Create a Secure Credit Card PIN or Password and Keep It Safe

Woman looking at computer screen with credit card
© Caiaimage/Paul Viant / Creative RF / Getty

Credit card security is extremely important to avoid becoming a victim of credit card fraud. When your sensitive credit card information lands in the wrong hands, it can be difficult and time-consuming to clear your credit reputation and remove your liability for the charges. While you’re often not responsible for unauthorized credit card charges, you’ll be much better off not having to deal with these in the first place.

One way to prevent credit card fraud is to create hard-to-guess PINs and passwords for your credit card and online accounts and keep to these safe once they’re created.

Setting a Secure Credit Card PIN

You’ll need a four-digit PIN, or personal identification number ​if your credit card comes with the ability to take out cash advances. Sometimes your card issuer will send a PIN a few days after your credit card has been mailed. Or, you may be asked to select your own PIN when you call to activate your credit card. Never make your PIN:

  • Your date of birth
  • Any of your kids’ or loved ones’ date of birth
  • Your anniversary
  • 1234
  • 4321
  • The first or last four digits of your social security number
  • The first or last four digits of your credit card number
  • Any four numbers that mean something

Put some thought into the PIN you create. If it's easy for you to create, it's probably also easy for thieves to guess.

Setting a Secure Password for Your Online Credit Card Account

When you create an online account to access your credit card details, you'll be required to create a password that you can use to log on.

Many credit card issuer websites give some password creation requirements that help you set a password that's hard for thieves to guess. For example, your password will have to be a certain length, you may have to include a combination of uppercase and lowercase letters, a number, or even a non-alphanumeric character, e.g. an asterisk, exclamation points, dollar sign, etc.

Here's what you should do to create a secure credit card password:

  • Make it longer, ideally a minimum of 8 characters. It’ll be harder to guess.
  • Mix upper and lower case letters within the password. Don't just use an uppercase letter at the beginning of the password phrase.
  • Place punctuation or numbers randomly throughout the password rather than just as the beginning or end.
  • Pick letters that are in different places on the keyboard. That way someone watching won’t be able to easily guess what you’re typing by watching your fingers.
  • Be creative.

What you shouldn’t do:

  • Avoid using words that appear in the dictionary, even if you spell them backward, abbreviate, or misspell them.
  • Don’t use a sequence of letters or numbers. For example, abcd1234 is a bad password as is 12345678 or abcdefgh.
  • Don’t use a sequence of letters that are adjacent to each other on the keyboard, like qwerty1234 or asdfgjkl;
  • Don’t use personal information like your name, date of birth, social security number, or personal information of your friends or relatives.
  • Don’t use any password that you’ve seen used as an example of a good password.
  • Avoid using the exact same password for several different accounts. Once hackers have guessed one password, they’ll often try to see if it works on your other accounts.

    Keeping Passwords and PINs Safe

    Once you’ve created an un-crackable credit card password, the next step is to keep it safe. Don’t make it easy for hackers to get access to your password.

    • Don’t write your password or PIN down and especially don’t write it on your credit card or store it with your credit card.
    • Don’t send your password or PIN to anyone via email or text message.
    • Don’t give your password or PIN to anyone.
    • Don’t say your password or PIN aloud in public where other people can hear you.
    • Don’t have your browser remember your credit card password. Someone who steals your computer or phone could access your account without even knowing the password.

    Always be sure to enter your password into the correct website. Phishing scams make fake websites that look like real ones hoping to trick people into entering their login or other personal information.

    Always check the URL in the browser bar to be sure you’re at the correct website and be especially wary of entering your password into a website you landed at by clicking an email link.

    Change your password periodically, e.g. every 90 days, being sure not to reuse passwords. If you believe your password has been compromised, change it immediately following the guidelines given above.