Advertiser Disclosure

How Your Credit Card Numbers Are Stolen

April 22, 2015
Credit Card Basics, Credit Cards
How Your Credit Card Numbers Are Stolen
At NerdWallet, we strive to help you make financial decisions with confidence. To do this, many or all of the products featured here are from our partners. However, this doesn’t influence our evaluations. Our opinions are our own.

Credit card fraud can happen to anyone, but there are things you can do to lessen your risks of becoming a victim. Here’s what you need to know about some of the most common credit card scams and how to deal with them — plus some quick tips to keep your card information secure.

Skimming: Taking the information right off of your card

What skimming is and how it works: Skimming is when a thief uses a small electronic device to copy and store your credit card information. Skimmed information can be used to produce a counterfeit card — for instance, it may be loaded onto a prepaid card.

Skimming happens a few different ways. It could occur when your credit card is removed from your possession, like at restaurants when you hand over your card to pay your check. It may also happen via a skimmer attached to a third-party card reader, like those on pumps at the gas station or on ATMs.

How to avoid getting your credit card skimmed: Use an EMV card instead of a traditional magstripe card. With EMV technology, your card’s information changes after every transaction, so it can’t be skimmed and used later. Make sure to use your EMV card by inserting it into the payment terminal, following the prompts and removing the card once the receipt starts printing. If you swipe it normally, it will process as a magstripe transaction with static data.

Phishing: Asking you for personal information

What phishing is and how it works: Phishing is a scam to get personal information — like Social Security numbers, account numbers or card numbers — from consumers. It can occur via email, phone, text or snail mail.

Phishers gain your trust by using familiar logos and company names to represent themselves, or scaring you into believing that your personal information is already compromised, and that you need to provide information immediately for damage control.

How to avoid a phishing scam: According to Visa, you should be wary of emails, mail, calls or texts requesting personal information, regardless of the source. Don’t provide any of your information until you’ve called your issuer — you can find the phone number on the back of your credit card — and verified the validity of the request for yourself.

Spyware: Grabbing data from your (or a merchant’s) computer

What spyware is and how it works: Spyware is software designed to collect your information without your knowledge or consent. It can collect personal data like credit card and banking information, as well as user logins from the computers it’s installed on.

A large scale example of this is the Target breach in 2013. Hackers stole login information and hacked into Target’s system to install spyware, which allowed them to obtain credit and debit information on approximately 40 million cards.

How to avoid a spyware attack: To avoid a spyware attack on your personal computer, Microsoft recommends that you download anti-virus software and read disclosures before downloading anything off the Web. Avoid downloading anything from sites you don’t know and trust, don’t click on suspicious-looking links, and close out of windows instead of clicking “Agree” or “OK” on pop-ups.

» MORE: How to Dispute Fraudulent Credit Card Charges

Quick tips for keeping your credit card information secure

There are plenty of things you can do to lower your risk of credit card fraud:

Shred your documents and/or opt for paperless billing. Thieves may go through your trash and piece together your identity with personal information. To combat this, instead of just tossing your financial- and medical-related mail, shred it first. Also, when possible, opt for email communications instead of snail mail.

EMV is the way to be. Although many merchants don’t offer EMV-capable payment terminals, they will be incentivized to implement these later in 2015. Use your chip card for card-present transactions when given the option.

Be a skeptic. Whether you call it cautious optimism, realism or straight-up skepticism, you should be cognizant that scams exist and you could be the victim. Avoid giving personal information to unknown or distrusted sources, clicking on suspicious links and downloading software from sites you haven’t had positive experiences with in the past.

Relax. If your card information is stolen, keep your perspective. Dealing with credit card fraud is frustrating, but fraudulent transactions won’t cost you more than $50 total, and that’s only if your card is out of your possession and you don’t report it missing right away. If you have your card when fraudulent transactions go through, you won’t be liable for any of the charges.

Erin El Issa is a staff writer covering personal finance for NerdWallet. Follow her on Twitter @Erin_Lindsay17 and on Google+.

Image via iStock.