By Jacob Passy
Americans can’t get enough of credit-card rewards.
But our eagerness to score potentially lucrative deals comes with one major, often-overlooked trade-off: It leaves you more vulnerable to cyber criminals.
This downside to the credit-card rewards game was on full display this week, as Capital One revealed that more than 100 million of its customers had their personal data exposed in a hacking. The information that the hacker got access to included ZIP codes, email addresses, dates of birth, self-reported income and payments history, fragments of transaction data, plus the Social Security numbers of about 140,000 customers.
Capital One /zigman2/quotes/204480509/composite COF +1.39% is just one of the many banks that promotes credit cards via rewards programs. Its slate of cards includes the popular travel-oriented Venture card and the Savor card, which offers up to 4% cashback on dining and entertainment purchases. (Capital One did not return immediately a request for comment.)
The rise of credit-card rewards programs has spawned a side industry of blogs and websites devoted to explaining the tricks people can use to open new cards and rack up points or cashback to fund luxurious vacations or generate major savings.
Studies have shown that credit-card rewards programs can spur people to spend more money.
But there’s another major drawback consumers need to consider. “The more credit cards you have, you’re increasing your attack surface,” said Benjamin Preminger, senior cyber-threat intelligence specialist at cybersecurity firm Sixgill. “You’re storing your data in more databases, so there’s a greater likelihood your information will be breached.”
Americans are a major target for hackers
The popularity of credit-card rewards in the U.S. helps explain why Americans on average have more than two credit cards each, according to 2017 Experian data /zigman2/quotes/210252954/delayed UK:EXPN +1.24%
“The credit-card landscape has been evolving in such a way that increasingly more people are using their credit cards for everyday purchases and no longer using them so much to pay for big-ticket items that can’t be afforded at the moment,” said Paige Schaffer, CEO of the identity and digital protection services global unit at insurance firm Generali Global Assistance.
“The effect has been twofold: Credit-card offers and rewards seem to be getting sweeter as credit-card companies fight for more card holders, and the average American no longer has just one credit card,” she added.
Owning more credit cards leaves Americans more vulnerable to crimes. A report from Sixgill released last week found that the card numbers for 23 million credit cards were up for sale on the dark web during the first half of 2019.
Most of the card information sold on the dark web was gleaned using malware computer viruses or credit-card skimmers that criminals installed at point-of-sale terminals.
And although Americans only make up 20% of the worldwide credit-card market, their cards made up 64% of the total number of compromised cards sold during the time period Sixgill examined.
Not all of this information falls into criminal hands through major data breaches. As Preminger notes, most of the card information sold on the dark web was gleaned using malware computer viruses or credit-card skimmers that criminals installed at point-of-sale terminals.
Consumers need to consider cyber security when signing up for a new card
“Even the savviest card holder can get a sloppy when managing a handful or more of credit cards,” Schaffer said.
Rather than just doing the math to figure out whether their budget (and credit score) can handle the addition of another credit card, people should consider their own willingness to take on the hassle of actively monitoring multiple credit-card accounts in order to spot fraud.
“If you have time to check Twitter , Facebook and Instagram 10 times a day, you have time to go once a week to make sure nothing looks amiss with your credit-card statements,” said Matt Schulz, chief industry analyst at CompareCards /zigman2/quotes/204207971/composite TREE +0.63% . “It’s quick, it’s easy and it matters.”
Additionally, when signing up for a card, consumers should investigate what fraud protection services the credit-card company makes available, Schulz said. Some companies will let customers receive text alerts whenever purchases are made, while others offer customers the option to see their FICO score /zigman2/quotes/200175312/composite FICO +1.16% for free or sign up for free credit monitoring.
At the bare minimum, anyone who plays the credit-card rewards game should sign up for credit monitoring — but even these services only identify potential instances of fraudulent activity after it has happened.
Those who are especially concerned though should go a step or two further and freeze their credit whenever they aren’t in the process of applying for a new card, or sign up for identity theft protection services that can work to recoup any losses that occur if their personal information is stolen.