It’s always annoying.
It certainly seems like we can’t, doesn’t it?
It also seems that for every barrier we put in place to protect our credit card use, hackers find new ways to run off with our card information.
Let’s look at ways credit cards can be compromised and how you can protect yourself.
Become a Patron of Ask Leo! and go ad-free!
Preventing credit card theft
- Check for malware.
- Secure your local network.
- Be cautious who you give your credit card to.
- Beware of credit card skimmers.
- Use your card only with reputable companies.
Some forms of card compromise are outside your control.
It’s happened to me
It can be very frustrating.
Once I had both my cards compromised for different reasons while I was traveling to Las Vegas. I was afraid I’d have to do dishes to pay for my room, but my credit card company overnighted me a new card in time for check-out.
I suspect one of my cards was compromised by a service into which I had placed too much trust. The other? I have a suspicion there as well.
Let’s look at some of the ways this can happen.
Check for malware
To answer your first question, could your anti-malware tool be missing something?
Absolutely!
No security software can catch absolutely every possible malware. That’s the nature of malware and anti-malware tools.
I suggest you get a second anti-malware tool — perhaps a couple — and periodically run additional complete scans of your system. (What Security Software Do You Recommend? has recommendations.) One specific tool I recommend is the free version of Malwarebytes Anti-malware, which has a reputation for catching a lot of things that many other tools do not.
Make sure that all of your security software is up to date, running the most recent versions, and running its most recent database. Remember, the version of the software may change every year or six months or so, but the database it uses will change daily, if not multiple times per day.
Always make sure you’re running the latest version of both the software and its malware database.
Check the network
Make sure other machines on your network aren’t compromised.
If you have more than one machine at home connected to a single router, then by definition you have a local network. Make sure that all the other machines on that network are free of malware.
It’s possible that malware on a machine could be “sniffing” (watching) the traffic on your network. Usually that’s not the case, but given the number of times things have gone wrong for you, it’s something else that comes to mind.
When you’re not able to trust another machine on your network, it’s very much like using an open Wi-Fi hotspot. That other machine could do many interesting things to compromise your security. It’s important that all machines connected to your router are secure and free of malware. Make sure you’re up to date and running appropriate scans on all of them.
Physical theft
We’re often quick to blame our computers (or the internet) when we experience credit card fraud.
Frequently, the issues are much more low-tech.
For example, have you ever annoyed the waitstaff at a restaurant? Well, annoyed or not, when you give them your credit card, it’s out of your eyesight while they process it.1 There have been stories of clerks who take your credit card and clone or otherwise compromise it while it’s in their possession and out of your view. (It’s this that I suspect happened to my second stolen credit card. I didn’t knowingly annoy the waitstaff, but that card was out of my sight as I paid for a meal at the airport as I left town.)
The less obvious, slightly higher-tech case is hardware that’s actually installed on card readers.
Every once in a while, you’ll hear about bank machines or gas station pumps that have had what’s called a skimmer installed in front of the card slot. It looks like a regular card slot, and unless you know what you were looking for,2 you wouldn’t know that there was something else reading your card in addition to the pump or the cash machine. The hackers let the skimmers collect card data for a while and then come back and remove it, walking away with the credit card information for everyone who used the machine while the skimmer was active.
That’s one way card information can be stolen without the card ever having left your hands.
Compromised databases
By far, most of the card theft I am aware of, including the scenarios you describe, are things completely out of our control.
Large databases of credit card and other information are stolen. It’s not somebody targeting you or me, going after cards one at a time — it’s someone targeting the computers at your bank or the grocery store where you use the card.
You and I don’t really have a lot of control over those things.
Fortunately, besides being rare (that’s why it makes the news, after all), most credit card companies cover fraudulent charges to your card as long as the loss isn’t because of your personal actions. Unless you’re hacking in and stealing large databases of information, you’re likely covered.
But it is an inconvenience, no doubt about it. My Las Vegas experience was nerve-wracking enough, but to have cards compromised three times in a row, and that quickly, would be maddening.
I would definitely look closely at both your local network and computer security and keep a close eye on where you’re using the card.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: To be clear, this is uncommon – most restaurant servers wouldn’t dream of abusing your credit card, no matter how much of a jerk you might be. But I can see it happening. So, don’t be a jerk. It’s an unexpected and yet important part of keeping your information secure. Tipping generously helps as well, I’m sure.
2: I wish I could tell you what to look for, but it varies. I just keep an eye out for anything that seems out of the ordinary, particularly for those places I visit frequently.
Maybe this is a new one, I’m not sure. A credit card company sent me a new card to replace an expired one. It wasn’t even activated and there’s were four fraudulent charges that appeared on it a couple days after i received it – from a couple companies i never heard of or dealt with. I repeat – the card was not activated!
Hello,
I have been using PayPal for the last 20years and have yet (knock-on-wood) to have any issues.
also if you you have a good quality Credit Card they should have help with this issue also.
George
Me too. A credit card company sent me a new card. It was abused before I received it. All I knew was the last 4 digits of the card. I found a check box on their web site to lock the card. They sent another new card. I left it locked and do not use it.
I also suggest that everyone have a separate card for auto pay utility bills. I do not use it for anything else. Saves me a lot of hassle.
Some credit card companies offer a virtual card number service that greatly reduces the likelihood of theft, especially online theft. Each virtual card number can be used only at one particular merchant, and you can easily cancel or lock the card once you have made that single transaction. I have used those for years and I am a true believer
I had my credit card compromised 3 times and a couple of forged checks with my account number. The 3 fraudulent credit card transactions happened because of handing my credit card to be processed. The checks had my account number but not my name, so I assumed the thieves used a random account number which happened to be my number. In all cases, the problem was resolved by a phone call, and the Bank of America cancelled the debts immediately after the calls.
I always wondered why the waiters take the card. In Europe almost everywhere they take the terminal to the table, and if you pay contactless, the card never leaves your hands.
It is changing here also. I suspect that it may have been a holdover from the old system where they took an imprint of your card on the carbon copy form with a clunky machine.
Changing to at the table requires them to purchase new equipment that I am seeing at more restaurants all the time.
In the past there’s only been one card reader, and it’s WIRED to a connection to the wall. Not something a waiter can carry around.
1. After fraudulent charges following two separate restaurant visits with staff having the card out of sight, I will no longer patronize establishments that do not have payment where the card stays in my possession.
2. Using PayPal puts a wall between your card and the merchant. That has gotten refund on three occasions when merchandise did not arrive from smaller, less known merchants that had impressive web sites but never delivered the goods ordered.
Good article. I’d add a couple additional precautions. First, find out if your CC company offers email or text notifications for transactions over a specified amount. Mine does, and I get a text within a few seconds for any transaction over $1. Second, if you have a debit card you should also have a credit card. If you use a credit card and it’s compromised you don’t have to pay any disputed amount until it’s resolved. If you use a debit card and it’s compromised your bank account could be emptied overnight. You’re broke and checks or billpay are bouncing until it’s resolved, which can take days. I only use my debit card to get cash back, either at an ATM or at my local Walmart or chain grocery store.
I try to minimize exposure of my card as much as possible.
– use virtual cards for on-line transactions – locked to a vendor & limits on transaction value.
– load my credit & debit cards onto my iPhone wallet and use contactless payment. If the card details are skimmed, you cancel the virtual card and reload a new one rather than having to wait for a replacement physical card.
George and Cecil: Blame this on your credit card bank. When a new card is issued and until it’s activated any charges on the old card are transferred to the new card. This captures any pending charges until the transition is completed. It works the same way when your card expires and the bank sends you a new card. An expired card doesn’t mean it cannot be charged.
Back to the original question. It seems that the person suspects the breaches occurred on the home system (computer, network, WiFi, etc.). Change your passwords, especially on your router and WiFi. If you suspect your system then don’t use all your cards for shopping until you can narrow down what’s happening – that is, experiment. Use only one card and wait to see if that gets hacked and don’t use the others. Use another card on a trusted friend’s computer and see if that gets hacked. Are all your cards from the same bank? If so, that should be of concern. Also make sure you’re not getting on some phishing sites. As for malware scanners, those cannot really help prevent this type of credit card theft.
————————————–
Leo, any updates to fixing the Reply button?
No updates. It’s a VERY VERY VERY frustrating problem.
I had this happen to me several years ago. I got a call from the security people at my card issuer (Chase bank) asking me if I had charged $50.00 worth of food at a McDonald’s on the opposite side of the state I live in, or a gas grill at a Home Depot in the same area. I had not. They locked the card and sent me another one. It seems scammers can get the materials online to make a fake card with any number on it they want. They must have guessed mine because I still had it in my possession.
More often than not the card info was stolen, not guessed. Could be a skimmer installed at somewhere you used the card, could be less-than-ideal security at an online store you used your card, or it could even be malware on your machine capturing the card number as you type. Many options other than guessing.