*Editorial Note: The content of this article is based on the author’s opinions and recommendations alone. It may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Aug 16, 2019. Terms and conditions may have changed. For the most accurate information, please consult the issuer website.
The intensifying battle against credit card scammers and thieves clearly requires at least one thing of businesses and consumers: Go on offense with their defense.
“Credit card fraud is a really big problem and it isn’t going away any time soon,” said Matt Schulz, chief industry analyst at CompareCards. “Fraud is a ‘forever’ problem. The bad guys are really smart, really patient and have a lot of motivation to stay a step or two ahead of the good guys. It’s vital that consumers stay diligent and do what they can to protect their information.”
Earlier this year, a hacker broke into a Capital One server and gained access to over 100 million U.S. customer accounts and credit card applications, one of the biggest-ever data breaches. It was the latest in a long list of breaches that made headlines and further underscored a harsh reality: Consumers and businesses remain vulnerable to the fast-moving and ever-evolving tactics of bad cyber actors.
Fraudsters are expected to keep racking up big numbers, continuing a decade-long trend of costlier and increasingly widespread hacks and breaches. Worldwide, credit fraud losses are projected to reach $31.3 billion in 2019, up from $28.9 billion in 2018 and from $18.1 in 2014, according to The Nilson Report, a credit card and mobile payment researcher. In 2020, global credit card losses are projected to rise to $33.7 billion, according to Nilson.
Consumers should be mindful of their vulnerabilities and take steps to defend themselves, such as regularly monitoring their credit reports and seeking credit card companies that have their backs through fraud protection, instant alerts and other services. Here are six common ways credit card numbers can be stolen, plus tips for consumers to protect themselves from credit card fraud:
1. Skimming – Be aware at ATMs, gas pumps, restaurants
Card skimmers – installed in ATMs or at gas pumps, for example – can be used by thieves to capture the digital information from a credit card’s magnetic stripe. Or, an unscrupulous cashier or restaurant server could stealthily run your card through a hand-held skimmer, out of your sight, when you pay your bill.
Skimming became more prevalent in recent years as chip technology made it harder to produce actual counterfeit credit cards, Schulz noted. At gas pumps, skimming “is big now, because there’s a limited time for the bad guys to take advantage,” Schultz added, citing an October 2020 deadline for gas stations to comply with a mandate from major credit card companies to install chip-reading pumps.
“Chip cards knocked down credit card counterfeit fraud, but it also shifted bad guys’ focus to other spots,” he said. Gas pumps that haven’t yet been upgraded with chip readers are “low-hanging fruit to capture credit numbers and use themselves, or sell on the black market,” Schulz said.
How consumers step up their defense: When filling your tank, use gas pumps that are well-lit or close to main store of gas station, Schulz said, “because it’s a whole lot easier for bad guys to attach something to a pump that’s out of sight or in darkness.” Also, keep your eyes open for card readers that appear loose or may have been tampered with, and only withdraw cash from your bank’s ATMs.
If your card does get “skimmed,” or some other form of credit card fraud happens, seconds count. You need to know right away and some issuers let you take action. Consumers have options when it comes to credit cards and in today’s world, security features are important to consider.
For example, Discover offers customers the ability to “freeze” their accounts in seconds, through an “on/off” switch on the Discover app and website, to prevent new purchases. Discover cardholders (as well as most other card issuers) also have $0 fraud liability. You’re never responsible for unauthorized purchases on your credit card. Last but not least, if your account is compromised, Discover offers free overnight shipping of replacement cards to any U.S. street address on your credit card. Other issuers may charge a fee for overnight shipping.
2. Phishing and pharming – Be careful about clicking on links in suspicious emails
Phishing email scammers attempt to hoodwink you into sharing credit card numbers or other personal information by posing as an established, familiar company. “Pharming” involves directing you to the fake version of a real website, with the aim of obtaining passwords, account numbers and other personal information.
Did you recently get an email from a “bank” asking you for your Social Security number or other sensitive information? There’s a good chance it’s fake. Most financial institutions would never ask customers to share their information over email.
Phishing techniques have “gotten pretty sophisticated,” Schulz said. “It can be hard to spot the difference between a ‘good’ email and a ‘bad’ one.”
How consumers step up their defense: “When in doubt, don’t click on anything,” Schulz said. Instead, contact your bank and ask if you need to do anything. Also, take a hard look at the sender’s email address: Are there extra numbers or words that look odd or inconsistent? “That is often a clear sign of phishing,” he said.
“When you’re in an unfamiliar neighborhood, you keep your guard up,” Schulz added. “You should take a similar approach with your credit card information online. When in doubt, don’t give it out any credit card numbers.”
3. Malware and spyware – Free public Wi-Fi may not actually be ‘free’
Thieves can install viruses, worms and other forms of malware and spyware on your computer, unbeknownst to you, and scoop up credit card numbers and other personal information. Malware can also infect smartphones and tablets.
Much like phishing, malware and spyware can be downloaded onto your computer if you click on a link in the wrong email. Fraud risks from malware and spyware are particularly acute amid the ubiquity of public Wi-Fi, which may lack the firewalls of a business’s internet system.
How consumers can step up their defense: Avoid downloading anything on your computer unless you’ve fully validated the source and trust where it’s coming from. Also, don’t open sensitive documents or financial services websites on public networks, because that’s one route for hackers to gain access to your account numbers and passwords. Keep your anti-virus and anti-malware programs updated.
4. Hacking into big companies – Names make news
The list of hackers’ high-profile victims keeps getting longer: major airlines, banks, hotels, home improvement stores and other large national and international corporations have suffered data breaches in recent years, exposing the personal information of millions of customers.
Since 2005, over 9,000 known data breaches have exposed nearly 12 billion customer records, according to Privacy Rights Clearinghouse. In the U.S., Marriott International had the highest number of reported records exposed in 2018, with 500 million people worldwide affected, according to a report from the Identity Theft Resource Center.
For consumers, one of the most frustrating things with such large-scale breaches is they probably didn’t do anything wrong, Schulz said. “There’s nothing they could have done” to prevent the breach, he said.
How consumers step up their defense: There’s always a possibility that big retailer or other company may get hacked, Schulz said, making it “really important” to regularly check your online bank and credit card statements for any signs of fraud after the fact.
Keep a close eye on your credit reports and card statements. Discover card customers can activate free alerts if any new credit card, mortgage, car loan or other account shows up on their credit reports. For example, the Discover it® Cash Back offers free alerts which can help you stay on top of fraudulent activity.
0% for 14 months on purchases and Balance Transfers, then 11.99% - 22.99% Variable.
Earn 5% cash back on everyday purchases at different places each quarter like Amazon.com, grocery stores, restaurants, gas stations and when you pay using PayPal, up to the quarterly maximum when you activate. Plus, earn unlimited 1% cash back on all other purchases – automatically. *
Get a dollar-for-dollar match of all the cash back you've earned at the end of your first year, automatically*
- INTRO OFFER: Unlimited Cashback Match – only from Discover. Discover will automatically match all the cash back you’ve earned at the end of your first year! There’s no minimum spending or maximum rewards. Just a dollar-for-dollar match.
- Earn 5% cash back on everyday purchases at different places each quarter like Amazon.com, grocery stores, restaurants, gas stations and when you pay using PayPal, up to the quarterly maximum when you activate.
- Plus, earn unlimited 1% cash back on all other purchases - automatically.
- Redeem cash back in any amount, any time. Rewards never expire.
- Use your rewards at Amazon.com checkout.
- Get an alert if we find your Social Security number on any of thousands of Dark Web sites.* Activate for free.
- No annual fee.
- Discover is accepted nationwide by 99% of the places that take credit cards.
- See Rates & Fees
See additional details for Discover it® Cash Back
If you travel, keep your guard up. Consumers “should ask airlines and hotels what information is necessary to store and for how long on their servers,” the Identity Theft Resource Center said in its 2018 End-of-Year Data Breach report. Driver’s license numbers, passport numbers and related information may be required when traveling, but the security of such data “should be a question every traveler asks of the agency requiring the information.”
5. Phone tricks, plus a few twists – the dark web and synthetic identity theft
Phishing emails are, in essence, an internet-age spin on an older hustle: calling people on the phone, posing as a bank’s fraud department or other legitimate-sounding entity and convincing those people to give out credit card numbers or other personal information.
Scammers continue to apply similar tactics in the smartphone era, such as “spoofing” calls that appear to come from the same area code as the one you’re in.
More recently, “synthetic identity theft” has become one of the faster-growing forms of fraud, and, according to the U.S. Federal Trade Commission, one of the hardest to detect. In synthetic identity theft, criminals combine, for example, a false name with a real Social Security number or address; they then use this information to create a fake person and apply for credit cards or commit other fraudulent acts.
“Crime rings see attractive opportunities in synthetic identity payments fraud,” said Ken Montgomery, a security expert at the Federal Reserve Bank of Boston, in a July report. “Law enforcement officials, financial institutions and other organizations recognize it as a growing concern. But unfortunately, many consumers don’t realize how it can hurt their access to credit or how to protect themselves.”
How consumers step up their defense: As you would try to avoid becoming a phishing email victim, apply similar steps: For starters, don’t give out any personal information to a stranger over the phone. Also, let the authorities or your credit card company know if you see or hear something fishy.
“If you get a call out of the blue from someone claiming to be from a government agency like the Social Security Administration or IRS asking you for personal information or money, it’s a scam,” Andrew Smith, director of the FTC’s bureau of consumer protection, said in a February statement. “You should hang up immediately and report it to the FTC.”
Personal information can also circulate on the dark web” an encrypted netherworld that can be used as a marketplace for illegal goods or stolen data (Discover offers free alerts that notify you if your Social Security number is found on any of the thousands of dark websites).
6. Going through your trash – Watch snail mail and don’t get shredded by dumpster-divers
This may be a retro tactic, but if you’re not careful about how you dispose of your garbage, you still run the risk of having personal information stolen. Some paper statements from banks or credit card companies may have information thieves can use – like the last few digits of an account number or your home address.
How consumers step up their defense: Choose the paperless option with your credit card and bank statements; use a paper shredder for any printed documents you’re throwing away.
Protecting against credit card fraud is an ongoing battle, making it critical that consumers stay aware and vigilant. If you think you may have been affected by a data breach, don’t take a wait-and-see approach; take action immediately. Learn more about how to spot credit card fraud and more ways to reduce your risk of identity theft.