In 2016 you'll see a noticeable change in the security of your credit cards—but that will be no reason to let your guard down. By the end of next year, 84% of credit cards will have a secure computer chip, according to Mercator Advisory Group. (Look for a replacement card in the mail soon, if you haven't gotten one already.) The chip makes it harder for crooks to manufacture fake cards to use in stores. Trouble is, it won't do much to stop them from using stolen card data online, says Identity Theft Resource Center chief executive Eva Velasquez.
Meanwhile, other kinds of scams are "becoming more targeted and intelligent," says Satnam Narang of tech-security firm Symantec. Instead of sending random spam, crooks keep honing ways to impersonate legit companies you do business with, to lure you into giving up banking info, log-in credentials, or personal details like a birth date or Social Security number. For example, one recent strike aimed at LinkedIn users sent them an email with an attachment to update their security details, but actually sent that information to identity thieves.
For many, the horse is already out of the barn. Tens of millions of data records, including names, Social Security numbers, and birthdays, were found to have been stolen in the past year. The sources included health insurers and even the federal government. Purloined data is so common that its price on online black markets dropped 75% in 2015, according to Trend Micro. Yet it can still potentially be used to open fake accounts in your name or even to file your taxes and nab your refund. According to a federal study of 2013 filings, almost 1 million refunds were paid to fraudsters for that year.
Your Action Plan
Keep your eye on the right risks
The new chip cards may be reassuring, but stolen credit card numbers are a bigger problem for banks than for you. By law, you're responsible for only $50 of fraudulent purchases, and in practice most issuers will charge you nothing. Debit cards are trickier: The legal limit on your loss is higher (again, your bank may offer additional protection), and you may be left short of cash while you sort things out. So you are better off using a credit card as your go-to plastic, says Velasquez, assuming you pay your bill in full.
A bigger concern is someone opening a credit account in your name. Detect this by ordering a free credit report each year from each of the three credit agencies—Experian, TransUnion, and Equifax—at AnnualCreditReport.com. Many credit cards, from issuers including Discover, American Express, and Citi, now offer free monthly FICO or similar credit scores. If you see a big change that doesn't make sense, you'll know something's up. While you investigate, place a 90-day fraud alert for free with one credit agency, and it will alert the other two.
Unless you initiated contact, clam up
"Whether they say they're a retailer or the IRS, never authenticate yourself to any entity that's contacting you," says Adam Levin, co-founder of Credit.com. Add banks and social media accounts to that list. If you get an email asking for personal details, click on nothing and close it. Give information only if you've logged in directly to a site you trust or called customer service yourself.
File taxes early, if you fit the profile
Velasquez says there's not much you can do to stop tax-refund fraud—this one's up to the IRS to foil. (In 2013 it did catch 4 million fake returns for the million that slipped through.) But if you know your Social Security number has already been nabbed in a data breach, it makes sense to file as early as you can to beat potential fraudsters to the punch or change your withholding to minimize the refund you're due. If you do get stung, contact the IRS and file Form 14039, the identity-theft affidavit.
Read Next: How to Get a Raise Next Year