Welcome to the SecAware blog

I spy with my beady eye ...

28 Jan 2014

Preventive & corrective actions

Having been hit twice so far, I've upped my evaluation of the risk of my credit/debit cards being compromised by online vendors' inadequate information security. The latest incident was, I suspect, a result of the Adobe hack a few months ago. Both times, the bank's fraud systems spotted and stopped the incidents and told me well before I even noticed anything awry.

After the first incident, I resolved to dedicate a specific card for online purchases so at least I could carry on using my other cards if I got hit. That was a good move that made things easier after the second incident ... but I missed my chance this time around to be even more proactive. When I received an apologetic email from Adobe about their breach, or perhaps even earlier, I should have cancelled the card immediately and ordered a replacement. Next time, I won't wait for the bank to pull its finger out ...

I now have a new card, once again dedicated to online purchases. This time, I have opted for a VISA debit card on a separate bank account with no credit or overdraft facility. Treating it like an online pre-pay card, I deliberately maintain a low balance on that account, just enough for my normal small value online purchases. If - or should I say when - the card is next compromised, the fraudsters won't be able to steal $thousands, and I won't be out of pocket for the weeks it takes the banks to sort things out and refund in full (which, thankfully, they have done for me on both prior occasions - no complaints from me on that score!).

So, aside from all that, and the usual "Watch for the padlock" and "Only do business with reputable online traders", is there anything else you'd recommend me to do to mitigate the risk? It's all a bit embarrassing, me being a CISSP and all!

Gary (Gary@isect.com)


  1. Gary,

    After getting hit a couple of times, I now use a Bank of America credit card and ShopSafe. ShopSafe allows you to generate a credit card number tied to your account that only one vendor can use. You can set a limit on the amount and a custom expiration.

    Good luck!


  2. Well, it would never happen to a CISM so that's your problem.