You'd also be smart to set up e-mail alerts to signal you when large purchases have been made (or when any purchase is made on a card you don't use often).

If you want an extra layer of protection, consider signing up for Verified by Visa or MasterCard SecureCode. These programs allow you to use a password to complete purchases at participating merchants.

Debit cards

Debit card protections are detailed in the federal Electronic Funds Transfer Act. Under the law, your liability is limited to $50 if you report a bogus transaction within two business days of discovering it. Otherwise, your liability is capped at $500 if you report the fraud within two months of the statement mailing date.

As noted earlier, debit card issuers have stepped up with zero-liability policies that provide much more protection than federal law. But Visa and MasterCard are a bit, shall we say, vague about when this protection might expire. A Visa spokeswoman says it's up to the issuer to determine how long victims have to report fraudulent transactions. MasterCard did not return calls for comment.

(Also, you should know that your protection is different for debit card transactions using a personal identification number. Online debit card transactions are typically processed as "signature transactions" and qualify for zero-liability protection. When you use a PIN, Visa's zero-liability protection applies only if the transaction is processed on its own network. MasterCard does not extend zero-liability protection to PIN transactions.)

Limit your risk by following the precautions listed above: Use only properly encrypted retail sites, scan your statements for fraudulent charges, and set up account alerts.

You should strongly consider closing a bank account that's been compromised, advises the Identity Theft Resource Center in San Diego, because the thief may well strike again. You should definitely close the account if the thief has access not just to your debit card number, which can and should be changed, but to your bank account number, which can't be.

Electronic payments and bill pay

Payments that come directly from your bank accounts, such as automatic debits and payments made through a bank's bill-pay system, are covered by the Electronic Funds Transfer Act.

Your bank may offer you zero liability on these transactions, or you may be bound by the less generous federal reporting requirements, which cap your liability at $50 only if you report fraud within two days of discovering it and at $500 if you report the fraud within two months of the statement date, and which make you liable for the whole fraud if it's reported after that.

Banks and other financial institutions generally do a better job than merchants of protecting your account numbers and other data, so consider using recurring bill payments or charging bills to a credit card rather than signing up for automatic debits that initiate from a merchant or utility.

And as with any other payment method, carefully go over each month's statement and immediately report any potential fraud.

Alternative online payments

Services such as PayPal, Bill Me Later and Google Checkout put a layer of security between you and a merchant. Your account numbers and other sensitive information aren't shared with the seller. Instead, you entrust them to the alternative payment site, which processes the transaction. Here's how it works:

  • With Google Checkout, you enter a credit card or debit card number, and transactions are charged to that account.
  • PayPal uses either a credit card or your checking account number to process transactions.
  • Bill Me Later runs a credit check on you and, if you're approved, opens a line of credit you can use for purchases. After an initial grace period, your purchases accrue interest.

These alternative payments have another distinction: They're "push" payment methods.

Most transactions are "pull" transactions: A merchant can charge your account, pulling the money out, as long as it has your debit, credit or bank account number. That can lead to mistakes such as charging twice for the same purchase, or the merchant can simply commit fraud by charging you for something you didn't order.

With alternative payment methods, Van Dyke explained, you have to "push" out the payment, which reduces mistakes and fraud. Your account can, however, be hacked -- anyone who knows or guesses your password can push out a payment. That's why it's important to have a strong password, change it often and monitor your account closely if you use these payment options.

Your protection under federal law depends on the underlying payment method you use (credit card, debit card or bank account), and, once again, using a credit card offers the most security. The online services promise additional fraud protection on top of federal law but typically require you to mail in forms and wait for their investigation, which could mean getting your money back takes longer than if you'd just used a credit card in the first place.

The bottom line? You have varied protections with each online payment method, but you need to be vigilant about security, reviewing your bills and reporting fraud promptly if you find it.

Liz Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy" (find it on Bing). Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. Join the conversation and send in your financial questions on Liz Weston's Facebook fan page.