What to do when asked for your credit card number by phone or email

New security technology is taking hold, but being vigilant goes a long way in staving off identity theft

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Recently, I was booking a hotel reservation for a family member and in the process was asked to provide certain information. It was a simple third-party credit card authorization. What could possibly go wrong?

Plenty.

Adam Levin, chairman and co-founder of Credit.com and CyberScout (formerly IDT911)

Beyond the fact that I am professionally paranoid—I wrote a book about it—there are so many ways for your information to wind up in the wrong hands, especially your credit card information. When we provide our credit card information via remote means, we are often made more vulnerable to identity theft by the authentication process itself.

There is no best way to conduct this sort of business remotely without putting ourselves in danger of becoming victims of identity theft, but there are better and worse ones. These days, it’s more expedient to focus on the very few ways sensitive information can be made available to third parties without creating unnecessary exposure.

A better way?

If you are unfazed about sending your information via electronic means, consider something similar: paying for a meal with a credit card. We expose our data and send it on a journey every time we pay a bill at a restaurant.

I saw my first portable credit card reader on American soil the other day when paying the bill at a new restaurant. First, I want to say that the lunch was excellent, and I would have gone back even if the waiter hadn’t trotted out that marvelous handheld identity theft reduction device. I am scam-obsessed, and have long envied our friends on the other side of the Atlantic—and locations in other directions as well—for the ubiquity of at-table card payment.

The reason those machines are great is simple: The server has no opportunity to write down or photograph your card information.

Let that sink in … It’s unsettling now that you think about it, right? All those times a server has walked away with your credit card, what stopped him or her from snapping a quick pic of the front and back before returning to your table?

That card reader is new technology. The service industry is finally (belatedly) getting hip to the challenge of protecting consumers from identity theft and other scams, but what should you do while it’s still in catch-up mode?

How to send your stuff

The form that was emailed to me by the hotel made the threat of a sneaky waiter snapping pics of my credit card seem like amateur hour.

Obviously, the reservations department asked for my credit card number and expiration date. They also wanted my billing address, work and home phone numbers, email address and signature. Then there was the outline of a box, under which were the words: “Copy front of the credit card” and “Copy of ID.”

Now, I’ve already confessed to being someone who looks for the angle crooks will try to use. The idea of sending, in addition to all the other information requested, an image of a valid form of identification—in my case, my driver’s license—was truly unthinkable. I’d sooner have my Social Security number puffed out by a skywriter over the House that Ruth Built during a Yankees-Red Sox playoff game. (Not convinced? Read up on the surprising ways identity theft can hurt you.)

The form gave me the option of sending my cornucopia of sensitive personal information via email or by way of fax. Which is the better choice?

Hackers are really good at what they do

Phone calls and faxes conducted over phone lines can be rerouted, emails can be intercepted. Phone calls also can be listened to, and therein lies another problem. When you call a service provider—any kind that costs a set amount every month—there will come a time during the call when you will have to provide your Social Security number so that the company can run a credit check. A service rep is going to ask you for it—the whole thing.

Remember the waiter? Same problem.

Absolutely nothing can stop that person from writing down your information. And before you ask why you can’t input the information on your keypad, remember: Phone calls are not secure, the tones can be intercepted. Encryption is both complex and costly. This is why the federal government has been investigating the possibility of a universal identifier. But in the meantime, those credit checks or authentications pose the same, if not greater, peril as your credit card’s journey at most restaurants.

Old is new, but not fail-safe

As counterintuitive as it seems, using the fax in this scenario is the safer path, though it is not completely safe given the possibility of data interception.

Pro tip: Call before sending a fax that contains personally identifiable information or anything else that is for as few eyes as necessary, and ask the person on the phone if they are near the fax machine, or if not if they can be. Call again to make sure the transmission has been retrieved and isn’t just sitting in a tray waiting for a scam artist to come sauntering by with a smartphone and a shopping list of things they want to purchase using your information.

While we await better solutions, you are the ultimate guardian of your personal information, and your vigilance given the myriad threats out there will lead the way for change. In the meantime, get in the habit of monitoring your finances for any sign of mischief. You can view two of your free credit scores, with helpful updates every 14 days, for free on Credit.com.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on identity theft:
Identity Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Identity Has Been Stolen?