1:16 PM on May 19, 2015

Response by poster: Thanks for all the excellent advice. Never had a CC compromised and hopefully never will!
posted by BillyAnne at 7:27 AM on May 20, 2015

« Older Cookbook Reviews: what would you want to read?   |   Super-lightweight android apps? Newer »
This thread is closed to new comments.