Fraud

How to Help Protect Yourself from Credit Card Fraud

Written for Symantec

How many times have you spotted an unfamiliar transaction on your credit or debit card statements? Even once is too many, right? Credit card fraud can be unsettling because you often don’t know how it happened. It would be one thing if your teenager used your card to order a pizza without asking. (You can ground him.) It’s something else entirely if a stranger uses it to buy a big screen TV.

Add up credit card fraud losses in the U.S. in 2015, and the total is almost $8.5 billion. That’s a lot of money—and a lot of fraud.

What is credit card fraud?

Credit card fraud goes beyond the fraudulent use of only credit cards. According to the FBI, it also involves the unauthorized use of debit cards and prepayment cards—as well as such things as Automated Clearing House (ACH) transactions (such as direct deposits), electronic fund transfers (EFT), and recurring charges—to fraudulently obtain money or goods.

How does credit card fraud happen?

How do the thieves get away with so much credit card fraud? It’s a numbers game, as in, credit card numbers. The thieves get them any way they can, and once they have them, they’ll use them as quickly as they can, knowing the fraudulent charges will be spotted and the number canceled. But how do the criminals obtain those numbers? The list of ways is pretty long. Here are a few of thieves’ many types of credit card scams:

Hacked point-of-sale system
When you hear that thieves have hacked a hotel chain or a retailer, it can mean the criminals have found a way to install malicious software, or malware, on a point-of-sale system. The malware searches the system for payment card data, retrieving it for the thief. Depending on the size of the retailer or chain, and the number of customers or guests it has, such a hack can affect hundreds or thousands of cardholders.

Card processor breach
A card processor is a company that handles transactions between card-issuing banks and merchants’ banks. While difficult, it’s possible for thieves to infect a processor’s computer systems with malicious software, which combs the network for card data. If breached, depending upon how many transactions a processor may handle, millions of cards can be affected.

Skimming
This fraud involves thieves attaching an electronic skimming device on a self-service card reader, such as those on gas pumps or even ATMs. The skimmer stores the card information and, often, with the use of a tiny camera, allows the thief also to capture the PIN as it’s entered.

A thief can also use a skimming device that’s handheld or attached to a smartphone. No skimmer? No problem. It’s easy enough for a thief to quickly take a picture of both sides of a card and have all the information needed. 

Phishing
You may have seen warnings not to click on links or attachments in emails, particularly emails you weren’t expecting. Thieves use such links and attachments to load malware onto your computer—malware that can capture data, such as credit card information, that you type into online forms.

Phishing scams often involve an email that looks entirely legitimate. It may even come from a business with whom you have an account, so you’re inclined to pay attention to what it says. But thieves have become quite good at mimicking the language and design of a variety of companies. They’ve used such phishing schemes to fraudulently acquire account information or credit card numbers from many unfortunate victims

Vhishing
A variation of phishing is called vhishing, the voice counterpart to phishing. Through both live and automated callers, thieves use vhishing to trick victims into providing payment card information over the phone.

One recent vhishing scam involves thieves who claim to be with the Internal Revenue Service. They call unsuspecting victims, asking them for immediate payment of unpaid incomes taxes. Whether by credit card, prepayment card or even wire transfer, many people pay out of fear—in part because the fraudsters often threaten immediate arrest.

And how’s this for a tricky vhishing—or voice phishing—scam? In early 2017, the Better Business Bureau warned consumers about the “Can You Hear Me?” scam. The BBB described how it works:

“You get a call from someone who almost immediately asks “Can you hear me?” Their goal is to get you to answer, ‘Yes,’ which most people would do instinctively in that situation. There may be some fumbling around; the person may even say something like ‘I’m having trouble with my headset.’ But in fact, the ‘person’ may just be a robocall recording your conversation… and that ‘Yes’ answer you gave can later be edited to make it sound like you authorized a major purchase.

"This particular scam is interesting because the caller—robot or human—doesn’t ask for your card number, they already have it."

Online order scam
And then there are the online scams in which you order something you never receive—because website operators had no intention of fulfilling your order. They wanted only to capture your payment card information.

Lost or stolen cards
A lost or stolen card isn’t really a scam, but can still put your card number in the hands of a thief. If your card is lost or stolen, you probably know about it. As a result, you’ll notify the issuer, and they can quickly cancel the card.

A thief stole a friend’s card—along with his wallet—from a locker at his gym. Once he realized it, he called the card-issuing bank, which immediately canceled the card. Still, someone used the stolen card at a nearby gas station before the number was canceled.

How to help protect against credit card theft

What can you do to help protect yourself from credit card theft? Well, if you’re talking about the card itself, there are a couple of basic steps to take:

  • Only carry those cards that you need. Whether you’re traveling or just going out for dinner, chances are, one card will do the trick. Why bring along a second or third card if you’re not going to use them? That way, if your wallet's misplaced, you have only one card to worry about. Of course, if you want to have a backup card while traveling, leaving it in a hotel safe, along with other valuables, means it’ll be there for you if and when you need it.
  • At home, make sure your mailbox is secure. Believe it or not, unlocked or unsecured mailboxes are still targets of thieves, hoping to grab a new credit card before you even have a chance to use it—or a credit card statement with valuable account information.

Protecting against credit card fraud

There are some steps you can take to help protect yourself against credit card and other types of payment card fraud. In fact, federal law offers you a lot of protection.

Under the Fair Credit Billing Act, the liability for unauthorized use of your credit card is no more than $50. If you report a missing debit (or ATM) card before someone uses it, you’re not responsible for unauthorized transactions. But if someone uses the card before you report it missing, your liability can be significant, depending on when you report it—from $50 to all the money taken from your accounts.

Even with federal protection, it pays to help protect your payment cards and card numbers—if for no other reason than to avoid having to be without your card and waiting for the card issuer to replace it. Below are some of the steps recommended by the FBI. You’ll find their complete list here.

  • Don’t give out your credit card number online unless the site is secure and reputable.
  • Don’t trust a site just because it claims to be secure.
  • Make sure you are purchasing merchandise from a reputable source.
  • Do your homework on the individual or company to ensure that they are legitimate.
  • Don’t judge a person or company by their website; even flashy websites can be set up quickly.
  • Be cautious when responding to special investment offers, especially through unsolicited email.
  • Be cautious when dealing with individuals/companies from outside your own country.
  • If possible, purchase items online using your credit card. You can often dispute the charges if something goes wrong.
  • Keep a list of all your credit cards and account information along with the card issuer’s contact information. If anything looks suspicious or you lose your credit card(s), contact the card issuer immediately.

Unless you simply don’t have a credit card account, it’s difficult to avoid becoming a victim of credit card fraud. You can do everything possible to help protect your cards—and card numbers—from falling into the wrong hands, but you may be at the mercy of a weak link in the vast chain of those who have access to your card data. This includes merchants, their employees, credit card processing companies and other entities.

Your best bet? Stay alert. Monitor your credit card and bank statements for unusual transactions. When you spot them, notify the card issuer immediately—unless, of course, the “unusual transaction” is just your teenage son ordering pizza. Remember, you can ground him.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.