The NYT breaks down the different security risks by payment type. The takeaway? No method is perfect, but credit cards have the strongest legal protections for consumers.
“The strongest protections are when you pay by credit card,” says Carole Reynolds, a senior lawyer at the Federal Trade Commission. Under the Truth in Lending Act, consumers’ maximum liability for unauthorized use of their credit card is only $50, and when a card is used online, it’s zero.
If you report fraud quickly, banks will typically reverse the charges rapidly and without much fuss, though in these tight times banks are scrutinizing fraud claims more closely, says Avivah Litan, a payment-fraud expert at research firm Gartner.
If you report unauthorized charges on a debit card within two business days of discovering the problem, your liability is limited to $50 offline and zero for online transactions, Ms. Reynolds says. If you neglect to do that, but report the loss within 60 days of the date your bank sent the statement listing the bogus transactions, your liability is capped at $500 for offline transactions and remains zero online. If you miss those deadlines, however, you could end up in a bigger mess. Ms. Reynolds warned that your liability could be unlimited.
Shopping online using services like PayPal, Google Checkout and BillMeLater offer some useful additional security because you entrust your sensitive account information to one company and not to every online store you may buy something from. This can be a good idea, especially if you frequently buy from little-known merchants that may not have top-notch Web defenses.
But Ms. Litan warns that if your PayPal account is used fraudulently, it may be harder to get your money back than if you use a credit card.
The article offers one other good tip: If you’re scheduling automatic payments — do it with your bank rather than with individual merchants, “banks and their payment processors are generally better at protecting data than merchants.”
Which method do you prefer?