Card data thefts do not stop. The case of Air Europa serves as an example. The worst thing is that it will not be the last, warn industry experts.
If you have the feeling that there are more and more attacks and scams, you are right. "The tools are increasingly easier to use and effective," says Josep Albors, director of research and awareness at ESET Spain, specialized in security solutions. "We are experiencing a logical evolution due to greater digitalization," agrees Jordi Nebot, CEO and co-founder of PaynoPain, an online payment methods firm.
These warnings are combined with continuous warnings from the Bank of Spain so that data is not shared with strangers and they do not fall into the traps of cybercriminals. A third of customer complaints to the central bank already deal with fraudulent operations, surpassing any other problem, such as commissions or mortgages. One of the big problems is that "many victims apply obsolete mechanisms or measures," explains Albors. If what is done doesn't work... how should we protect ourselves?
"Using a traditional card is no longer so secure," believes Albors. If a theft has occurred, canceling the card is the most effective measure, sources agree, which makes the problem disappear in the event that data is leaked in attacks such as the one against Air Europa. In fact, it was the first thing that was recommended by the company. To avoid reaching that point of canceling plastics, you can act beforehand, with options that provide more security, although there is no 100% effective, immune and insurmountable solution. The idea is more about trying to mitigate possible impacts.
The market already offers several safer alternatives that limit the magnitude of a theft, it is noted. One, the cards with CVV (the verification code, the 3 numbers that the cards usually have) changing. Another, prepaid ones to buy online, which only work with preloads of money. You can also centralize everything on a platform like PayPal, to pay later with it. And it's not a bad idea to opt for debit cards over credit cards, with daily limits.
"Prepaid cards are the most appropriate because they minimize the risk of them spending your money, it is practically zero," explains Eusebio Nieva, technical director for Spain and Portugal of the cybersecurity company Check Point. At most they could access a remainder left over from a purchase. For example, if you wanted to buy something for 80 euros and 100 were pre-entered into the card, the remaining 20 would be charged and would be the only thing at risk. "I don't know of attacks against wallet cards because cybercriminals cannot make charges or spend if it has not been preloaded," he continues.
If you operate with traditional cards, the less dispersed our data is, the fewer websites that process it, the better. "We have the habit of using the card in all environments, thus multiplying the risk," says Nieva. Leaving data in the hands of a giant like Amazon is not the same as leaving a small or unknown foreign store, which may be more vulnerable. "The more times you put them on, the more exposed we will be," she insists.
Even if the card is not charged if data has been stolen, you must remain alert. Because if criminals have also obtained email addresses, they can then contact phishing techniques, posing as the bank or another company, to trick the user into providing their passwords with fraudulent emails. In these cases, the same thing is always repeated: the bank will never ask for sensitive data such as the PIN or CVV through these channels.
Other tips when using the card maintain common sense: check that double authentication is activated to authorize payments, either through the phone or the bank app, with barriers that are more difficult to overcome; keep payment or financial applications updated, to close gaps from outdated versions; not having passwords or card numbers written down in computer documents... It is even recommended not to save the data in the browser, as Google offers when making a purchase so that you do not have to fill out forms the next time. "They can be stolen from you with a phishing attack that attacks the browser's database," Nieva exemplifies. You should also be suspicious of very cheap offers and continually review your bank statement to detect improper charges.
And what happens if you buy for the first time on a page? You have to check its reputation on review websites like TrustPilot; your presence on social networks - that you have one and it is active -; the terms and conditions that apply to purchases; and identify yourself with email and telephone. Blindly trusting the padlock that appears next to the address "does not guarantee that it is secure, it only guarantees that the communication is encrypted," explains Albors. Nor should we trust "if when paying it takes us off the web and we do not recognize the company that acts as a payment gateway or it does not have a certificate," they add from PaynoPain.
As more than one person has bitterly confirmed, it is not only attacked during purchases, where you have to avoid suspiciously cheap offers that are sought by the unwary. You are bombarded with fraudulent emails or SMS. Instead of opening them, if you doubt their veracity, it is best to go to the official pages of the person who supposedly sent the message - such as the Post Office or the Tax Agency, common hooks - or contact them by other means. "Now there is a lot of fraud with SMS, you have to avoid clicking. Don't even enter the links they send and keep your eyes wide open," says Nebot. Every precaution helps.
