How Your Credit Card Numbers Are Stolen

Skimmers and scammers can obtain credit card data in multiple ways. Learn how keep their hands off of yours.

Erin El IssaApril 22, 2015
How Your Credit Card Numbers Are Stolen

Many or all of the products featured here are from our partners who compensate us. This may influence which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own.

Credit card fraud can happen to anyone, even people who don't have credit cards (they can have fraudulent accounts opened in their name). But there are things you can do to lessen your risk. Here’s what cardholders need to know about some of the most common methods of stealing credit card information, plus some quick tips to keep your card information secure.

Skimming: Taking info right off of your card

What skimming is and how it works: Skimming is when a thief uses an electronic device to copy and store your credit card information. Skimmed information can be used to produce a counterfeit card.

Skimming happens a few different ways. It could occur when your credit card is removed from your possession, like at restaurants when you hand over your card to pay your check. It can also occur by way of a skimmer attached to a card reader, like those on gas pumps or on ATMs.

How to avoid getting your credit card skimmed: Use the EMV chip on your card instead of the magnetic stripe. With EMV technology, your card’s information changes with every transaction, so it can’t be skimmed and used later. Make sure to use your EMV card by inserting it into the payment terminal, following the prompts and then removing it when instructed. If you "swipe" it through the reader, your transaction processes with static data and you don't get the benefits of EMV.

Nerd tip: Although EMV chip readers are everywhere, some merchants still use technology that requires you to swipe your card. Other times, the chip reader may be malfunctioning, so you have to swipe. In such cases, you may have no choice, but check the card reader for suspicious attachments that might facilitate skimming. Some credit card skimmers fit right over the card slot on ATMs.

Phishing: Asking you for personal information

What phishing is and how it works: Phishing is a scam used to get personal information — like Social Security numbers, account numbers or card numbers — from consumers. It can occur via email, phone, text or snail mail.

Phishers gain your trust by using familiar logos and company names to represent themselves, or scaring you into believing that your personal information is already compromised, and that you need to provide information immediately for damage control.

How to avoid a phishing scam: Be wary of emails, mail, calls or texts requesting personal information, regardless of the source. Don't provide any of your information until you’ve called your issuer — you can find the phone number on the back of your credit card — and verified the validity of the request for yourself. Don't click links that come to you via email with a request to "verify your account information." Log into your account separately to see if there's a legitimate request pending.

Spyware: Grabbing data from your computer (or a merchant's)

What spyware is and how it works: Spyware is software designed to collect your information without your knowledge or consent. It can collect personal data like credit card and banking information, as well as user logins from the computers it's installed on.

A large scale example of this is the Target breach in 2013. Hackers stole login information and hacked into Target’s system to install spyware, which allowed them to obtain credit and debit information on approximately 40 million cards.

How to avoid a spyware attack: To avoid a spyware attack on your personal computer, download anti-virus software and read disclosures before downloading anything off the Web. Avoid downloading anything from sites you don’t know and trust, don’t click on suspicious-looking links, and close out of windows instead of clicking “Agree” or “OK” on pop-ups.

Quick tips for keeping card information secure

There are plenty of things you can do to lower your risk of credit card fraud:

Shred your documents and/or opt for paperless billing. Thieves may go through your trash and piece together your identity with personal information. To combat this, instead of just tossing your financial- and medical-related mail, shred it first. Also, when possible, opt for email communications instead of snail mail.

Be a skeptic. Whether you call it cautious optimism, realism or straight-up skepticism, you should be cognizant that scams exist and you could be the victim. Avoid giving personal information to unknown or distrusted sources, clicking on suspicious links and downloading software from sites you haven’t had positive experiences with in the past.

Relax. If your card information is stolen, keep your perspective. Dealing with credit card fraud is frustrating, but fraudulent transactions won’t cost you more than $50 total, and that’s only if your card is out of your possession and you don’t report it missing right away. If you have your card when fraudulent transactions go through, you won’t be liable for any of the charges.

We want to hear from you and encourage a lively discussion among our users. Please help us keep our site clean and safe by following our posting guidelines, and avoid disclosing personal or sensitive information such as bank account or phone numbers. Any comments posted under NerdWallet’s official account are not reviewed or endorsed by representatives of financial institutions affiliated with the reviewed products, unless explicitly stated otherwise.