The Only Right Answer To “Debit or Credit?”

with 1 Comment

You are just trying to buy $20 worth of groceries. You swipe your debit card at the card reader and the clerk quickly asks, “Debit or Credit?” Which should you choose? The answer could actually determine how safe both your money and identity are.

There are three basic steps regardless of which method you choose. First, you are asked to provide identification. Second, your identity is verified. Third and only if step two is approved, your money is deducted. However, Debit and Credit go about those three steps very differently.

When you say Debit, the cashier or the card reader will ask you to enter your PIN. This is your means of identification. A success results in your identity being verified. A failure gives you a few more attempts to retry.

When you run it as Debit, the cashier may ask you if you’d like to get “cash back,” meaning do you want to use this store as though it were an ATM and withdraw additional funds from your account. In this case, we’ll have you say no. If you did say yes, the store would be paid however much cash you withdrew and the store would pay you the same amount in cash.

In any case, your verified identity authorizes the system to send a request of funds to your bank. The bank, upon this receipt and authorization, immediately transfers the $20 from your bank account to the store’s account. You now are $20 poorer.

When you say Credit, the cashier prints out a receipt and ask you to sign at the bottom. Your signature is considered your identification. Your information — location of sale, credit card number, etc. — are sent to your debit card’s sponsoring credit card company, like Visa. Visa then takes 1-7 days to look for fraud. If any factor looks suspicious, like the location of sale seems unlikely, the sale is reported to you as potential fraud and the $20 remains in your bank account.

If everything checks out though and your identity is authorized, then $20 is moved from your bank account and divided up among three locations:

  1. $0.20 (1%) is given to Visa, for their service of fraud detection;
  2. $0.20 (1%) is given to your bank, for their service of providing a card;
  3. and $19.60 (98%) is given to the grocery store to pay for the goods

Even though your money has gone more places, you are still just $20 poorer. These hidden fees of credit cards are only a cost for the store, not you. If the store chooses to accept credit cards, they also overcharge all of their goods by 2% in order to cover the possibility of people paying with credit. When you run your card debit, they just pocket the additional 2% for themselves.

At this point it sounds like you might want to run it Debit, in order to give all the money to the store, but if you stopped the analysis there, you would be compromising your identity.

Prior to your $20 purchase, a thief had attached a device to the store’s card reader which records all of the information.

If you ran it Debit,  the thief’s recorder has access to your credit card number, name, expiration date, and PIN. He can access to all of your funds and can make a copy of your card. With this copy, he can run it Debit and verify his identity by entering your PIN.

Because PIN is the only verification of your identify when running a card Debit, your bank transfers the money out he asks for, sometimes regardless of how much it may look like fraud, with no questions asked. No one is watching over your Debit purchases but you. It’s only if you log on to your bank account and see that your funds are gone that you could find out that a copy has been made.

If you do catch him and cancel your debit card, the damage done in this case may be permanent. Because the PIN number is the only identification used, it is hard to prove that such purchases were actually fraud. Even if they do determine it is fraud, often times no one will refund you the money. The bank, who is the only reasonable candidate who might, does not offer you such fraud coverage. That’s why Visa sponsors your card, to catch fraud. But since you didn’t run your card Credit, Visa was never given a chance to perform that role for you.

If you ran it Credit, the thief’s recorder has access to your credit card number, name, and expiration date. He notably does not have access to your PIN. With this information, he can still make a copy of your card and, with this copy, he can still try to make purchases running the card as Credit.

Running it Credit in stores will require that he forges your signature. The information of the sale is then sent to Visa for fraud checking. If Visa’s systems detect a change from your typical behavior, they will flag the transaction as fraud and alert you.

Even if Visa doesn’t catch that it is fraud, just the process of going to Visa keeps the funds in your account for 1-7 days. That may be long enough to give you some time to see the stolen activity as pending charges, cancel your card, and report the identity theft to your bank. Doing this protects your bank account from ever having to pay for these charges.

If Visa doesn’t catch the fraud and neither do you, then the money transfers out of the account to pay the thief’s bills. However, because all the information passed under Visa’s watch, if you catch the fraud after the fact, you are protected by Visa’s fraud protection policies, which are much more likely to pay you back in the event that the fraud can be proven.

If the thief uses the stolen information to make purchases online, he will have to know your billing address, which is likely information he has not acquired.


Always run your cards as Credit. Protect your funds by allowing your sponsoring credit company to implement their fraud protection. Never be afraid to dispute or question charges you see pending or fulfilled. Time is important in cases of fraud and waiting may make the process of proving fraud more difficult.

The only perk of running your cards Debit is that you can get cash back, but this perk comes at tremendous cost. Even using an ATM comes at a risk to your identity. The same device that the thief attached to the card reader in this example has been known to be attached to ATMs.

If you really want to be safe with your identity, withdraw money from you account by walking into your bank. Or talk with your local bank about what security they have on their outdoor ATMs to protect from foreign readers being attached. Don’t enter your PIN number anywhere. If you do use it, only use it in places you trust.

And always default to running your debit cards Credit.


Note: Actual percentage reimbursements and fraud policies vary across credit companies and banks. Read the fine print for your specific card for a more detailed and specific description.

GoldStar This article is one of our most popular posts.

One Response

  1. Megan Russell

    A friend of mine works for a merchant processing company. His company is working on a lot of the latest protection for these merchant entry devices.

    He told me that the skimmers, which are the devices that store all of the information required to make a copy of your card, have a difficult time picking up the PIN. Although such a feat has been done, it is less common than simply getting a sufficient amount of information to run your debit card credit.

    He added that:

    There are two kinds of Debit Cards.

    The first kind: A Debit card that is backed by Visa/MasterCard. These cards are actually credit cards that have PINs and communicate over sibling networks pretty effectively owned by Visa/MasterCard. These cards would be equally susceptible to skimming.

    The second kind: A Debit card that is a Bank card. These cards can still be used at merchant locations with PIN Entry devices. These communications involve the PIN being encrypted from the point of entry all the way to your bank. The system in between can neither see nor effectively store the information. Even if a breach were to happen, it would (should) be impossible to retrieve the PIN.

    The bank cards can only be run debit. You can tell that you have a bank card if the only logo on your card is your bank’s. In other words, there is no Visa, Mastercard, or other sponsoring credit company on your card.

    Because it can only be run debit, having a copy of the card is not sufficient to charge anything to it. The PIN is required for every purchase.

    This is both safer and riskier. If your PIN is compromised, you aren’t backed by the nice fraud protection of a sponsoring credit company. However, it is much harder for your PIN to be compromised.

    When PINs are compromised, it is often because, according to NBC News,

    …many merchants incorrectly store PIN information they should be destroying after customers enter the secret code on PIN pads in stores around the country. While the information is often encrypted into something called a PIN block, the keys necessary to decrypt the information are often stored on the same network, she said. That makes stealing the PINs as easy as breaking into an office computer using a password a careless employee has taped to the screen.

    …“But in defense of (the retailer), it’s just using payment software and probably doesn’t even know what’s in there,” she said. “The software is storing PINS just because it can. No one is paying attention to this stuff, it’s deep in the software.”

    …While storing PINs is against network rules, many retailers inadvertently store the information, said Mike Urban, who runs Fair Isaac Inc.’s ATM fraud detection program called CardAlert. It ends up accidentally saved in temporary files and other software nooks and crannies.

    My friend responded that often times it is hard for merchants to store the PIN with newer machines, although older ones might not have the same level of security. He said you’re probably safe and runs his own cards debit, but, in my opinion, better to not risk your PIN being compromised by just not entering it at all.

    As a result, its seems that the safety for all these methods of card payments ranks up:
    1. Credit Card run Credit :: all the purchases can be disputed before any money leaves your pocket
    2. Debit Card run Credit :: 1-7 day window to catch fraudulent purchases plus sponsoring company’s fraud policies
    3. Bank Card run Debit :: difficult for thieves to access the PIN and useless without it
    4. Debit Card run Debit :: difficult for thieves to access the PIN but useful even if PIN is not acquired