Why does my card always get hacked?

Credit card fraud is the most frustrating crime you can’t see. 

According to the Federal Trade Commission, in 2019, the agency received more than 271,000 reports of people’s credit card information being misused or used to open new accounts.

It’s not a new crime, but it has dramatically changed over time. “Years ago, [credit card theft] was focused on stealing someone’s wallet. Things have evolved so much since then,” says Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions. “Most of the time now, it’s being able to access info electronically through data breaches and direct attacks.”

In 2019, Capital One suffered a massive data breach — one of the world’s largest — that left over 100 million people vulnerable to identity theft. The company said “it immediately fixed the issue.

With cybercriminals becoming more sophisticated, it’s important to understand the types of fraud out there. We spoke to two cybersecurity and identity theft experts to walk you through how to protect yourself and what to do if your credit card (or debit card) information is stolen.

Ways Your Credit Card Information Can Be Stolen

Stolen Information

Stolen information is “when a fraudster has access to your credit card number and can make purchases,” Sutherland says. “Fraudsters are very keen. It may be an email or phone call or fake website. They will go for whatever process will be most effective for their target audience.”

Here are some examples:

Lost or stolen cards: A person physically possesses your credit card and uses it to make purchases.

Phishing: A fraudster uses a text message, phone call, or email to impersonate a legitimate person or institution to get you to hand over sensitive information.

Counterfeit: Credit card or other accounts opened using stolen information from real people. 

Credit card skimming: A device that steals credit or debit card information from card readers such as a gas pump or ATM. It’s not as common as it used to be, due to retailers moving away from the magnetic stripe toward the more secure chip cards, though it still occurs.

Public Wi-Fi networks: A shared internet connection means no privacy. Even if you’re on your own device or on a secure website, you could be vulnerable to hackers if you reveal your credit card or bank information while on a public network.

Spyware and malware: Spyware is a type of malware (malicious software) that collects your personal information in the background of your computer. It silently records your browser history and keystrokes for cybercriminals, allowing them to impersonate you or sell your data.

Data breaches: When a company you’ve entrusted with your confidential information is hacked, your credit card info is vulnerable to fraudsters to collect and misuse.

Familial fraud: Familial fraud occurs when a family member, friend, or someone you know has used your card or opened an account in your name without authorization, says Sutherland. This is one of the more difficult forms of fraud to contend with, as it involves a person you know stealing your identity. It is still possible, though, to clear your name and not be held liable for charges you didn’t make.

How to Check If Your Credit Card Information Has Been Stolen

Credit Reports

Because of the COVID-19 pandemic, the three major U.S. credit bureaus (Equifax, Experian, TransUnion) offer free weekly credit reports to everyone using AnnualCreditReport.com through April 2020. (Under normal circumstances, the credit reports are free through the three credit bureaus every 12 months.) We recommend checking your credit card statement at least once a week to make sure no unusual charges crop up. You have a right to contest any charge from a retailer that does not seem accurate or did not originate from you. The best time to catch a fraudulent transaction is before pay off your card’s balance. Otherwise, you could have a difficult time contesting a charge with your provider.

Thieves need only a minute, sometimes a second to steal your card data.  Not all card schemes are complicated; many are simpler than you’d imagine.  

Here are 4 of the most common ways thieves steal your card information:

1) Skimming Devices

These are small electronic/data transmitting devices that are used by fraudsters to illegally collect data from the magnetic stripe of your card.  Skimming devices have been found on gas station pumps, ATM’s, retail card terminals, and even on handheld devices utilized by salespeople.  Skimmers are crafted to look identical to the actual card scanning device on which they are installed.  These skimmers are placed there when no one is around or while there is a distraction.  Later, fraudsters will retrieve the skimmer and use the collected data to create counterfeit cards or sell the card information to other fraudsters on the black market for fraudulent e-commerce purchases.

2) Phishing

Phishing starts when a consumer receives an official-looking e-mail from a business.  The e-mail looks in every respect like one from a trusted source, such as a bank or merchant.  The fraudulent e-mail will typically claim to be doing a security check, requiring the customer to verify private information such as date of birth, Social Security number, three-digit security code on the back of your card, etc.  The email may also contain a link to a fictitious website that appears to be the merchant’s or business’ website.  When you click on this website, the site installs malware on your computer that captures your keystrokes.  The malware is installed without any visible indicators, so you never realize that you are being watched every time you type a username, password, card number, expiration date, etc.  A good indicator of fraudulent or phishing emails is that they're usually littered with spelling mistakes.

3) Merchant Compromises

During merchant compromises, fraudsters hack into a merchant’s or card processor’s computer network and steal customer card data.  Unfortunately, there is nothing you can personally do to protect a merchant from getting hacked or prevent your card number from landing in the hands of the fraudster when a merchant is compromised.  However, you can rest assured that the State Bank of Cross Plains will take every action necessary to protect you in the event that your card number is involved in a compromise. 

4) Restaurant Scheme

How it works: A waitress/waiter whisks away your credit card and swipes it through the restaurant’s card terminal, which is out of sight.  They then pull out a skimmer, about the size of an ice cube, and swipes your card through it.  The waitress/waiter then returns your card to you.  This is done to dozens of cards in a week.  This information is then sold to a fraudster that will counterfeit the card and/or use the information for e-commerce transactions.

The next time you find yourself at a gas pump or any freestanding point of sale, take the time to carefully inspect the card-reading device before you swipe your card.  A gentle tug on the card slot should help reveal if it is authentic or not.

Always be wary of any email or a text message that asks you to provide personal information by replying to a message or clicking on a link, especially when it is unsolicited.  Do not click on any links or images from unknown senders.  Only enter your card information on secure websites that have “https” or a lock symbol that appears in the site address.

Regularly monitor your account statements and notify your financial institution or card company whenever you spot something suspicious.  Always shred confidential information before discarding.  At the first sign of suspicious activity on your card or if you realize it is missing call your issuer immediately to suspend your account. You can contact the State Bank of Cross Plains to report suspicious activity or a lost/stolen card at (855) 256-7328.

We can help!

State Bank of Cross Plains has fraud detection that monitors every card transaction, 24/7.  If suspicious activity is detected on your card, we will contact you right away.  In the case of a compromise, you will not be responsible for any unauthorized transactions on your card if notification is made in accordance with our account agreements. 

State Bank of Cross Plains offers a powerful tool called Card Manager to help our customers better protect and manage your credit and debit cards.  Set up your card alerts today!

How can I prevent my card from being hacked?

Why does my card info keep getting stolen?

How does my debit card get hacked?

How do hackers steal card information?