From a protection standpoint, I recommend using a credit card over debit, checks, cash as the consumer protections are better. There are plenty of free credit cards that consumers can use. Obviously, the key is to pay off balances on a monthly basis.
As the old saying goes, "Being paranoid doesn't mean someone's not out to get you." And as the recent data breaches show, people ARE out to get our info -- sometimes in places we can't protect. (How many people even thought of the POS terminal as a place to be wary of!) But the good news is that the basic precautions are still pretty good and there are good tools now that consumers can use to monitor there accounts, e.g. mobile alerts.
here's another question, I think James might be able to answer: "What is the average family on a tight budget suppose to do to protect themselves? I see the commercials for the id theft protection programs, but I have an issue with paying to protect something that I have worked hard for. So now I find myself resorting to using cash more and writing checks because I am scared to use a debit or credit card anywhere. Like most people, I take the practical steps to protect myself (i.e., shredding all papers with my information on it, checking by bank transactions daily , not giving out my info over phone or online, etc.) but what else am I suppose to do? I feel like I am becoming paranoid."
In general, you also have Regulation E protecting your online consumer banking account. In many of these area's, the more scary proposition is having your Personally Identifiable Information (PII) exposed.
Just to add to something that Jason mentioned about getting better at protections is that there is a good side to personal data being used. Tracking purchases, location, etc. helps card issuers know when/where customers SHOULD be spending their money. Many times thye can tell before a purchase is even made if the purchase is legit. And that's because of data models using personal info, purchase history, etc.
Regarding the protection (privacy) of consumer information: A lot of work is being done to ensure that we give proper diligence and thought to "privacy" as much as we do to "security." Reg E is one example of customer information protection, but also the FTC and White House have issued privacy guidance, and the proposed national security framework provides a clear structure for information protection. These are regulatory activities, but online commerce and financials sites have a commitment to this as well.
Ahh; For example; many banks knew for years how insecure single factor authentication was (just username and password), but refused to adopt stronger security controls for fear that their customers would change banks.
Back to the "what a family should do"
1. Monitor your transactions. Online and mobile banking offer 24x7 access to real-time information.
2. Protect all your financial instruments. That includes your cards, checks, and online & mobile devices.
3. Treat your mobile devices like computers, not like phones, which means at a minimum to put a password on them, and only download mobile apps from reputable locations.
Many, many reasons to support mobile as a more secure channel, but mobile apps can be isolated from one another and mobile devices have signatures of their own that can act as a proxy for you if a bank or retailer is trying to discern if you are trying to authorize a payment.
And no. Most companies "verify" checks using services that don't use drivers licenses, SSN or anything else. Holdover from when they had to track you down if you bounced a check.
Hahahaha... Yes, people still use them. And for good reason: there are debit card limits that traditionally don't allow you to spend more than $500 a day.
Check? Those are those paper thingies, right?
A final question, maybe for your James, as we don't have much time left: Do retailers that accept checks need your driver's license number, which they frequently ask to be written on that check?
Sean, you've hit on my favorite soapbox. Mobile devices in particular have the capacity to be the most secure payment vehicles we have. More thought has been put into security for the devices and operating systems than any Internet-enabled device before them.
James: I'm speaking about the 3 digit code on the back of the card. Not all cards are stolen through swipes at Redbox :), some are stolen online. If a site can ask a user for static information, and attack can ask (phishing), or access (data breach) the same information and reuse it.
Jason: Talk about how new technologies -- that seem easier and less secure -- are actually safer...
That's a different CVV, Robert. There are two CVV codes. One that validates a card that's present, one that is used for online/phone ordering.
James is now officially my hero. :) A "frictionless" security experience only makes things feel less secure. In the past, financial institutions didn't want to alarm consumers, but now we're aware of the issues, and there is value in showing things are secure.
DBDude: I'm fairly certain there are no standards governing how companies handle data internally... Am I wrong?
To this point, retailers have had to weigh security vs. convenience and make that cost/benefit analysis. I suspect that the very large costs that are invariably going to hit retailers caught up in this most recent breach may change the cost assumptions in future cost/benefit analyses!
When these cards are sold on the online forums, the name, address, 16-digit number, expiration, and CVV are often bundled. CVV is no protection.