How often do you use your credit card? Do you use it to buy groceries, gasoline, or clothes? Do you do a lot of online shopping? Are you a travel fanatic, and do you use your card to take regular trips? If you answered “yes” to any of these questions, then you are a potential victim of credit card fraud.
Unfortunately, credit card fraud has become a fact of life for American consumers. In 2017, the number of credit cards and debit cards compromised at ATMs and merchant card readers rose 10 percent. With EMV chips now mandatory in all debit and credit cards, counterfeit card fraud dropped by 75 percent from December 2015 to March 2018, but card-not-present (CNP) fraud is up. According to the U.S. Payments Forum, implementation of EMV cards was expected to drive CNP fraud in the U.S. up from $3.1 billion in 2015 to $6.4 billion in 2018.
Here are some more statistics that should get your attention. According to a Nilson report, worldwide credit card losses exceeded $24.71 billion in 2016, and Barclays reports that 47 percent of all credit card fraud is in the United States. A report from Javelin says that identity theft occurs every two seconds. The Federal Trade Commission (FTC) says that older Americans are particularly susceptible, and that consumers over age 40 accounted for 65 percent of credit card fraud complaints. The vast majority of credit card fraud occurs online or over the phone (CNP fraud), and 65 percent of credit card victims reported some financial loss.
Credit card fraud is a lucrative business for cybercriminals. Stolen credit card data is worth up to $110 per card on the dark web, more than your Social Security number ($1) or bank information ($15). A hacker can make between $250,000 and $1 million selling 50-100 stolen credit cards.
You don’t have to be one of these credit card fraud statistics. By taking routine precautions and using some common sense, you can prevent credit card fraud.
Of course, criminals don’t need to steal your actual credit card to get what they want. With some basic information about you and your account, they can use your card for illicit purchases, for cash, or to sell your identity. Thieves have any number of ways to steal credit card data, including the use of illicit technology and “social engineering” to trick you into surrendering sensitive information.
Skimmers: One way criminals steal your credit card information is by skimming. Electronic devices called skimmers are able to read the information on the magnetic stripe on your card. Skimmers are installed over the existing card reader, so look for signs that the card slot differs from the rest of the machine. Dishonest store clerks or waiters might use these devices to steal your card information. Skimmers also can be installed at ATMs and gas station pumps, where they steal your information without your noticing. Gas pumps, in particular, are seeing an increase in skimmers; Florida inspectors were expected to find approximately 1,000 gas pumps with skimmers in 2018.
Shimmers: One of the reasons the United States adopted EMV cards was to eliminate the magnetic stripe and store data in a chip mounted on the card instead. Fraudsters now have found a way to steal your EMV card data using shimmers. Shimmers are thin devices mounted inside the card readers that read the data from your credit card chip. The good news is that shimmers capture only the same information fraudsters would get from a magnetic stripe, which isn’t enough to counterfeit a card but is enough to create a magnetic stripe clone. The real problem is that shimmers are hard to spot.
Phishing: Since the credit cards themselves have become harder to hack, cyberthieves are increasingly relying on phishing attacks. Phishing is basically using phony email, letters, or other means to obtain credit card information. Crooks will send an email or other communication that looks genuine with an embedded link or a toll-free phone number, hoping that the phishing target will take the bait and provide credit card information. A variation on this social engineering tactic is called spear phishing, which is even more insidious since it targets an individual or business and appears to be from a known, trustworthy source.
Robocalls and phone solicitations: Another variation on phishing is the phony telephone solicitation. Automated solicitation calls, or robocalls, have climbed to 147 million per day, and the FTC gets about 500,000 robocall complaints per month.
Hacking: You have undoubtedly heard the reports about the bigger security hacks at major retailers and other businesses. If you are a customer and your credit card information was in their database, there is a good chance that it has been compromised as part of the hacks. Once cybercrooks access your credit card information via a massive hack, they typically have three ways to use it: CNP fraud, where they use your data for internet or telephone purchases; application fraud, where they use the stolen data to get the credit card company to issue a new card; and account takeover, where the hackers use stolen data to log into your accounts.
Paper information: Everyone leaves a paper trail, and “dumpster diving” is an old-school method of going through your trash, looking for credit card statements, receipts, bank records, or other information that can be used for credit card fraud or identity theft. You should shred all sensitive paperwork.
Even though credit card fraudsters continue to find new and innovative ways to defeat updated security measures, you can still protect yourself from credit card fraud. Once you understand where you need to be cautious and what to look for, you can take steps to ensure that your credit cards are safe.
Avoid phishing scams: You will undoubtedly receive spam messages and unsolicited emails that look legitimate. A favorite phishing tactic is to send messages that appear to be from your credit card company, your bank or credit union, PayPal, eBay, or any one of the dozens of online services. These messages appear genuine because they will include the right company logo and look official. Read them carefully! If there is a grammatical mistake or a misspelling, or if the phrasing seems odd, then you have likely received a phishing message. Also, check the message header to see if the return email address looks suspicious, or if the same message was sent to an anonymous list. If you receive a message and are not sure if it is legitimate, do not click on an embedded document or link. Instead, log into your account manually through your web browser so you aren’t redirected to a fraudulent website.
Ignore phone solicitations: Legitimate companies don’t use robocalls to contact customers, so you should ignore them. If you receive a call that seems legitimate, the caller should already have information about your account. Never offer sensitive information unless you are sure the call is valid. Better yet, do not accept unsolicited calls, period.
Protect your passwords: Be sure to protect your passwords, especially for your credit card and checking accounts. Change your passwords regularly and try not to use anything obvious such as “000000,” your birthday, your middle name, or something else that is easy to guess. When possible, use numbers and special characters to make passwords harder to guess.
Be Wi-Fi wary: Public wireless data connections are not secured and provide a gold mine for hackers. If you are using a public Wi-Fi network at a coffee shop or airport, do not use it to log into your credit card account or for online purchases. There is a high probability that a hacker may be sniffing the connection.
Be careful when shopping online: Be judicious about using your credit card for online purchases—you never know when your data may be compromised. When possible, use a third-party payment system such as PayPal, which allows you to make credit card purchases without revealing credit card data. And never make online transactions from a public computer or over an unprotected network.
Watch your credit card statements: Be sure to monitor your credit card statements carefully. Look for unidentified transactions or transactions from odd locations. Also, monitor your credit limit to see if your available credit is lower than it should be. These are all signs that someone may be using your credit card account.
Monitor your credit: Keep an eye on your credit score and check credit activity. Fraudsters may open a new credit card account in your name, which will show up on a credit report. Free services like Credit Karma allow you to check your credit score and see what accounts are associated with your credit. Most banks and credit unions now offer free credit monitoring as well. You also are entitled to a free credit report from Equifax, Experian, and TransUnion once a year to check for errors. Checking your credit score from these services does not count as a hard inquiry, so it won’t affect your credit score.
If you discover that you are a victim of credit card fraud, be sure to take immediate steps:
Credit card fraud is a serious problem, and it can have lasting consequences. Although the credit card company usually will pay for fraudulent transactions, fraud can still affect your credit, and it could take you years to straighten out inaccurate credit information.
One way you can minimize your risk is by working with a financial institution you can trust. iQ Credit Union offers a Visa Platinum Credit Card at an attractive rate. iQ Credit Union is committed to helping our members, so if you have a problem, we will take care of you.