Protecting Your Credit Card, Score, and Identity from Thieves
A bleary-eyed teenager in a country halfway around the world stares at a computer screen, considering a list of products. He selects one, paying $50 USD. A few minutes later, he opens the digital package, copies down numbers, and pastes them into another window — eBay. He buys an Amazon gift card.
How do credit card thieves get caught? How does your credit card number get on the black market? What do you do when faced with credit card theft? Let’s peel back the veil over the criminal underworld, and what you can do to protect yourself.
Understand How Credit Card Scams Work to Avoid Them
How Thieves Get Credit Card Numbers
There’s quite a few ways your credit card can be hacked or stolen. In any case, once stolen, your credit card details will likely end up somewhere in the dark corners of the internet, populated primarily by those looking to skirt laws. Often, these sites are only accessible to those in the know, and can’t be found through Google
These hidden sites make up the majority of the internet. Equifax likens this part of the web to an iceberg, where the average user only sees the tip, not the massive chunk under the water. While many of these sites are lost and forgotten, some are fairly active. Part of the this section of the web is a hive of criminal activity, where stolen goods like credit cards are exchanged with narcotics, weapons, and more.
While file sharing and leaked data make up the bulk of what can be found, financial fraud makes up about 12 percent of these sites.
On these forums and marketplaces, credit cards are sold individually or in bulk, depending on the perceived value of the card. A card with a low limit might go for $1, while high limits can start at $15. If enough information about the card is known, and it’s a higher limit, a single card could go for $100. Bulk lists of credit card numbers, usually from a hacked retailer, are worth less, as the numbers may or may not already be reported to lenders and thus useless to criminals.
How Thieves Use Stolen Credit Cards
The numbers are bought, and it’s time to make money off a credit card theft. Usually, this comes in the form of gift cards, or actual items.
First, the Mule Scam. Have you seen signs along the lines of, “Work from home for $2,500 a week!” on the roadside? This is one of the many possible outcomes. You are told all you have to do is accept packages, unbox them, rebox the contents with a pre-printed address, and ship out the new package. Easy money, right? Not quite.
The items have been purchased with stolen money, which means you just accepted stolen goods. You are obscuring where the stolen goods are going. As security researcher Brian Krebs points out, electronics in Russia can go for 30 to 50 percent markup, meaning the scammers get even more money out of the deal.
The scammer bought a card number for $10, bought an iPad at no cost to them, paid for shipping, and then sold the iPad in Russia at a premium, netting $700. At the end of the month, when you expect to be paid for your work-at-home reshipping job, you get nothing. You are “burned” and the company you “worked for” doesn’t exist. They’ve moved on to the next person who answered the ad.
Or, the item is reshipped to a neighborhood with foreclosed homes. Often, addresses are rotated, so the same foreclosed house is rarely used twice. The scammer drives around until they find the right foreclosed house, unoccupied, unmonitored, and picks up the package. They may spend money to fill up on gas consumed driving around a city, but they’ll make more than they spend in items bought with a stolen card.
Reshipping isn’t the only scam, of course. There’s the triangulation scam, which uses eBay and other retailers; or even just printing blank cards with your credit card’s information. For some scammers around the world, it’s a lucrative business. But, it’s a huge risk of possibly getting caught.
How to Prevent Credit Card Fraud
It’s important to recognize common frauds and warning signs. Obviously, purchases you didn’t make appearing on your statement is cause for concern. You should limit authorized users for this reason, as it could be a legitimate use of the card – and also much, much harder to receive a chargeback on the purchase.
Other common credit card frauds involve skimming, as noted above; advance fee or “Nigerian prince” schemes where someone asks for a small amount of money in order to send you a much larger sum; and imposters attempting to get information from you via phone, often in the form of a loved one supposedly in a foreign jail and needing money to get out. In many of these cases, monitoring your credit reports and card statements can help you catch fraud in its tracks.
Ways to Prevent Credit Card Theft
In 2015, Americans accounted for about a quarter of total credit card usage, but nearly half of credit card fraud targeted the US. But, in January 2016, EMV chips embedded in new cards helped. Mastercard (the “M” in “EMV”) reported up to an 80 percent reduction in fraud in European countries that adopted the EMV chips more than a decade ago. Security firm Gemalto found that England saw a 30 percent reduction in credit card fraud cases since EMV adoption in 2004, while Canada’s debit card losses were reduced by 73 percent, from $142 million in 2009 to $38.5 million in 2012. Fraud from card theft in France since their 2005 adoption fell a whopping 98 percent.
America is quickly adopting the chips, as well – by the end of 2016, 75 percent of credit cards had an EMV chip. If your card does not have one, request that you lender send you a new card with an EMV chip.
There are steps you can take to reduce the chances of identity theft or credit card fraud, especially by digital theft.
First, lockdown social media. Review your privacy settings. The wrong person could get the right information to compromise your accounts. Imagine if your security question to retrieve your credit card account’s password was your pet’s name. Someone searches for you on Facebook, finds photos of you and Fluffy McPupper, and now has the information to hack into your account, guessing that “Fluffy McPupper” is your password – with no actual hacking needed.
Next, check your passwords; it’s good to update them periodically. While it might seem best to replace letters with numbers and symbols in your password, Randall Munroe, a former NASA roboticist-turned-webcomic creator, crunched numbers and found a simple four-word phrase, using random words, is much more secure.
Signing up for security and fraud alerts on your credit card is always a wise idea. Many companies offer this already, but some may require you to ask or even pay a fee for it. The same goes for your credit score, which will also help inform you of anything out of the ordinary with your score. This may also be free through your bank, but the three major credit bureaus, as well as other credit-reporting companies, offer this as a paid service. Similarly, if you suspect your identity has been stolen, place a credit freeze on your credit score, usually for a small fee, or add on credit monitoring.
Set Up Purchase Alerts
You can enable two-factor authentication on many of your accounts, including e-commerce sites like Amazon. This sends a text message to your phone anytime a new device, such as computer, tablet, or smartphone, attempts to access your account. The message will contain a one-time-use code, which enables access to account. This is on top of your normal username and password.
Some services will also allow you to set up alerts when more than a specific amount of money is spent. These purchase alerts will send you a message when, for example, more than $100 has been spent in a short time.
Identity Theft Monitoring
You can set up identity theft monitoring with the three credit bureaus. This will alert you when someone tries to use your information to open a new account, such as a credit card or bank account.
When traveling, take extra precautions and be aware of scams and fraud tactics more common outside the US.
Finally, do not delay when you suspect fraud. The faster you inform your bank, credit card company or other account provider, the faster they can put a freeze on your account and reissue a card, limiting the amount of damage done. Not only can this limit your own liability, but it gives more time to law enforcement to catch the criminal.
Credit card fraud and identity theft affects millions of people each year. It’s important to understand the fundamentals of credit card fraud in order to prevent it, or minimize damage. Ensuring you have an EMV card, and using simple tips like switching up passwords, you can hamper fraudsters and protect yourself.
Report Lost Card or Suspicious Activity Immediately
Talk to Your Card Company
Once you discover fraudulent charges, the first step is to notify your bank or lender.
Once the card or account has been frozen or closed, your lender will send you a new card. Once activated, you are ready to start charging again.
However, you may also want to notify local police. They may or may not be able to help. If someone stole your physical card, they might be able to investigate. If your card number was stolen online, there’s probably little your local police can do.
In these cases, you can report the fraudulent activity to credit unions, especially in the case of the fraudster racking up debt and you not realizing for a few bill cycles. You can set up fraud monitoring if it is not already provided by default through your lender. More on this later.
What to Do If Your Information Was Stolen or Compromised
If You Suspect a Leak; If You Know Your Data Was Stolen.
If you suspect your information was stolen or compromised – be it credit information or anything identity-related, such as your Social Security number – it’s time to start making calls.
The Federal Trade Commission offers steps to follow. The immediate steps are as follows:
Call the company’s fraud department and explain the situation. Call your banks or lenders. Freeze or close the accounts. If not already offered, enable fraud monitoring.
Contact the three credit bureaus:
Request credit reports from each, and review the reports for any further suspected fraudulent activity. Also consider credit monitoring, which will alert you if someone attempts to open an account in your name. Some companies offer this service for free, while others charge. It will not affect your credit score.
In extreme cases, you may also wish to freeze your credit account with the three credit bureaus. Instead of simply alerting you to identity thieves using your name, it stops them entirely. However, you will not be able to make any hard inquiries into your account, such as if you are purchasing a car using an auto loan. Like crediting monitoring, this will not negatively affect your credit score.
Next, change all passwords, PINs, and logins for your accounts.
Contact the FTC through IdentityTheft.gov or call 1-877-438-4338, and include as many details as possible from the previous steps.
The final step you should take immediately is to visit you local police station. You will need:
- A copy of your FTC Identity Theft Report from the previous step
- A government-issued photo ID
- Proof of your address (mortgage statement, rental agreement, or utility bill)
- Any other proof you have of the theft, such bills, Internal Revenue Service (IRS) notices, your credit report, etc.
File an identity theft report with them, and ask for a copy when done.
Don’t Use Your Debit Card
Credit Cards Offer Better Fraud Protection
Credit cards, by their very nature, offer better fraud protection. Because items bought on credit cards don’t immediately take the money from your account, your money remains safe. Your money can simply be credited back and a fraud investigation started. By law, both credit and debit cards have the same liability for the customer. However, this does not mean they have the same level of convenience when you are the victim of fraud.
Debit Cards Put Your Money on the Line
In this situation, it’s better to use credit cards than debit cards. You have longer to report the disappearing money, often an indefinite period, as it’s much quicker to get your money back and charges reversed than a debit card.
Part of the problem is that, according to the Electronic Funds Transfer Act, you only have 60 days to report the fraud, or you are fully liable for the money lost. The timer starts as soon as the fraudulent transaction takes place. If the card itself is stolen, it’s 60 days from the day it was stolen. Reporting before transactions take place is essential to not be liable. Two days after the theft, you are liable for up to $50. After that, you are liable for up to $500. After 60 days, you are fully liable. Usually, this is not the case with credit cards.
For credit cards, you are only liable for up to $50 if you report the missing card after a fraudulent transaction. Reporting before any transactions take place makes you not liable at all. Many credit lenders simply offer zero liability on all fraudulent transactions.
On top of this, since the funds are directly taken from your account, rather than simply used on credit, your money is gone as soon as the debit transaction takes place. This could put you in a tough situation if you have bills to pay. While you will receive your money back, it could take some time – time in which you won’t have your money. With a credit card, you would still be able to make purchases or pay bills.
With a Budget and Careful Spending, Credit Cards Are Safe and Smart
If you are able to create a budget and stick to it, paying off your credit card in a timely manner and never spending more than you can handle paying, credit cards are the better option in the fight against fraud. They require more work, especially if you want to avoid interest payments, but can also help you build credit.
Image source: https://www.pexels.com/
A former newspaper journalist, Cole spends his free time reading, writing, playing video games, watching movies, and learning about every subject under the sun. He lives with his wife and daughter in Idaho. Follow Cole on Twitter: @ColeMayer42
This post was updated December 14, 2017. It was originally published April 13, 2017.