News reports seem to hit every few months about innovative ways thieves can steal your credit card information. Someone stealing the carbons (ask your parents) from the convenience store garbage seems small time compared to what’s happening today. Here are some things to watch out for with your credit cards, and steps you can take to minimize any potential headaches.
Data breach (Target, Home Depot, Wawa, etc.)
We’ve all heard about – and unfortunately many of us have been victims of – data breaches. This is where a criminal maneuvers into the inner workings of a corporation’s computers to steal information, often thousands of credit card records at one time. They can then create dummy credit cards or sell the data. There have been so many data breaches that I personally have had free credit monitoring for the last four years and will have it for at least five more.
What you can do – while there’s nothing you can do to prevent a data breach, some experts recommend never saving your credit card information on a website. However, if you’re inside a physical store – and unless you want to pay cash for everything – there’s not a lot you can do to protect your credit card from a data breach.
Skimming
Most of us are familiar with skimming, whether it’s at the gas station or through an ATM. However, if you’re not, here’s the skinny. Thieves mount a credit card reader into the normal credit card slot on a gas pump or ATM. Your purchase still goes through, but the reader captures and stores your credit card information.
What you can do – try to ID these skimmers. Be suspicious if something looks added to the machine or different from when you’ve been there before. If you’re at a gas pump, make sure the security seal isn’t broken. Wiggle the slot where you’re inserting your card. Some people who have been victimized remembered later that it was hard to get the card in or out when they inserted their card.
Skimming 2.0 aka Formjacking
Now that we’re closely examining physical card readers, criminals have gone digital. The FBI recently released a warning about e-skimming, a process whereby crooks upload malicious code onto a website that can steal your credit card information. A consumer purchases something from the website but doesn’t know a copy of the purchase information went to the criminals. Just like with normal skimming, your purchase goes through. Both Ticketmaster and British Airways have been attacked and recent research estimates thousands of sites may have this code.
What you can do – the old standby of looking for the security lock at the top of the web page doesn’t work in this instance. However, you should still look for that. If you’re buying from an unknown retailer, beware. Can you call them to give your card number over the phone (or even send a check)? If you’re paying online, consider using a third-party pay service (like PayPal or a competitor). However, this opens another can of worms. While it may protect you from formjacking, it also opens the door to yet another company having your history of purchases (now your credit card and the third-party vendor know what you’re doing). You have to decide whether privacy or security is more important to you.
Malware on your computer
Risqué sites can be risky. But sometimes you do nothing wrong and still end up with malware. Maybe you got a file from a client that was infected. Perhaps you opened an email that you thought you recognized and too late realized you shouldn’t have. Malware can do all kinds of things to your computer, including shutting it down, freezing it until a ransom is paid, and yes, stealing your credit card information as you innocently order a bag of cat food for Fluffy.
What you can do – keep your antivirus up to date on all your computers. Consider doing financial transactions only on one computer hardwired to the Internet. Yeah, that’s a little over the top, but it also stops someone piggybacking on your wireless network from scanning for information.
Public computers/free wi-fi
Every time I go to the library I see people hard at work on the computers there. And try to step into a coffee shop without hearing the clicking of keyboards – I think it’s impossible. If you’re researching holiday recipes, using public computers and networks isn’t a problem. Be aware though that any public computer could be infected with malware, a virus, or a simple key reader that saves everything you type. Wireless networks can be hacked by that friendly gentleman who offered you a seat at the coffee shop. Everything you do on public computers and wi-fi could potentially be stolen.
What you can do – If you’re on a public computer, the best advice is don’t do anything where you’re entering a password (email, banking, shopping, etc.).
If you’re on a free wi-fi, you can use a VPN (Virtual Private Network) to protect your personal information. However, it’s still probably best to save your banking and online shopping until you are home.
Slick emails or phone calls
Email addresses and phone numbers can be spoofed, meaning that the number/email address you see isn’t real. So you could get a call or email that looks like it’s coming from your bank when in fact it’s coming from another country. Here’s where you have to develop your sixth sense. Why would your bank be calling you today? Have you interacted with them lately for something out of the ordinary? If not, is there any reason they would want your credit card information?
How would you react to this situation: a friendly rep from your bank has called with the disturbing news that your credit card information has been stolen. Here’s how he works it:
“You know, criminals are everywhere. I don’t want to read your number over the phone, but the last four digits are 2, 7, 6, 9 (they are correct). Can you verify the security code on the back?”
Then he pauses. Would you give out the security code?
What you can do – if you get an unsolicited call from your bank, the IRS, the Social Security Admin or honestly anyone else digging into your personal information, ask them for their name and contact information. Then go online or find a past bill/statement, check to see if the number they gave you is accurate and call them back (using the verified customer service number).
If you get an email that looks real but seems ill-timed, look at it closely. Is the return address JoesBank.com, or JoeBank.com. Is the message professional? Correct spelling? Many times a close inspection will show errors. Even if it seems legit, don’t be afraid to call and talk to the person on the email.
One side note – while this isn’t directly related to credit cards, it’s something to keep in mind. I see more and more stories about someone who bought gift cards to get their brother out of jail or to pay off an outstanding bill or whatever. I’ve never had a company (or the police) ask me to send in gift cards to pay for anything. If someone says buy $500 in gift cards, that should set the sixth sense to tingling. Get their info, call back, make sure it’s legit.
Dumpster diving
People today are getting better at shredding their financial information. However, there are still enough people out there that don’t to make dumpster diving a profitable habit. In addition, preapproved credit card applications that you just throw away are a gift to any thief who finds them. You didn’t open an account so you won’t be suspicious. Yet you left everything right there for someone to open the account in your name.
What you can do – credit card companies usually won’t open a new account using a preapproved mailer without sending the card to the address on record. That means if you’re watching your mail, you should be able to uncover the problem when the new card arrives. However, if your mail languishes in the box – or if your carrier is like mine and comes at any hour – checking your credit report periodically through the year will show all your accounts. If there’s one you don’t recognize, contact the company and all three credit bureaus.
And buy a cross-cut shredder. It’s a small investment but it’s well worth it.
It’s not there (stolen/misplaced card)
Ah, an oldie but a goodie. “I know I had it right here.” Well you did, but no more. Your credit card is gone. Fortunately this is one of the easiest to notice because it’s something physical that’s now missing.
What you can do – call the credit card company. If it’s been several days, try to remember the last time you used it. Go online to your account to see if there are charges you don’t recognize.
Even with the recommendations above, you should be checking your statement every month…
I’m a money nerd. I want to know where every penny is going and will fight if I find out I was cheated out of what’s mine. So yes, I check my credit card bill every month against receipts to make sure it’s correct. And I have found errors, including several times where waitstaff – thinking they won’t get caught – have added to their tip.
Reviewing your credit card bill also helps you keep on top of what you’re spending. Even though I save all my receipts, when I look at my bill there are still times I wonder what I spent that $29 on. Or maybe an online retailer selling through Amazon or Walmart uses a different company name. You see this name, think I never bought from them, then find the shipping receipt and realize it was that pearl-handled back scratcher you got online.
Fraudsters will often charge a small amount to make sure the card is valid before going on a spending spree. So even if the amount in question is a couple of dollars, contact your credit card company.
If reviewing your credit card bill line by line against a pile of receipts makes you want to scream, at the very least read through the list of vendors and companies. If a company looks suspect, investigate further.
…and checking your credit report regularly
I’ve never really put “check credit reports” on my to-do list, but I still end up checking them a couple of times a year. My wife and I have found small issues – names that weren’t correct, phone numbers that shouldn’t be listed. But so far, no unknown companies have shown up.
If worse comes to worst
One advantage of paying with a credit card is the limited liability in case something goes wrong. Federal law limits your liability to $50 (if you report it quickly enough), and often the companies will waive that. Plus I’ve found credit card companies often discover fraud even before I’ve noticed. Both my wife and I have been notified that we are getting new credit cards due to suspicious activity.
Don’t forget – if you get a new credit card, make sure you update any bills that are automatically paid through the card (gym memberships, etc). If you don’t give them the new number, you may have another headache on top of the original stolen card.
Photo from pexels.com