Q&A: How to practice good credit card hygiene to avoid getting hacked

Dear Liz: We have one primary credit card, which we use all the time, that collects airline miles we use for travel. Every few months it is “compromised” and we have to get a new one. Is there something we’re not doing right? Are there “good hygiene” rules for credit cards?

Answer: Yes, and most involve reducing the number of places that have access to your card’s information.

Many online retailers and web browsers offer to save your card information to make future purchases easier.

While these autofills save time, they mean your credit number information is being stored in databases that are outside your control. Refusing this option — and deleting your stored cards from browsers and retail accounts — means less convenience but more security.

Another option is to add two-factor authentication to your retail accounts, which makes them harder to break into. This would require you to enter a code that’s texted or emailed to you or generated by an authentication app.

Some credit cards offer the option to use virtual numbers online. If yours does, this is another option worth using. The retailer never has access to your real credit card number, so it can’t wind up in a potentially vulnerable database.

You can avoid exposing your credit card numbers while shopping in person by using mobile payment apps such as Apple Pay and Google Pay.

These apps create a “token” from your credit card information that’s transmitted to the merchant when you want to buy something. Again, the merchant never sees and can’t store your actual card details.

Other good practices involve steering clear of unsafe merchants and sites. When shopping online, always make sure the little lock symbol shows in the left side of your browser’s address bar and that the site’s address starts with “https” rather than just “http.” If a site doesn’t offer these basic security features, you shouldn’t shop there.

Be wary of in-person merchants that use old-fashioned magnetic card readers, the ones that require you to swipe, without the option of tapping or inserting your chipped card. It’s much easier to clone the information on a card’s magnetic stripe than from its chip, so avoid swiping if you possibly can.

Also be wary of skimmers and shimmers, which are devices that thieves install on unattended ATMs and fuel pumps to steal card information. These devices can be hard to detect, so consider paying for your gas inside the station and using ATMs attached to banks.

You also should avoid using public Wi-Fi for any financial transactions because these networks usually aren’t encrypted and are easily compromised. Finally, be on the lookout for phishing attempts, which is when criminals try to get you to divulge credit card and other sensitive personal information by pretending to be from a trusted source.

Understand that you can do everything right and criminals may still steal your card’s information. Fortunately you’re protected against fraudulent charges, so a compromised card is more of a hassle than a financial disaster.