Credit cards have undoubtedly made shopping more convenient, both in the real world and digitally, but having your card or card details stolen is decidedly inconvenient. As the threats become increasingly sophisticated, so do the defences, yet cardholder vigilance remains key.
How are credit card details stolen?
Before the advent of digital technology, a would-be fraudster would need to physically steal the card or the card details. However, the explosion in online retail has brought a corresponding increase in theft, which has come on top of myriad scams you need to be fully aware of as a credit cardholder.
There are plenty of ways for would-be thieves to steal your debit or credit card details, some of which many of us will have already fallen victim to. These include:
- Phishing emails
- Malware attacks
- Major data breaches
- Public Wi-Fi
- ATM skimming
- Statements stolen from bins
- Traditional theft
- Friendly or familial theft.
Phishing is where would-be thieves send out a fraudulent email or SMS pretending to be from a large and well-known organisation. After you reply, they can steal logins, passwords and credit card details. These emails, which used to be full of dreadful spelling and grammar errors, are becoming increasingly sophisticated and can be extremely damaging, resulting in identity theft in worst-case scenarios. ‘Spear-phishing’ is when these emails are highly targeted towards the recipient.
Phishing may also take the form of a malware attack. Malware is malicious software that comes as an attachment that can then steal data from your devices, such as passwords, bank account details and credit and debit card information.
Formjacking targets frequently used websites by injecting malicious software into website forms. When you fill out the form, hackers access the information entered, including banking and credit card details.
Major data breaches
Major data breaches have become increasingly common globally and in Australia, and you or someone you know may already have been swept up in one. A recent major incident revealed that over six million stolen payment cards have been used on the dark web. More than 65,000 compromised credit, debit and ATM cards belonged to Australians. Data breaches in Australia are on the rise, too, particularly in the financial and healthcare industries. The federal government is revising its cybersecurity frameworks and policies to deter large-scale threats to individuals and the government.
Internet cafes, airports, shopping malls and cafes are notoriously unsafe places to conduct banking or card transactions because hackers can exploit the weaknesses in public Wi-Fi networks. They will then deploy what’s known as a ‘man in the middle’ (MITM) attack that intercepts your connection and harvests any data you share, including your credit card details.
Skimming, as the name suggests, involves a thief using a device to skim details from a card’s magnetic stripe when used at an ATM or a retail terminal. It can also occur when someone merely walks past or bumps into a cardholder. Once skimmed, thieves can use those details to create a counterfeit card or for digital fraud. Chip technology is slowly replacing magnetic stripes, which is going some way to protect against skimming theft.
Statements stolen from bin
How down and dirty will a thief go to steal your card details? Well, into the garbage if need be. If you throw your statements or old cards into the recycling, they’re there for the plundering by someone with ill intentions, so you should always cut up your expired cards thoroughly and tear your statements into scrap paper. If you plan to cancel a credit card, ensure you know how to do it correctly.
We may be living in the digital age, but traditional theft still occurs, and everyone understands the inconvenience of having a wallet or a purse stolen. One way to overcome this threat is to leave your physical card at home and transfer the information into a digital wallet. That virtual credit card can perform the same functions as your physical card at an in-person retail point-of-sale. This strategy is particularly effective when travelling, where the risk of a stolen credit card could be much higher. A prepaid travel money card is also a worthy alternative to consider.
Friendly or familial theft
You would hope this is one of the rarer forms of credit card theft, but people close to you can easily obtain your information if they really want to. In a worst-case scenario, a family member with the right information could even open a credit card in your name. So, be careful where you store your financial details and who you share them with.
What can someone do with a stolen credit card?
Once a thief has your card details, they can use them for:
- ATM withdrawal. Card networks and providers have become far more savvy security-wise over the past few years and have a range of state-of-the-art fraud detection and prevention measures at their disposal. However, nothing is stopping a thief from using your card to withdraw money from an ATM before the fraud is detected, provided they have your PIN.
- Buying gift cards. A cyber thief can use stolen credit card information to purchase gift cards from online retailers and easily sell them on sites like eBay. Buying these cards is relatively uncomplicated, as is reselling them, often referred to as a secondary-market scam, which is why many cyber criminals favour them.
- Shopping. Thieves use stolen and lost credit cards for retail shopping online and in the physical world. They can do this until the bank recognises the fraudulent activity and places a block on the card. Retailers have a range of detection mechanisms for unusual activity, but this won’t stop some theft from occurring. This is especially true online, where the card number and the CVV are usually sufficient to purchase.
- Selling the information. Personal data is valuable information. Card thieves may opt to sell your card details to someone else, possibly in an organised crime organisation, who can then use it to buy things they can quickly sell without providing identification. A single credit card number may not be worth much by itself, but a criminal who gets hold of hundreds or thousands of numbers in a major data breach can potentially sell the information in bulk for a lot of money.
What to do if your credit card is stolen
If you think your card was stolen, ask your provider to lock or block the card so it’s immediately disabled. An inactive card can be inconvenient, especially if you’re using a debit card and you rely on it for your everyday banking. Still, it’s better than keeping a compromised account open. If you’re lucky, your provider or the card network may have already recognised the fraud and put a block on it for you, but you can’t be sure this will occur.
You’ll also want to change your password information wherever possible and check your statements so you can raise any dubious activity with your provider down the track.
Additionally, you should constantly monitor your future credit card accounts and transactions. Regularly update your passwords to minimise the risk of further theft.
Cardholders, thankfully, have several tools at their disposal to alert them to the possibility of card theft. These include push notifications or SMS alerts every time a transaction occurs on the card.