The Bitwarden Blog
What the World’s Largest Credit Card Companies Say About Security
Whether you are operating as an individual or part of a business, the world’s largest credit card companies recommend several security best practices for better online protection. Recommendations from major companies like Visa, Mastercard, and Chase generally fall into four categories: device security, strong passwords, phishing awareness, and account alerts.
This article explores those credit card online security recommendations and how to put yourself in the best position to be more secure online.
Visa makes device security the #1 priority for customers conducting online transactions. The company recommends implementing security measures on all of your devices — PC, laptop, phone, or tablet. Two-factor authentication or 2FA further enhances online security, which is why there are protocols for American Express 2FA, Chase 2FA or Citibank 2FA, for example.
Mastercard mirrors this priority by reminding customers to always update to the latest version of device software including security patches. American Express or Amex goes further by recommending you always update browsers and operating systems, while Chase warns against taking advantage of free anti-virus software. Instead, the bank suggests customers install anti-virus software from a reputable company that scans incoming communications and files for viruses, removes or quarantines viruses, and updates automatically.
All the world’s largest credit card companies recommend customers use strong passwords and make each password unique for each account. Citibank goes further by advising customers not to use a variation of a password used elsewhere, or variations of your name and the names of family members or pets, as identity thieves can find this information on social media.
Citibank recommends you should never write down passwords and let a password manager do the work. Mastercard agrees, adding that whenever possible further secure your account by adding two-factor login – usually a PIN code sent to your phone or generated by an authenticator app or security key.
Not using a password manager yet? Here’s how to get started.
Credit card companies commonly recommend phishing awareness for better security. Mastercard, in particular, warns customers that 91% of all cyberattacks start with a phishing email. However, email isn’t the only way cybercriminals phish for your credit card login credentials, credit card details, or other sensitive information.
Visa warns customers to be wary of unsolicited phone calls offering “one day only” deals, while Chase suggests text messages threatening to close an account unless immediate action is taken can also result in customers unwittingly revealing login credentials, credit card details, or other sensitive information – or visiting a website that downloads malware onto their device. A password manager can help thwart phishing attacks by reminding you that if a password is not stored for that website that should be, you might want to double-check the webpage URL.
Credit card account alerts vary depending on the services provided by the credit card companies and the type of credit cards you use. For example, Amex advises, “If your credit card offers email or text alerts every time a purchase is made, this would be a good time to utilize that service.” However, using these services for every transaction can result in “alert fatigue.”
Chase and Citibank offer a better option by allowing customers to customize alerts, so you only get notified when certain account activity takes place like if:
Your credit card is not present at the time of purchase
A transaction exceeds an amount you have set
A transaction takes place outside the U.S.
Visa offers a similar service for transactions processed by the VisaNet service.
Discussions relating to cybersecurity culture are not just for big enterprises. Individuals and SMBs should also consider their cybersecurity postures, especially with the rise in online fraud and cyberattacks. Furthermore, cybersecurity cultures are easy to develop when given the right tools. You only need to make incremental changes for how you or your employees act online.
Adopting a cybersecurity culture can start by following the credit card security recommendations published above and summarized below:
Set reminders to check for software, browser, and operating system updates, and look for software solutions that prompt you for updates as they appear.
Use a trustworthy free password manager to generate and store complex passwords for each account and implement two-factor authentication.
Configure your email provider’s filters to filter spam more aggressively, block the senders of phishing messages sent by SMS, and treat unsolicited phone calls with caution.
Customize alerts from credit card providers, bank accounts, and other financial institutions to be notified of any unusual or unexpected activity.
Taking these incremental steps encourages credit card cybersecurity discussions, develops awareness, and increases responsiveness. Individuals become more responsible for online security when provided the right tools. We call this the “Triangle of Security Success.”
Learn how to create a Triangle of Security Success using a password manager, two-factor authentication, and a well-protected email account.
Editor's Note: This article was originally written on July 27th, 2021 and was updated on July 8th, 2022.
On this page
Back to Blog