top of page
sensible security

Paying


There's a lot of ways to pay for things. We suggest sticking with just a few, and using the ones you choose consistently. You get good value from doing things the same way every time, so that weirdness (and possible fraud) jumps out at you. Example: Don't get 6 credit cards and choose a different one every time you pay. Just get one or two.

We summarize the major ways you can pay for things and the security considerations of each. Payment methods are ranked from least-secure to most-secure.

Credit Cards - Safest

Background

Credit Card companies will usually refund you if you get scammed, and rarely argue with you. They have fancy computers that try to notice weird charges. Major downsides: they pay for all this by charging your vendor 3% of every transaction and aren’t good for huge payments.


Ways to protect it

Cancel it: If you don’t use it very often, cancel it. If you’ve only got it for the gas points, maybe it’s not worth it.


Check your statement: At least quarterly, check your statements and make sure all the charges are right. Watch for new or increasing charges from trusted suppliers – they may have been compromised, too.


Checking account - Middlin’

Background

They’re boring and slow, but checks are a safe way of paying. The police are so good at catching check fraud that stolen check information is mostly worthless on the black market. The biggest risk from checks is ACH (Direct Deposit). Anyone with the information on a check can tell their bank to directly withdraw any amount from your account. If you don’t catch it fast, you may be out of luck.

Ways to protect it

Easy

Cancel it: If you don’t need it, cancel it. If none of your vendors take checks or need direct deposit, maybe you don’t need a checking account.


Medium

ACH Filters: most business checking lets you set up a list of approved billers, and block all ACH withdrawals that aren’t on your list.


Switch banks: some banks try harder to watch for fraud. Bigger banks are usually better.


Use two accounts: Most payments you make are either recurring and predictable, or expensive one-offs. Consider using two ways of paying, one for each kind. Put tight control on the recurring account – the monthly spend should be predictable, so keep barely enough money to cover what you expect. Use the one-off account as little as possible and make it harder to use. If you’re buying a 400k tractor, maybe it’s good that you can only do it from your home computer, need a special keyfob, and get a text.


Hard

Check your statement: At least weekly, check your statements and make sure any cashed checks or ACH transactions are right. Note: if you do catch some fakes, you might have to wait for a long investigation before you get your money back, especially if you caught it more than a few days late. Make sure to look at amounts, too: even if your tomato guy is honest as the day is long, if some jerk breaks into his account, they might start overcharging you and pocketing the difference.


Website with login - Middlin'

Background

There are a million companies that let you send money using their website, and there is a big security difference between the best and worst. The best ones give you many ways to protect your account.


Examples: your bank, Due.com, Stripe.com, your payroll service


Ways to protect it

Easy

Cancel it: If you don’t need it, cancel it. Do you have that paypal just because your tomato vendor likes to be paid that way? It may not be worth the hassle of protecting it.


Password manager: Keeping track of passwords is hard. Password managers are a free, easy way to do a good job.


Reduce the amount it can send: high-quality platforms let you set up payment limits. Figure out what’s normal, and block payment of anything higher than that. If someone does break in, they can’t hurt you as much.


Medium

Use good services: Some companies care more about your security than others, and sometimes it’s hard to tell which is which. There is safety in crowds: choosing what’s already popular will help. You can also get a sense by how many of these protections they offer.


Use two accounts: Most payments you make are either recurring and predictable, or expensive one-offs. Consider using two logins, one for each kind of payment. Put tight control on the recurring account – the monthly spend should be predictable. Keep activity in the one-off account light and make it harder to get into. If you’re buying a 400k tractor, maybe it’s good that you can only do it from your home computer and need a special keyfob.


Turn on login options: Good platforms give you more options to protect login. See here for a rundown.


Use safe devices: It sounds crazy, but paying people from your home computer is safer than doing it from a public one at your library. Your home computer may not be the safest either: Does your teenager use it at night to play games or go to sketchy places on the internet? Consider buying a separate computer just for your business. It doesn’t have to be fancy: Chromebooks start at $200, last a long time, and are safer than anything.


Phone - Iffy

Background

Some companies let you pay with a phone using GooglePay, ApplePay, or a separate app. It works great until someone steals your phone.

Ways to protect it

Easy

Cancel: uninstall the app or turn off the pay part.


Make it hard to get into your phone: If you unlock your phone with your finger or face, use a hard pattern or passcode instead. Fingerprints can be faked by an old fashioned piece of scotch tape, a 5-cent print from Kinkos, and some Elmer’s glue. While faking a face takes more work, some phones can be tricked by a good color photo, and all can be fooled by a good mask. It’s not as smart as you think.


Make it hard to send money: You can set up most apps to ask you for a secret or password every time you open them. If they don’t, use a different service: it’s a sign they probably don’t do a good job on the parts of security you can’t see.


Use two accounts: Most payments you make are either recurring and predictable, or expensive one-offs. Consider connecting the low-spend account to your phone and do your expensive charges on the Chromebook.


Wire Transfer - Scary

Background

Wire transfers are famous for enabling scams because there’s usually no way to get your money back if you get ripped off. Unfortunately, there’s usually no better way to pay people in other countries. Do not use these services with someone you don't trust (or an amount you don't trust them with).

For purposes of security, instant-pay services like Zelle, Paypal, Venmo, and cryptocurrency transfers mostly have the same risk as Wire Transfers because reversing transactions is difficult.

Ways to protect it

Easy

Don’t use it: If you can pay someone in another way, do that instead. If they live in your country, use a safer option from this list. If they’re outside the country, maybe they have an account or you can convince them to open one in your country so you can pay them in a safer way.


Medium

If you absolutely have to use one: put in extra work to make sure you’ve got the right details, the vendor isn’t a con artist, and the paid amount won’t ruin you if they disappear in the night.


Debit Card - Terrible

Background

Everything a debit card can do, something else can do better. If you get scammed, it’s hard to get your money back, and it’s much easier than a checking account to steal from. Don’t use one.

Ways to protect it

Easy

Cancel it: If you have a debit card, throw it away and use a safer option. If you need it for ATMs, get an ATM-only card.

Comments


Subscribe for more:

  • RSS
  • LinkedIn
  • Twitter
  • YouTube
bottom of page