A few days ago, someone tried to use my card. Within minutes, 14 transactions were attempted. Only two of them required an OTP. Total amount targeted: AED 1,892.64.
What did I actually lose? AED 4 in declined transaction fees.
"It felt great — not because fraud happened, but because the systems I put in place years ago worked exactly as intended."
The Uncomfortable Truth About Bank Cards
In cybersecurity we talk a lot about prevention, but the reality is that some systems are inherently insecure. Bank cards are one of them. Eventually, something leaks, something gets skimmed, or a database gets breached. It's not a matter of if — it's when.
So a couple of years ago I started asking myself a different question: how do I limit the damage when it inevitably happens?
The Habits I Built
1. Keep most of your balance off your card
Store the bulk of your money in an account that has no card associated with it — like a savings account. Move funds over only when you need them. What an attacker can't reach, they can't steal.
2. Set daily card limits
Configure spending limits that are high enough not to disrupt your daily life, but low enough that losing that amount wouldn't hurt — financially or emotionally. Think of it as your personal "blast radius" cap.
3. Use Apple Pay or Google Pay whenever possible
These are more secure by design. Instead of transmitting your actual card number, they use tokenization — a one-time virtual number is used per transaction, so even if intercepted, it's useless to an attacker.
4. Use a prepaid card for everything else
For places that don't accept mobile payments, use a prepaid card. Only load money onto it when you need it, and never keep a large balance there. Treat it as a disposable front-line card — your real accounts stay insulated behind it.
What Actually Happened
When the fraud attempt hit, here's how it played out:
🔴 Transactions attempted: 14
🔴 Total amount targeted: AED 1,892.64
🟡 Transactions requiring OTP: 2 (both failed)
🟢 Reason most failed: prepaid card had no balance
🟢 Action taken: card frozen immediately
✅ Total damage: AED 4 (2× AED 2 decline fees)
Two transactions totaling around AED 1,500 tried to go through — but the prepaid card didn't have the balance. They were declined, I froze the card instantly, and everything else failed from there.
The Mindset Shift
Security often feels like wasted time and money because nothing happens… until something does. And it always does eventually. When that day comes, the goal isn't perfection — it's making sure the impact is small.
Hope this helps someone out there. 🙏