Use credit if you can. Credit cards have two big advantages over debit cards when it comes to fraud. With a debit card you don’t have the same protection you’ve got with a credit card, and your bank account is at risk. The other issue is that there’s a much shorter window of time for cardholders to report a suspicious transaction made on a debit card versus a credit card before their liability climbs from $50 to $500.

Sign instead of keying in your PIN. Opt for signature over PIN transactions with your debit card. Merchants would prefer that you use your PIN because it’s cheaper for them, which is why most payment terminals are set up with a PIN prompt as a default, but it’s riskier because it gives data thieves the option of creating a fake debit card and hitting the ATM to take out your money. Visa and MasterCard also offer zero liability coverage for signature transactions. This means that consumers need to protect their PINs from compromise or theft, as they could end up holding the bag in the event that their debit card is misused for a PIN based transaction.

Keep watching your statements. Monitoring your statements for any unfamiliar activity is basic advice, but — let’s be honest — many of us don’t, maybe figuring if our information was compromised, we’d have found out by now. Criminals who steal batches of payment card information usually sell it right away, and those buyers tend to use those numbers as soon as possible.

Disable automatic transfers to linked accounts. Many banks offer customers the option of linking a savings account or line of credit to their checking account, with an automatic transfer of funds if a transaction would trigger an overdraft. If your debit card is used by thieves, this means they can wipe out both of your accounts, so consider temporarily disabling this function.

Use more — and better — passwords. Database breaches often include online username and passwords, and if you are one of the 55% of all consumers who use the same username and password for all of your online relationships, then a data breach at a retailer can also result in the bad guys getting access to your online banking accounts. Compounding the problem, most of us still use really lame passwords: SplashData, a company that makes tools to help people manage their passwords, put together a list of 2013’s worst passwords. No-brainers like “123456,” “password” and “qwerty” were among the top five. Even passwords with common substitutions like “dr4mat1c” can be vulnerable to attackers’ increasingly sophisticated technology.

Set up account alerts. Most banks let customers set up alerts, generally sent via email or text, that tell customers if certain types of transactions are made. The alert parameters are often configurable, so consumers can choose to be alerted on what is truly out of pattern for them, and not have to put up with a lot of texts for regular transactions. You can set a dollar amount or a geographic range as a trigger to receive an alert, for instance.