Sometimes it certainly seems like we can’t, doesn’t it?
It also seems that for every barrier we put in place to protect our credit card use, hackers find new ways to run off with our card information.
Let’s look at some of the ways credit cards can be compromised and ways you can protect yourself.
Become a Patron of Ask Leo! and go ad-free!
I’ve had my credit card compromised too
It can be very frustrating.
Once I had both my cards compromised, for different reasons, while I was travelling – to Las Vegas, no less. I was afraid I’d have to do dishes to pay for my room, but my credit card company overnighted me a new card in time for check-out.
One of my cards was compromised by what I suspect was a service into whom I had simply placed too much trust. The other? I have no idea.
So let’s look at some of the ways it can happen.
Check for malware
To answer your very first question, could your anti-malware tool be missing something?
What I suggest you do is get yourself another anti-malware tool, perhaps a couple, and periodically run additional complete scans of your system. (What Security Software do you Recommend? has some recommendations.) One specific tool I recommend often is the free version of Malwarebytes Anti-malware, which has a reputation for catching a lot of things that many other tools do not.
Make sure that all of your anti-malware software is up-to-date, running the most recent versions, and running its most recent database. Remember, the version of the software may change every year or six months or so, but the database it uses will change daily, if not multiple times per day.
Always make sure you’re running the latest version of both the software and its malware database.
Check the network
Make sure that other machines on your network aren’t compromised.
If you have more than one machine at home, and they are connected to a single router, then by definition you have a local network. Make sure that all the other machines on that network are free of malware.
It’s possible that malware on a machine could be “sniffing”, or watching the traffic on your network. Usually, that’s not the case, but given the number of times that things have gone wrong for you, that’s something else that quickly comes to mind.
When you’re not able to trust another machine on your network, it’s very much like using an open Wi-Fi hotspot. That other machine could be doing all sorts of interesting things that could compromise your security. It’s important that all of the machines connected to your router are secure and free of malware. Make sure you’re up-to-date and running appropriate scans on all of them.
We’re often quick to blame our computers (or the internet) when we experience credit card fraud.
Frequently, the issues are much more low-tech.
For example, have you ever annoyed the wait staff at a restaurant? Well, annoyed or not, when you give them your credit card, it’s out of your eyesight while they process it!1 There definitely have been stories of clerks who take your credit card and clone or otherwise compromise it while it’s in their possession and out of your view.
The less obvious, slightly higher-tech case is hardware that’s actually installed on card readers.
Every once in a while you’ll hear about bank machines or gas station pumps that have had what’s called a “skimmer” installed in front of the card slot. It looks like a regular card slot, and unless you know what you were looking for2, you wouldn’t know that there was something else reading your card in addition to the pump or the cash machine. The hackers let the skimmers collect card data for a while, and then come back and remove it, walking away with the credit card information for everyone who used the machine while the skimmer was active.
That’s one way card information can be stolen without the card ever having left your hands.
To be honest, by far most of the card theft that I am aware of, like most of the scenarios that you describe, are things that are typically completely out of our control.
What happens is that large databases of credit card and other information are stolen. It’s not somebody targeting you or me, going after cards one at a time – it’s someone targeting the computers at your bank, or the grocery store where you use the card.
Those are the kinds of things that you and I don’t really have a lot of control over.
Fortunately, in addition to being rare (that’s why it makes the news, after all), most credit card companies cover your losses as long as the loss isn’t due to your personal actions. Unless you’re hacking in and stealing large databases of information, you’re very likely covered.
But it is an inconvenience, no doubt about it. My Las Vegas experience was nerve-wracking enough, but to have cards compromised three times in a row, and that quickly, would be maddening.
I would most definitely look closely into both your local network and computer security, and keep a very close eye on where the card is being used.
If you are compromised a fourth time, I’d want more information to help find the cause.