See the results of our 2022 Personal Finance Study!
A Guide to Fighting Credit Card Fraud
What may seem like a mistake on your credit card statement may be the first sign of credit card fraud.
Credit card fraud is the most prevalent type of identity theft. The (Federal Trade Commission) FTC received more than 271,000 claims in 2019 from people who reported their sensitive financial information was misused on their accounts or used to open a new credit card.
If new accounts start popping up in your name and you begin receiving calls from collection agencies for unknown bills, those are strong indications you’ve also been a victim of identity theft.
“Assume your credit card number has already been stolen,” says Eric Chan Tin, Ph.D., an assistant professor of computer science at Loyola University Chicago. “There’s a huge market for credit card numbers.”
Credit card fraud is common, but using a credit card is still one of the safest ways to pay. Credit cards offer greater fraud protection because they’re not tied to your checking account like debit cards. If someone steals your debit card information, they can drain your bank account, leaving you with little to no recourse.
How does someone steal your credit card information?
Pinpointing the exact moment when your credit card number was stolen isn’t always possible.
Credit card fraud usually happens through data breaches or online point-of-sale transactions where hackers can intercept your personal information. They can make unauthorized charges using your existing credit card number or open new credit cards in your name as part of identity theft.
Credit card skimmers
Criminals use credit card skimmers to steal card information anywhere you may swipe your credit or debit card.
Skimmers can be put on top of an actual machine with a card reader, such as a gas station pump or ATM. When you swipe your card, the skimmer stores your card number.
The skimmer may look out of place or as if someone tampered with it, but they may also blend seamlessly with the machine they’ve been placed on. Unless you’re looking for a skimming device, you may not notice anything out of the ordinary.
“Some skimmers have Bluetooth, so the perpetrator can just drive by and connect to the device and download the credit card numbers it’s collected,” Chan-Tin says.
E-skimming and e-commerce hacks
If you make a purchase online and the website has been breached, fraudsters can collect your credit card numbers and reuse or sell them on the black market.
E-skimming allows criminals to steal customer credit cards by injecting rogue code into a retailer’s online shopping cart. It’s nearly undetectable as the site wouldn’t look any different to consumers.
“A weak point is identified on an e-commerce site, be that through phishing or targeting outdated versions of software with known vulnerabilities, and the code is inserted to ‘eavesdrop’ on any information entered by the customer,” says Adam Levin, chairman and co-founder of Credit.com and CyberScout.com.
E-skimming and e-commerce hacks have occurred with major retailers such as Macys, Capital One, Equifax, and Target.
Some criminals set up scams to trick consumers into giving up credit card information via phone and email. Phishing scams can be used to steal card numbers, account numbers, or your tax refund.
During the COVID-19 pandemic, phishing scams have been popping up more to prey on those who are in stressful financial situations. For this reason, if someone contacts you requesting you to verify personal information or account information, it’s important to make sure it’s a legitimate request.
“Scammers thrive on people who are stressed and are desperate and emotional,” says Axton Betz-Hamilton, Ph.D., an assistant professor of consumer affairs at South Dakota State University and an accredited financial counselor. “Right now, the entire world probably falls under that umbrella.”
6 ways to protect yourself from credit card fraud
- Use a contactless payment system: When you use Apple Pay, Google Pay, or another similar contactless payment system, your credit card numbers aren’t actually used to make a purchase. Instead, the system links a unique number to your credit card known as a token. If a merchant falls victim to a hacking or data breach incident, the hacker only has access to the token sent to the merchant, not your actual credit card number. If you don’t have the option to use a contactless payment system, credit cards are still the next best option because their liability is capped, Chan-Tin says.
- Review your account transactions regularly: Chan-Tin uses Apple Pay whenever possible and reviews his billing statements frequently to look for fraudulent charges.
- Use a RFID-blocking wallet: Many credit cards are wireless, which allows consumers to tap to pay instead of swipe. Someone with a wireless card reader can bump into you and read your credit card information. Wallets with RFID-proof sleeves can block these wireless devices.
- Dedicate one credit card to online purchases: Commit to using one credit card for online purchases to limit the use of your personal information on the internet and prevent unauthorized use. It’ll be easier to keep track of one card online than several.
- When in doubt, verify: If someone contacts you requesting to verify personal financial information, be cautious, especially if they claim to represent the IRS or your bank. Betz-Hamilton doesn’t recommend giving your account number or credit card number to a caller unless you are the one who initiated the call. Keep in mind, the government will never contact you by phone, email, or text and ask for any sensitive information related to your bank, credit card, or Social Security numbers.
- Don’t make online purchases on public Wi-Fi: If you are going to make an online purchase, enter your credit card information on your home Wi-Fi or another trusted password-protected network. Public Wi-Fi at coffee shops, restaurants, or retail shops is more vulnerable to hacking.
Disputing fraudulent credit card account activity
If you know your credit card has been stolen, call the card issuer right away to dispute the charges. Many credit card issuers give their customers zero-liability fraud protection if they report the fraudulent charges within a specific time frame.
The Fair Credit Billing Act releases you of liability if only the credit card number was stolen, not the physical card. Check with your card issuer for specific liability policies if you’re a victim of credit card fraud.
Filing a fraud report
When you file a fraud report with your credit card company, they will likely freeze your account and issue you a new card with different numbers.
- Report identity theft to the FTC: If you believe you were a victim of identity theft, not just credit card fraud, report the incident or suspicious activity to the FTC to receive a personal recovery plan.
- File a police report: The FTC can recommend if your circumstance warrants a formal report.
- Freeze your credit: Contact the major credit bureaus — Experian, TransUnion, and Equifax — to freeze your credit and place a fraud alert on your credit reports. If your identity was stolen, this will prevent anyone, including yourself, from opening up a new account or credit card in your name.
- Change your passwords: Review your financial accounts and create new passwords that are strong in case your accounts were hacked. It’s also important to use a strong password and two-factor authentication on your account to further protect your financial information.
- Contact a fraud specialist with your service provider: Many insurance companies, financial service organizations, and employers have programs to assist you through identity incidents and can provide access to a fraud specialist if needed.
Are you a victim of credit card fraud? Download our infographic here with our six steps to take if you think your financial information has been compromised.