I’m looking for some recommendations for digital debit/credit cards.
It feels like every other day there’s ‘the largest data breach in history’ and at this point, I really don’t trust any entity to safely and securely store PII.
That said, I like buying things on the internet, I’m not into crypto and would rather not include my real card information during checkout.
Any recs would be appreciated, thanks yall!
You’re right to be worried about this. I’ve worked in Fintech for a while, so I’ll break down my current views from worst to best
Worst - Using bank information, routing checking number. Avoid this at all costs. These numbers lead directly to your money, and amcan only be changed by opening a new account. Avoid giving these out.
Debit cards. There’s a thin layer separating you from your money, but debit cards are still pretty much a direct line to your money. I don’t think I’ve used mine in years, it sits collecting dust, only used when I need money from an ATM, which I jiggle the slot for first.
Credit cards. Now there’s a difference. You’re using their money instead of your money to pay for things, and so they will not just let someone drain your account. Fraud is taken more seriously. You must be responsible with them, but you have many more protections. Plus if it does leak, ask for a new one.
Payment with credit cards goes swipe, chip, then tap from least safe to most protected. Tap is near impossible to intercept where swipe is pretty much cleartext. Always tap if you can.
The finally we get to tokenization, e.g. google/apple/Samsung pay or paypal. Another layer where your details aren’t even passed from your device to the register, just a one time token that says “here’s where you can get your money”. This is currently the most secure way to pay for anything.
So I’m not directly answering your question because I would not trust an online digital credit card thing, but I’m trying to say that if you know what you’re doing, you can avoid a lot of risk. If you use tap to pay or better yet google pay, you’re as low of risk as you can get.
For online forms, use google pay when you can, or things like shop pay (all tokenization providers, and I trust them more than I do random shop owner), and I have a credit card with really high protections for anything I really don’t trust
Good looks! Thanks for the well thought out response. I don’t think I’ve ever used my direct baking info for anything. It always seemed like a terrible idea.
Credit card seems to be the way to go. Although, there have been some fairly recent developments in NFC exploits and I’m not sure I trust tap payments any more than swipe or chip.
I saw this a while ago. Its a little technical but still accessible
If you’re not into videos, they were featured in wired
Even with NFC exploits tokenized is the way to go. Tokenized payments only send a unique token to the PoS. The PoS system then (and probably not the register itself but rather their systems) then take that single use token, combine it with their secrets that only they have, and pass it up to Google/Apple/whoever to actually initialize the transaction. Google Pay/Apple/Whoever then verify that they are the ones who issued the token, and that it is signed correctly with the secrets that are shared. So not only would someone have to snoop the NFC token that was transmitted, but also have hacked into the PoS system and retrieved the secrets, which is no small feat - and even then since the token is one time only they’ve only accessed that specific purchase. They still know nothing about you or your banking information. The token expires and can never be used again.
Tokenized pay via Google/Apple/Samsung/Whoever pay is the most secure form of adhoc payment at the moment. Tap is safer than swipe or chip, but since there’s no communication to get a one time token, it requires a slightly different approach. Tldr there, if you’re that worried about it, just add your card to your phone/watch.
But then Google/Apple/Samsung can no it or all the transactions that you make.
I think from a privacy and security standpoint tap is the best in-store solution.
I agree with you on PayPal though. I trust them with my details 100% more than any random vendor online. Plus there’s a reduced surface area for attack since your details are only stored in a single, high security location.
It’s kind of pick your poison honestly, and there won’t be any open alternatives any time soon because it requires banks also trusting the open solution. I think it’s a tradeoff, if you want security you’re gonna have the big guys watching. If you want discretion, it’s going to come with risk.
But yes, I definitely trust PayPal/Google/Samsung to not have a financial data breach more than Joe’s Crab Shack just type in your credit card to our totally secure system. Plus if any of those big guys have a breach it’ll be in the news for weeks, it’d be easy to replace the card.