Debit vs. Credit Card ID Theft

Debit or credit?

Which type of card protects you the best? With over 1.5 billion credit cards and more than half a billion debit cards in use in the U.S.1, millions of consumers have a choice, but some cards are safer than others.

Is it a stacked deck?

There are essentially four types of cards used to pay for goods and services—ATM, debit, credit and what are called virtual cards. ATM cards are used less often than in the past because they are cash withdraw cards only, although many people think of them as debit cards.

Debit cards are like an electronic check. You can access your bank accounts through ATM machines and make purchases paid directly out of your bank account. They have either the VISA or MasterCard logo, and they account for more than $1 trillion in annual purchases made by U.S. consumers.1

Credit cards are found in over 91 million American households.2 They are not attached to bank accounts and payments can be made over time. You can also use them to withdraw cash at most ATM machines. Credit cards are issued by banks, retailers and other institutions, and those issued by VISA, Mastercard, Discover and American Express can be used at hundreds of thousands of locations around the world.

Virtual cards aren’t physical cards at all. When you shop online, you can use an alternate number issued by your credit card company. It’s often a temporary number for one time use and the transaction is billed on your regular credit card statement.

And the winner (loser) is…

Whether through physical theft, hacking, malware or data breaches, all individuals with any of these cards are subject to identity theft by having their card information stolen.

Carrying the least amount of risk is the virtual card, since it has a time or transaction limitation and there is no personal information connected with it.

But in comparing the two most widely used forms of payment—debit and credit cards—credit cards offer more protection and less risk because funds are not being directly withdrawn from the user’s bank account as it is with a debit card. Fraudulent withdrawals on a debit card can result in bounced checks and no access to cash while the bank investigates their report.

Additionally, most credit card companies allow 90 days for a victim to report an unauthorized transaction, while banks generally require a two-day notice for unauthorized debit card purchases. For debit cards, your loss is limited to $50 only if you notify your financial institution two business days after learning of loss or theft. It then goes to $500 until 60 days after the statement is mailed and becomes unlimited thereafter. For a credit card, your liability is limited to $50 for any fraudulent use.3

Other steps for safer shopping.

First, make sure the website you’re shopping on is secure and starts with an https:// instead of http://. You’ll also see a small lock on the lower right hand corner of the screen. This means the site is secure for transactions.

Don’t do online shopping in public places such as coffee shops or public Wi-Fi areas. Their networks are usually unsecure and the information you are entering might be stolen right there at that location. Finally, avoid using retail websites to store your personal and payment information. Although it speeds up the checkout process, it leaves your identity and financial information exposed should that server experience a data breach.

1 Creditcards.com, Credit Card Statistics, Industry Facts, Debt Statistics,
2 ITRC Face Sheet 131 – Credit Card vs. Debit Card,
3 FTC Fair Credit Billing Act

Federal Trade Commission. “Consumer Sentinel Network Data Book For
January – December 2011.” February 2012.

Javelin Strategy & Research. "2012 Identity Fraud Report: Social Media and Mobile Forming
the New Fraud Frontier." February 2012.