If you were hit with credit card fraud this year, you are not alone. 15% of Americans surveyed by CompareCards, a LendingTree subsidiary, reported they had been victimized in 2017. Fraud can happen without losing your card. While card companies and banks are more alert to fraud than ever, cardholders are often the first to discover the fraudulent use of their card.
The two main types of card fraud are card-present and card-not-present.
- Card-present fraud is when the fraudster has stolen your actual card, or manufactured a fake card that relies on a cloned copy of the magnetic stripe on your card. Credit cards are still stolen out of shopping carts, during burglaries, and from the trunks of parked cars. One or more card thieves may be watching the parking lot to find women who lock their purse in the trunk, when running into the gym, for instance. Mag-stripe cloning can happen when you give you card to waiter or cashier who may take the card out of sight and have a mag-stripe scanner to capture card data, before returning the card with the purchase receipt. This represents about one third of credit card fraud. At this point, it is fairly difficult to clone an actual EMV chip (see Wednesday’s post), so the thieves usually rely on older mag stripe card readers for their purchases.
- Card-not-present fraud is the most widespread form of card fraud and represents about two thirds of card incidents. This type of fraud happens when card thieves get your card number, expiration, date, and CVV number through a social engineering exploit such as a phishing email and landing page, where the card information is entered into a web form by the victim. Sometimes it is a telephone scam where the caller represents themselves as from “card security.” Or the card information may just be copied down by the aforementioned store or restaurant employee. Perpetrators use the card information to shop online for high-end or desirable goods that can be easily converted into cash.
There are differences in the protection provided by credit card companies depending upon whether a credit card or debit card was stolen. Often it is better and safer to use an actual credit card that you pay off in full every month for your purchases, rather than a bank debit card that is tied to your checking or savings account.
- Owners of credit cards are protected for the full amount of the fraudulent use. Although the card fraud can cause some inconvenience, and may have a short-term negative impact on your credit rating, cardholders do not suffer any financial losses.
- Owners of debit cards on the other hand are not protected from financial loss. If someone uses your bank-issued check card to drain your checking and savings account, there may be little the bank can do to recover the funds, and they are not obligated to protect you from the loss.
Limiting the damage and recovering from fraudulent use requires a bit of vigilance and quick response to possible fraudulent activity.
- Monitor your credit and bank accounts for suspicious purchases.
- Set up alerts. If your card company provides it, set up automatic purchase confirmations via email or text message.
- Report card theft or loss. If you can’t find your card, it is better to report it than to hope you will find it later.
- Report suspicious or fraudulent use. If you see unusual activity on your credit card, report it to the issuer immediately.
- Review your credit bureau reports annually. You can review one of the 3 credit bureaus every four months and watch for new accounts being opened in your name.
- Request a credit freeze. If you have lost a card, or worse yet, your entire wallet or purse with drivers license and other ID documents, set up a credit freeze with the three credit bureaus. This prevents opening new accounts in your name without your explicit approval. While this can be a minor inconvenience when you are opening a new line of credit, it blocks anyone else from opening a line of credit in your name.
For more information you can link over to the Comparecards.com website using the following link.
More information:
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com