Credit Card (Discover) security settings

Discover Card is a major credit company that offers either email or text 2FA for password resets only. In the settings there seems no way to change any 2FA options. During a password reset you get an option to choose a 2FA and this is a security risk in my opinion from SMS swaps or loss of an email account.

In a fraudulent event your going to have to have a phone number for Discover to work with you. An email address is used primarily for email type communications and is limited. Creating an alias email address and not using it for anything but that single account is going to be just as secure as creating an email account and deleting it. Deleting that email address could allow someone to sign up for that email address, so as long as it is available. Depending on email for focused security alerts is not an option for myself as I just do not manage emails as well as SMS messages.

Since using SMS and a phone number is mandatory, hardening this option and reducing the the threats from email is a good security option. Safe email practices can be reviewed elsewhere as well as protecting your mobile number so I want to focus on Discover settings.

If you choose to push toward email and isolate your phone number you may also stop all alerts.

You can stop text alerts by changing your preferences on your Discover account online, but you can also stop text communications by sending a text message from your mobile device with the word ‘STOP,’ to 347268 (DISCOV).

You can text some supported commands to 347268 (DISCOV), such as:

  • MENU, to see a menu of available options:
    • DUE: Pymnt Due Dt
    • CBB: CBB Bal
    • MILES: Miles Bal
    • CRA: Avail Credit
    • CRL: Credit Limit
    • BAL: Acct Bal
    • HELP: Help (just their 800#)
      • Discover Card, Bank and Personal Loan Alerts: No problem, we’re here to help. Give us a call at 800-347-2683 for help or information.

Stopping all text alerts is IMO a bad idea and focus all communication through email. As well turning these alerts back on may be difficult. In order to test recovering from sending a ‘STOP’ this would involve setting up another phone number for SMS and if this option fails reverting back to my preferred SMS number.

Security focused settings

These events should not occur so this is not a convienence, an actionable alert. Here is the settings I set to Text.

  • Manage Service Alerts
    • Card Declined
    • Balance Transfer Posted
    • New Card Tracking
  • Account Security, basically everything.
    • Fraud
    • Cash advance
    • Purchases Outside the US
    • Card Not Present
    • Login Activity
    • Account
  • Setting Limits
    • Transactions Exceeds (a dollar amount)

Any suggestions appreciated.