While I agree with the Monetary Authority of Singapore (MAS) that security measures here are robust for credit card transactions, it cannot be taken for granted that it is foolproof ("Security steps for credit cards robust: MAS"; last Thursday).

Not all transactions allow one-time passwords and this was the case when I made online bookings for hotels through a travel portal. I ended up having to key in my details several times and when I received the bill, I was charged several times as well.

With Visa PayWave, a contactless payment system, transactions for $100 and below do not require signatures. This also applies to some non-PayWave credit cards.

If such a card is stolen, the thief can make many transactions before the card holder reports the loss.

Banks still post credit cards to their customers using regular mail instead of registered mail.

Thieves can easily sign on the credit cards and use them quickly before destroying the cards.

Most of us do not realise that when we reveal our credit card details - card number, expiry date and name on card - during retail transactions, we are disclosing confidential information.

We can never know whether this data will be misused later for unauthorised transactions or sold to third parties.

Having robust Internet security software installed is one way to protect ourselves, but being alert is another way, such as making sure we do not lose sight of the cards during transactions and ensuring we do not lose them.

We should exercise caution by dealing only with reputable companies, especially for phone transactions.